In the first 24-hours, Disney+ gained 10 million plus subscribers throughout the U.S., Canada, and the Netherlands. However, the platform’s immediate and predictable success came with some not so exciting news with respect to its customers also finding homes on the dark web.
On the first-day alone, Disney+ crashed when users attempted to sign up and login. The company tweeted that it had an “overwhelming response” and apologized.
Following the pattern of any new technology that is unveiled to a mass number of consumers, a very lucrative employment sector is hard at work, hiring and receiving just as much if not more money than what its shelling out—the dark web and black hat hackers.
Upon the immediate launch of Disney+, thousands of customers’ accounts were stolen and then put up for sale on the dark web.
The dark web is a part of the internet (deep underground) that isn’t indexed by search engines, operating as a criminal “hotbed,” for encrypted online content and transactions that are not tracked or traceable (ideally). In order to access and engage in transactions on the dark web, it requires specific software, configurations, and/or authorization to access it—usually through the TOR browser. Many may be familiar with the usage of the dark web back from The Silk Road investigation and Ross Ulbricht.
Initially reported by ZDNet, the ever-flowing number of complaints flooded social media networks including Twitter and Reddit. Even more frustrating is that users were actually getting emails LETTING THEM KNOW their Disney+ account was changed (presumably by the hacker).
When first reported, hacking forums were flooded with Disney+ accounts selling anywhere from $3 (£2.30).per account to $11—which is of course more than the legitimate price a Disney+ account is priced at–$7 (£5.40) per month.
The majority of these compromised accounts are labeled as “FRESH CRACKED,” “PREMIUM/ANNUAL,” and many other variations. Screenshots below indicate the formatting:
For those who immediately signed up for the streaming service on November 12, many experienced a series of technical issues, taking to social media to express their frustrations. Others indicated they were locked out of their accounts and had no idea as to why. And customer support hasn’t been too helpful in addressing these issues.
Thousands of these stolen accounts show what kind of subscription the person signed up with and when it expires. For example, one website’s post included the language:
“Disney+ USA Service launches on 12th November 2019. These accounts will be ones where people have pre-paid for either 2 or 3 ears. Warranty is 2 months, but may last much longer.”
In addition to ZDNet’s investigation, BBC jumped in with the assistance of a cyber-security researcher, finding several hacked customer accounts for sale on the dark web, which at the time of its findings, included over 4,000 customer accounts.
Unfortunately, Disney+ does not have two-factor authentication incorporated into its streaming platform, which surprisingly enough, should have been considered from the beginning, considering the massive (and successful) marketing campaign Disney has been putting on for many months.
Many customers are also concerned that their now compromised accounts will also grant black-hatters access to other products and services Disney provides, such as the Disney store and its recreation parks.
So if you are sharing your account with friends, family, co-workers, or unknowingly a hacker(s), it may be smart to change your account information just for the sake of it.
This news comes at a similarly troubling time for Google as its data collection practices have been heavily scrutinized. Several Fitbit users have expressed their “distrust for Google,” and are getting rid of their devices.
