Disney+ faces challenges looking for a fairy tale ending

Back to Article
Back to Article

Disney+ faces challenges looking for a fairy tale ending

Image courtesy of Disney

Image courtesy of Disney

Image courtesy of Disney

David Heilman, North Campus Staff

Hang on for a minute...we're trying to find some more stories you might like.

Email This Story

Disney released their new streaming service on Nov. 12. Since then, the program has produced a series of problems for Disney, including customers having their accounts hacked and an overcrowding of servers.

According to an investigation by ZDNet, accounts were appearing on hacking forums available for sale within the first week of release. Some accounts, going for as little as $3, were up for sale within only a few hours of launch.

According to complaints, hackers were able to obtain their password and log into the account on a foreign device, They would then force log of all devices and change the password, locking the customer from their own account.

Many customers experiencing these problems claim they were on hold with customer support for hours. Those who failed to receive help took to Twitter in an attempt to get the company’s attention. “Can someone explain how my Disney+ account got hacked in under a week. I have a secure password on it, hope it’s not a breach,” Tweeted Nick Kicker (@NickKicker).

Lines for these customers were understandably tied up. Buried under the wave of complaints coming in from thousands of users, Disney failed to anticipate the high volume of users they would receive on release. Many customers signed up for the product expecting entertainment, only to receive error messages for the first few hours. According to Disney and the New York Times, these issues have since been resolved.

As those affected by the server problems subsided, Disney’s priority seemed to shift, and a public statement was made in regard to the hacked accounts. A statement to the Washington Post read as follows:

“Disney takes privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+,”

Disney later stated in an interview with the New York Times that they believe the accounts being stolen came from customers reusing passwords that have been compromised by accounts from other companies.

Many experts are currently in agreement with Disney in this terms of the cause. When asked his opinion, Jonathan Deveaux, head of enterprise protection for Comforte AG, wrote, “If this is the case with the reports of hacked Disney+ accounts, then Disney did not do anything wrong per se, but they could elect to look at increasing their security posture by upgrading their authentication program.”

There continues to be no known evidence that the access hackers have to customers’ passwords are on the side of Disney; however, the finger is being put to Disney that they do not have any added measures of security for the users.

When asked by reporters at the New York Times, Troy Hunt, an Australian Security Investigator wrote in an email, “The Disney situation appears to be yet another credential stuffing attack where hackers exploit a combination of customers reusing passwords and the service provider not providing sufficient defenses to stop it.”

Currently Disney+ accounts only require a single username and password when logging onto a new device and only require a code from an email on the request to change a password. For a service as large as Disney+, more than the basics may be the only way to prevent further account theft.

Many experts are looking for Disney+ to incorporate Multi-factor authentication for logging on to new devices. Multi-factor authentication is a process in which the user enters a code sent to them either by text or email in order to log on to a new device.

Despite these shortcomings Disney Plus has seen a good deal of success. According to the service, the program brought in approximately 10 million subscribers within the first day of release.