With an estimated 10 million sign-ups during its debut last week and positive reviews for its marquee original Star Wars series The Mandalorian, Disney’s new Disney+ streaming service has been a resounding success. But making such a high-profile splash is apparently coming at a price. According to CNBC, thousands of consumer accounts are being hijacked and their login information is being shared illicitly online.
The report, published by ZDNet, alleges that hackers were able to breach usernames and passwords for the service within hours of launch and began distributing them for free or for a fee of $3 to $11—the economy of the black market making a one-time purchase cheaper than paying the standard $6.99 monthly for access to the Disney+ library.
The idea wasn’t to co-opt the accounts but to seize them entirely, using the login to change the email and password associated with the account and locking the consumer out.
A spokesperson for Disney told CNBC that they weren’t aware of any security breach. It’s possible that accounts from unrelated sites were compromised and hackers were able to cull from a database of existing passwords to see if consumers used them for their Disney+ account.
The best way to secure your account for Disney+ or any other service requiring a log-in is to use a unique password for each and avoid obvious parallels to the content. If you’re using “mickeymouse” as part of your login, don’t be shocked if you find yourself locked out of your account one day. Ideally, experts say, the service will eventually incorporate a multi-factor authentication process to make compromising logins—and watching Freaky Friday for free—more difficult.