Disney+ has only been available for a couple of weeks, but users have already had their accounts and passwords leaked on the dark web.
The new streaming service proved to be hugely popular when it was launched on November 12, with Disney+ racking up more than 10 million customers in its first 24 hours.
The platform costs $7 a month or $70 a year for subscribers, but it seems some users have ended up paying for other people as their login information has already been stolen.
News site ZDNet conducted an investigation into hacking forums that have started sharing account details, and found some logins are being shared for free while others are being sold for prices ranging from $3 to $11.
Disney+ was reportedly bogged down with technical issues following its launch earlier this month, so while some users were praising the wide variety of content and settling down to watch their favourite Disney films, others were reporting problems.
Some users were unable to stream movies and shows, while others complained about losing access to their accounts.
The investigating publication found users reported hackers were accessing their accounts before logging them out of all devices and changing the account’s email address and password.
As a result, the account is completely taken over, leaving the previous owner locked out.
ZDen spoke to affected users and found it didn’t matter whether customers had reused old passwords or come up with new ones – hackers were still able to get through the login stage.
This suggests hackers may have gained access to accounts by using email addresses and passwords leaked at other sites, or they stole information from customers who had been bugged with keylogging or information-stealing malware.
Disney has said there’s no indication of a security breach compromising passwords, CBS reports, though a number of Twitter users have been sharing complaints about the issue.
One person commented:
Not even been half of a week and my dad’s Disney+ account has ALREADY been hacked. Great security there @disneyplus @Disney. Unbelievable.
Another user tweeted:
Be careful @disneyplus users. Our account was hacked. Email and password changed. No notification from Disney+ at all. Awesome. Thanks. Now we’re waiting to talk to them and hold time is over an hour.
Disney added it takes the privacy and security of users’ data seriously, though it’s not clear whether it will make changes to the security of the streaming service to help prevent hackers.