[Heads-Up] Scam Of The Week: Thousands Of Hacked Disney+ Accounts Are Already For Sale On Criminal Sites


Apart from me, guess who has been anticipating the Disney+ channel?

Right. The Bad Guys. I admit I'm a Marvel Universe fan, and could not wait for Disney+ to come out. The first thing I watched were the two episodes of the Mandalorian... promising!

Disney started their video streaming service this week in America, Canada and Holland. They also announced four more Marvel movies for 2020 which all will be available through Disney+. They signed up more than 10 million users in their first 24 hours.

However, there were quite a few "teething" problems and hidden in the flood of tech support tickets was a malicious unexpected problem.

Hackers didn't waste any time and have started hijacking Disney+ user accounts mere hours after the service launched. The speed at which hackers have mobilized to monetize Disney+ accounts is astounding. Accounts were put up for sale on hacking forums within hours after the service's launch.

DisneyPlus-1Many of these accounts are now being offered for free on hacking forums, or available for sale for prices varying from $3 to $11, a ZDNet investigation has discovered. Many users reported that hackers were accessing their accounts, logging them out of all devices, and then changing the account's email and password, effectively taking over the account and locking the previous owner out.

One Main Cause Of Hacked Accounts

Hacked users that were asked if they had re-used existing passwords (sheepishly) admitted that this was indeed the case. Yes, there were also incidents of machines compromised with key-loggers and there probably also have been simply automated attacks using known, hacked popular passwords.

Warn Your Users They Should Not Re-Use Any Passwords, And Especially Not Any Password They Use At The Office

Password re-use is a massive problem. Many of these are already hacked and available for credential-stuffing attacks. It's pretty much like taking candy from a baby at that point. 

I suggest you send the following to your employees, friends and family. Feel free to copy/paste/edit: 

ALERT: Bad guys are stealing brand new Disney+ accounts. They are doing this mostly by trying to get into accounts using known, hacked usernames and passwords. Many people use the same passwords for many or all their websites. This is very dangerous to do, because if one gets hacked, they all are. Remember to never use the same password for your personal sites, but never ever use any password you use in the office for other things on the internet! 

Let's stay safe out there.

Warm regards,

Stu Sjouwerman,

Founder and CEO, KnowBe4, Inc.


PS: Here are 22 more fresh tips to share with your users from our recent National Cyber Security Awareness Month.

Free Password Exposure Test 

Verizon's recent Data Breach Report showed that 81% of hacking-related breaches used either stolen or weak passwords. And, a new survey from Dark Reading shows 44% of organizations say users pose the greatest threat to data security!

PET-imageKnowBe4’s Password Exposure Test (PET) is a complimentary IT security tool that allows you to run an in-depth analysis of your organization’s hidden exposure risk associated with your users. Here's how it works: 

  • Checks to see if any of your organization's email addresses have been part of a data breach
  • Tests against 10 types of weak password related threats associated with user accounts
  • Checks against breached or weak passwords currently in use in your Active Directory
  • Reports on the accounts affected and does not show/report on the actual passwords
  • Just download the install, run it, get results in minutes!

Identify which users may be putting your organization at risk before the bad guys do.

Download Now

Don't like to click on redirected links? Cut & Paste this link in your browser:


Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews