Hacked Disney+ Accounts For Sale, Disney Denies Data Breach

Despite the tech news website ZDNET finding Disney+ stolen subscriber accounts for sale on the “dark web” for as low as 2 and 3 dollars, Disney stands firm in denying there was any major data breach of the streaming service.

The subscription service hit over 10 million subscribers within the first day of launch on November 12th, exceeding all analyst expectations and caused some delays and outages for many people trying to watch. Some even went so far as to stay home on launch day. Users have complained that customer service has been next to impossible to reach to resolve their issues, with some waiting over an hour on the phone, and now the company is trying to do damage control amid rampant accusations of a data breach.

According to USA Today, Disney has stated these incidents being reported by subscribers being posted on social media are “most likely” happening “as a result of unauthorized individual re-using a customer’s email/password combination gathered during previous security incidents.” They also said if the system picks up any suspicious activity on any account, “We will lock their account and request a password reset,” strictly as a precaution. Not much of a comfort to the compromised account holders, and many are asking why there wasn’t a multi-step authentication for login to begin with.

The only consensus on why a better authentication process wasn’t used from the start is that experts seem to agree Disney didn’t want to seem any less convenient than their competitors. In our opinion having the service be a little less convenient to login is better than being taken by surprise and completely locked out with no access to support. Basically, we’d rather spend mere seconds to complete 2 steps up front, as opposed to a whole bunch of steps and lost HOURS when a hacker attempts access.

The secondary issue to this “reactive over proactive” password reset protocol is that the login data is the same for other Walt Disney Company systems, including DVC (Disney Vacation Club), and MyDisneyExperience (the app that includes features for park-goers like storing their tickets, and has the ability to plan with FastPasses and dining reservations). If you’ve registered for them with the same email and get locked out Disney+ due to unauthorized access attempts, the password change prompt will force change your login details across the board, causing a domino effect of frustration for account holders who just want to watch the newest episode of “The Mandalorian,” blockbusters like “Avatar” or “Avengers: Endgame,” the live-action “Lady and the Tramp,” or any of the other 600+ titles on the streaming service.

Since Disney is denying a mass data breach has occurred in the first place, there are no numbers for how many customers have been affected at this point.

Have you been locked out of your account? Have you been able to reach customer service? Were your issues resolved, and what were you told about the cause? Tell us in the comments and join Just Disney over on social media.