Disney+ has been making headlines for days since its launch on November 12, quickly asserting its dominance in the TV streaming services realm as a notable player.
But, Better Business Bureau Northwest + Pacific knows that, where there are popular online product launches, scammers and hackers are sure to be lurking in the background. Consumers learned this in no time when scores of customers reported their Disney+ accounts had been hacked just days after the rollout.
Hackers commandeered user accounts, locking out owners, changing their credentials and, in most cases, started hawking those accounts for $3-11 apiece. Though Disney claims they take user security very seriously and that there is no indication of a breach, the number of customers locked out of their accounts is hard to ignore.
Experts in cyber security say this should come as no surprise – cybercriminals are aware of what’s new and what’s trendy. The issue should serve as reminder to all consumers that it is critical to set up strong passwords.
What’s not a strong password? Well, there’s a few to absolutely avoid.
A recent survey from UK’s National Cyber Security Centre found that “123456” is the internet’s most common and most vulnerable password. Some users tried a little harder, using “123456789,” but that’s not strong either – in fact, it’s used by 7.7 million accounts. Then of course there’s “password,” which 3 million people use.
This underlines the importance of creating unique, complex passwords for each of your accounts – even differentiating passwords between popular streaming services such as Netflix, Hulu and HBO.
Disney asserts that users’ accounts were compromised because many customers use the same email and login credentials across accounts, which were likely stolen in previous security breaches from other websites or at other companies. This is what hackers deem “credential stuffing.”
And, like most streaming services, Disney+ allows for password sharing. This means an account can be accessed from different devices in different locations, even at the same time. While this is a well-liked, convenient feature for friends and families, it could be exacerbating the problem.
Still, many Disney+ users reported being locked out despite the fact they’d set up unique passwords. To prevent this from happening to you, follow these BBB NW+P cybersecurity tips to stay secure:
- Change your passwords. Have a go-to password? Might be time to change it. With so many data breaches and hacks recently, go through each of your platforms to make sure you’re safe. It’s good practice to update passwords regularly.
- Use two-factor authentication. It may take an extra few seconds but adding this security measure could be the barrier between you and a hacker. Many services and platforms have an option for this, however Disney+ does not yet offer it.
- Use tools from Chrome. The Google product has a feature called Password Checkup which automatically checks all the saved passwords on your device and will send you alerts if your passwords have been exposed or compromised.