According to numerous reports, a number of hacked Disney+ accounts have been popping up over the web lately. And those breaking into your account aren’t taking advantage of some crazy vulnerability in the streaming service. They’re either phishing your account data or, worse, logging in as you by using credentials that have already been exposed in another password breach elsewhere.
In other words, if you’re using the same password for Disney+ that you use for other services, and one of those is hacked, you’ve just put your entire Disney account in jeopardy”Disney parks, streaming services, and all.
https://twitter.com/a/status/1194345388741779456
@disneyplus HUGE security issue- all Disney accounts are linked together so they have the same password. This means a hack on one is a hack on all. Spending the morning on the phone with Disney Vacation Club. Got access back to DVC and https://t.co/v9x89JdYtW but not Disney+ 🙁
— Alicia (@aliciasaurus3) November 17, 2019
It’s a bit strange that Disney has allowed its fans to link all of their services together like this, although it makes sense from a technical standpoint. It’s not like you have a separate password for Google Play, Google Drive, and your Gmail, after all. What doesn’t make any sense at all is why Disney has no means for letting a person add extra security to their accounts via two-factor authentication.
At least, if I’m planning a trip, making purchases, and watching movies online, I’d like to be able to prevent unauthorised access to my single and only account by forcing would-be attackers to enter a special code that requires physical access to my phone to obtain. That’s hardly Mickey Mouse-level magic; it’s just good account security.
In the meantime, if you’ve already signed up for Disney+, I recommend changing your password to something you don’t use anywhere else and using one of the many amazing password managers available today to keep track of that (and all the other unique passwords you use). That way, it should be pretty difficult for another person to learn of your password unless they sucker you into typing into a website or service that is not actually Disney+.
[referenced url=”https://staging.lifehacker.com.au/2016/09/five-best-password-managers-2/” thumb=”https://i.kinja-img.com/gawker-media/image/upload/t_ku-large/jxpqcfnvnijgaqbrmnh6.jpg” title=”Five Best Password Managers” excerpt=”There was a time when all it took to be a great password manager was to keep your passwords in an encrypted vault. Now the best password managers give you the option to sync or keep passwords local-only, change web passwords with a click, and log in to sites for you automatically. This week, we’re looking at five of the best options.”]
You should also be able to sign up for Disney+ using a variant of your real email address, like yourrealaddress+disney@gmail.com), which will keep it from being tied to your other Disney services, but this measure seems a bit extreme. You never know what Disney might unveil at some future point that could give you some kind of benefit for tying all of your Disney services under a single account. (I’m just speculating.)
Give yourself a unique password, hope Disney gets its act together regarding two-factor authentication, and that should be all you need to do to to stay safe with Disney+ (for now).
[referenced url=”https://staging.lifehacker.com.au/2019/11/disney-plus-reasons-to-subscribe/” thumb=”https://staging.lifehacker.com.au/wp-content/uploads/sites/4/2019/11/Disney-Plus-410×231.jpg” title=”Disney Plus: 10 Things We Love (And Two Things We Hate)” excerpt=”Believe the hype – Disney Plus is a bona fide Netflix killer. Boasting thousands of individual titles (much more than expected), premium features at entry-level pricing and some the world’s most popular IP, it is set to shake up the local streaming market in a big way. We’ve been playing around with the platform since yesterday and so far we’re mightily impressed. Here are ten things we love about the service (and a couple of things we don’t.)”]
Comments