Disney said on Tuesday that its newwas secure, denying there was a breach after a report that some users were excluded after hackers tried to break into their accounts.
News The ZDNet site found stolen usernames and passwords for accounts that sell for $ 3 in underground hacking forums. Disney's Disney + streaming service costs $ 7 a month or $ 70 a year. According to a person familiar with the leak, "tens of thousands" of users were affected.
Disney + comes as Disney and other traditional media companies try to take customers away from Netflix and other streaming providers. Disney hopes to attract millions of subscribers with its mix of Marvel and Star Wars movies and shows, classic cartoons and new series.
Backed by promotions, including a free year for some Verizon customers, Disney + attracted 10 million subscribers. The popularity led to in working hours, but these problems were largely resolved.
Disney says there are no signs of security breaches compromising passwords. It says it takes the privacy and security of user data seriously. Disney + did not say how many subscribers had security issues.
The hackers may have used malware or keylogger software that records keystrokes to gain access to weak passwords. It also appears that some email and password combinations have been reused by Disney + subscribers after being stolen from other online services.
Paul Rohmeyer, a professor at Stevens Institute of Technology in Hoboken, NJ, said he was surprised that streaming services had not yet implemented, good security such as multifactor authentication, where users need to enter code sent as a text message or email when logging in from a new device. The code helps to ensure that people who use stolen passwords or know them cannot use the service without access to the legitimate user's phone or email account.
Rohmeyer stated that services may hesitate to introduce stricter security because they do not want to be viewed as more inconvenient than competitors.
Multi-factor authentication is an option for many non-streaming services, including Google, Facebook and Apple, but additional security must be included. Disney + requires codes sent via email when changing account passwords, but does not use codes to sign in from new devices.
CNET senior producer Dan Patterson contributed to this report.