Disney+ is a new streaming service that offers a lot of content from the Walt Disney Company. If your account is hacked, you could lose all of your data and access to all of your favorite Disney movies and TV shows. Here are some tips to help protect your Disney+ account from being hacked:
- Make sure you have strong passwords. Many people forget their passwords, so it’s important to remember them! A good password for Disney+ is “password” or something similar.
- Use two-factor authentication. Two-factor authentication helps protect your account if someone tries to login without having first used a second factor such as a phone number or email address. This can be done by adding an extra layer of security to your account settings, such as using a different email address for each login, setting up two-factor authentication on multiple devices, or using a secure browser extension like Google Authenticator.
- Keep track of yourDisney+.com passwords and other personal information. If you lose access to your Disney+ account, you may need to reset all of your passwords and personal information in order to regain access. Keep track of where you left off with these passwords in case something happens to you while you’re away from home or if something gets lost in the shuffle at work (like an important document).
- Use an online security service like McAfee or Norton Security for added protection against cybercrime and online threats overall. These services offer features such as malware removal and online privacy protection that can help keep your data safe from unauthorized access and theft
How Are Disney+ Accounts Being Hacked?
Disney told Variety it’s seen “no evidence of a security breach” on its servers and that only a “small percentage” of its over 10 million users have had their login details compromised and leaked.
But, if Disney’s servers haven’t been compromised, how are there thousands of hacked accounts?
Once again, the culprit appears to be password reuse. If you reuse the same password on multiple websites, your login details have probably already leaked from another site. Now, all a “hacker” has to do is take those already compromised login details and try them on other websites.
For example, let’s say you log in with “you@example.com” and the password “SuperSecurePassword” everywhere. Many websites have been breached in the past few years, so “you@example.com / SuperSecurePassword” is probably in one or more databases of leaked credentials. When Disney+ launches, you sign up with your usual email address and password. Hackers try leaked usernames and passwords on Disney+ and other services and gain entry.
We don’t know for sure that this is how those accounts were compromised, but that’s how accounts are generally compromised. Another possible culprit could be key-logging malware that runs in the background on people’s computers and captures their credentials. At any rate, those end-user security problems are the most likely cause—not a breach of Disney’s servers.
Password reuse is a serious problem online. A Google / Harris Poll survey from earlier in 2019 found that 52% of people use the same password for multiple accounts, and 13% reuse the same password everywhere. Only 35% of people polled say they use unique passwords everywhere.
RELATED: How Attackers Actually “Hack Accounts” Online and How to Protect Yourself
How to Protect Your Disney+ Account
Use a unique password for your Disney+ account—and all your other accounts online. It’s difficult (arguably impossible!) to remember so many strong, unique passwords. That’s why we recommend using a password manager. You remember one strong master password to unlock your secure password vault. Your password manager automatically creates strong passwords for your online accounts and fills them in for you.
Change your weak, reused passwords to strong, unique ones. Let a password manager do the work and save your mental energy.
We’re not pushing any particular password manager here. We like 1Password and LastPass. Dashlane has a nice interface. Bitwarden and KeePass are open-source. Your web browser even has a built-in password manager—while we recommend against using those built-in password managers, they’re better than nothing.
You can check whether your password has appeared in any known data breaches with a service like Have I Been Pwned? Password managers like 1Password and LastPass will also check if any passwords you’re using have been breached. Don’t have a false sense of security, though: Even if your password doesn’t appear in this database, it may still have been breached.
The usual online security tips apply, too: Be sure you’re running antimalware software on your Windows PC, keep your software up-to-date, and enable two-factor authentication for sensitive accounts like your email. That two-step security will help protect you even if someone captures your username and password.
RELATED: Why You Should Use a Password Manager, and How to Get Started
Disney Does Look For Suspicious Logins
Disney did also tell Variety that “when we find an attempted suspicious login, we proactively lock the associated user account and direct the user to select a new password.” If Disney is on top of things, those compromised Disney+ account details may not be a good value for criminals—even at just $3.
If you’re locked out, Disney says you should contact its customer service.
What Disney Should Do to Protect Its Users
While Disney+ is likely not at fault for these breaches, there’s definitely more Disney could do. Disney could offer two-step authentication, ensuring you have to provide an additional code—possibly one sent to your phone or generated by an app—before signing in.
Sure, this would protect people who reused passwords everywhere, but those people probably wouldn’t enable it. Two-step authentication is a great option we want to see everywhere, but it’s not a solution for everyone.
Beyond that, Disney could automatically search for leaked username and password combinations and proactively inform DIsney+ users, asking them to change their usernames and passwords. Netflix has done this in the past.
Ultimately, however, Disney+ isn’t alone here. Criminals are selling credentials for Netflix accounts on the dark web, too. Poor password security practices are a risk to many different online accounts. That’s why the tech industry keeps talking about killing passwords.
If you’re worried, sign up for a password manager (such as @LastPass or @1Password), generate a new (random) password, and CHANGE your password.
Also, go to https://t.co/wKe1GnPdqV and check your accounts.
— Justin Duino (@jaduino) November 19, 2019
RELATED: What is a “Dark Web Scan” and Should You Use One?