Disney+, the on-demand video streaming service, has suffered a recent data breach affecting almost 4,000 user accounts. The breach, which has until now gone unreported, allows anyone to access the compromised users’ accounts. This was first detected by the research team here at VPNBrains on 13th October, 2022, after the user account details were found for sale on the dark web.
What data has been stolen or compromised?
On October 13th, 3,830 Disney+ premium accounts were posted on the dark web site BreachedForums, including emails and passwords. Our research team was able to verify that the account details were genuine.
In addition to the emails and passwords of premium accounts, each user record also contains the country, plan, service provider, and renewal date.
Where is the data being offered for sale?
The most alarming thing about this data breach is anyone can access this data free of charge by joining the relevant forum on the dark web. At time of writing, the file has been downloaded 83 times.
What has Disney+ said about this breach so far?
Disney has remained silent on the subject, with no official statement given so far.
In the past, when account information was leaked, Disney reported there was no security breach that would put user credentials at risk. Like the 2019 leak, it’s likely that this leak was due to users reusing old username and password combinations that were compromised on other sites rather than bad actors hacking into Disney+ servers.
Disney+ does not use two-factor authentication, which puts users at long-term risk for future data leak incidents.
What should Disney+ users do to protect their personal data?
Users should immediately change their Disney+ passwords, as well as any other account that used that password.
In the future, to avoid these dangerous events, users should rely on randomly generated passwords. Additionally, it’s best practice to avoid reusing passwords. Finally, users should update passwords frequently. Not all data breaches are reported, so it’s impossible to know every time you’re at risk.
A password manager is a great tool to keep these passwords straight and up-to-date.
About Disney+
Disney+ is a production company that offers both exclusive and non-exclusive on-demand video to its users, including Disney, Marvel, Pixar, and Nat Geo movies and TV shows. As of Q3 in 2022, it has over 150 million users. Disney+ is owned and operated by the Media and Entertainment Distribution division of The Walt Disney Company
