There has been many reports that Disney+ has been hacked due to many users having their account information shared on the dark web.
Disney has addressed these concerns by providing the following comment to Deadline.
Some Disney+ users are reporting on Social Media that their accounts are showing unauthorized user profiles. These users are sharing that when they have logged into their accounts, they are seeing strange names and additional profiles that have been created and added to their account.
Disney+ accounts may have been hacked as a result of spam email messages tricking users to provide their login info, allowing hackers to sell this information. Other techniques by hackers include trying hacked usernames and passwords from other steaming services and seeing if they work on Disney+.
Hackers are sending emails to Disney+ customers stating that they’re account is locked until they enter a credit card or their login information. Once customers have done this, their information is stolen. ￼
Currently, you can find Disney+ accounts as low as $5 per year on hacking forums.
While this isn’t Disney’s fault directly, they can absolutely do better. Disney should have an option to enable, an industry standard, two factor authentication for all Disney+ accounts. It would also be very useful if Disney would allow us to see which devices are using Disney+ with an option to force all users out.
This is a reminder that you should always be using a unique password for every website you sign up with. Check that emails are actually from Disney and not somebody pretending to be Disney.￼￼