Disney+ Credentials Land in Dark Web Hours After Service Launch

  /     /     /  
Publicated : 23/11/2024   Category : security

Disney+ Credentials Land in Dark Web Hours After Service Launch


The credentials, priced from free to $11 per account, appear to be due to victims re-use of logins and passwords.


That didnt take long: stolen user accounts for the new Disney+ streaming service began appearing on Dark Web sites just hours after it went live on November 12.
ZDNet found some credentials for sale in the underground for $3 to $11 per account and others, for free, as attackers took advantage of users who share their accounts. Some victims were locked some out of their accounts entirely.
While no single mechanism for the credential theft has been identified, it seems that some victims re-used credentials from other sites — credentials that had previously been breached and posted on the Dark Web. Disney+ did not offer strong authentication options for its streaming service accounts.
What is missing from the Disney+ security service is multi-factor-authentication, says Jonathan Deveaux, head of enterprise data protection at comforte AG. MFA does not guarantee that only the authorized user is indeed accessing the service, but it does help slow down or reduce the likelihood of bad-actors gaining access with only user ID and password credentials.
Another factor is that some users opted for short or weak passwords for their accounts. If you have ever had to enter a complex password on a streaming app, you can see why someone would want to use something easy, says Lamar Bailey, senior director of security research at Tripwire. 
As of today, Disney+ officials had no comment.
For more, read
here
and
here
.
Check out 
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
How Medical Device Vendors Hold Healthcare Security for Ransom
.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Disney+ Credentials Land in Dark Web Hours After Service Launch