Disney+ hack “no shock” says researcher

According to David Emm, Principal Security Researcher of Kaspersky Global Research Analysis Team (GReAT), with the release of Disney’s highly anticipated streaming service, Disney+, it is no shock that hackers have taken an interest in the platform.

So far, Disney + has seen over 10 million global subscribers in the first week of going live. What is also no surprise are the reports that consumers accounts have been taken over by cybercriminals and sold on the black market for a percentage of the original subscription fee, an opportunity frequently taken by hackers across a multitude of streaming services.

Whilst the details of how the criminals were able to hijack the accounts of customers are unclear, we know customers’ reuse of passwords from across websites they subscribe to or the use of malware to steal credentials from compromised PC’s are just a couple of possibilities.

It is worrying, especially when considering how quickly criminals have been able to access personal details, that Disney has not included a two-factor authentication process for people to ensure the safety of their information. Likewise, this is a process that should be used by other organizations to ensure the safety of their customers’ personal information.

The advice to consumers remains the same as it would in any breach situation:

  • Change your account password and any associated passwords using a complex password manager
  • Monitor accounts for any suspicious activity and do not click on any links in emails purporting to be from the firm – instead go to your account online to check for messages
  • Ensure your devices are protected and all software is up-to-date
  • Where available, make use of two-factor authentication processes