Disney+ has gotten off to a pretty rocky start. After a launch day plagued by technical failures and subscribers having difficulty trying to access content, the service appears to have stabilized just in time to have a potential cybersecurity issue on its hands. A number of Disney+ users have taken to social media to note issues with their accounts, which some have chalked up to a potential hack.
In many of the complaints, users are claiming that they are unable to access their Disney+ account and believe that hackers may be responsible. Some have claimed that the email address and password associated with their account has been changed, effectively locking them out. That leaves them unable to view any of the content that they are paying $6.99 per month for, and unable to remove the payment method on the account — meaning they may continue to get charged until the account is recovered and restored to the proper owner.
Disney has denied that its streaming service was in any way hacked. In a statement to Fortune, the a spokesperson for the company explained, "Disney takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+." That may well be true, but that doesn't mean that individual accounts aren't being compromised. A report from ZDNet last week claimed that there are already thousands of Disney+ accounts being sold on hacking forums, going for anywhere from $3 to $11. Some of the accounts carry a higher value because many Disney+ subscribers have pre-paid for multiple years of the service.
More likely than a widespread hack of the Disney+ service is something more targeted. It's estimated that more than 10 million people signed up for the streaming platform on the day it launched. Odds are good that some of those people created an account that re-uses a password from another, unrelated account. When a username and password appears in a breach — and there has been no shortage of those in recent years — hackers will often test those credentials on other services to see if they can compromise a user's accounts across different platforms. Some of the victims of these apparent Disney+ account hacks may have be compromised this way. There's also the possibility that the victim's device has been hit with malware or other malicious software that may log keystrokes, recording their login information when they sign in to Disney+. Unless Disney confirms at some point that it suffered a breach that exposed usernames and passwords, it is more likely that people are being targeted on an individual basis. Given the popularity and the newness of Disney+, combined with the already significant technical issues that are likely keeping the team's engineers busy, it's likely that the platform's users are a ripe target for attackers right now.
If you are a Disney+ subscriber, make sure that you aren't using a password that you are also using for another service. You can use a service like Have I Been Pwned? to check if your email address has been exposed in any previous breaches. If it has, you might want to change passwords and consider a tool like a password manager. If your account is compromised, contact Disney+ via the dedicated help center, which claims to offer 24/7 support to customers.