19.11.19

Disney+ accounts hacked – How to protect yourself



As users are losing access to their accounts by the dozens, we offer a few tips to help keep your streaming subscriptions safe

The long-awaited streaming service Disney+ was launched to the cheers of many. But it wasn’t without technical issues; in addition, within hours of the service going online many users were reporting that their accounts had been hijacked, writes ZDNet. The hacked accounts then started to appear on the dark web and were up for grabs for prices ranging from US$3-11, or even for free. To be sure, this account hijacking spree is not an isolated incident, and other popular streaming services have been battling such incidents for years.

Nevertheless, there are a few easy steps you can take to lower the chances of having to go through a similar ordeal in the future. The following advice should apply to a majority of widely used streaming services.

Fix your passwords
As basic as this recommendation may sound, a strong and unique password or passphrase can make a world of difference. Importantly, you should never recycle your password across various services or even use any variation of the same password or passphrase, as that can be easily guessed, too. Also, you may want to consider using a password manager to generate and store your passwords, which will require you to remember just one master password.

Another good precaution is to use a service such as Have I Been Pwned to check if any of your credentials may have been compromised in a past data breach. You can also sign up for notifications in case your login details show up in future breaches. Both Chrome and Firefox offer their own versions of password checkups.
Generally speaking, two-factor authentication (2FA) is an efficient way of bolstering your account security but, sadly, as of the time of writing many streaming services don’t offer this option.

Something smells phishy
Password-guessing isn’t the only technique that criminals leverage to hijack accounts. Bad actors often resort to social engineering and impersonate official channels of communication to hoodwink you into surrendering your personal data. Indeed, it may be safe to say that everyone from politicians to regular people has received a phishing email.

Although email service providers have ramped up their security measures and try to catch as many attempts as possible before they reach their targets, some wriggle through their nets from time to time. In these cases, you must rely on your wits – especially as many phishing attacks are no longer riddled with grammar mistakes and may overall look believable.

As a rule of thumb, you should never open any attachment or click on any link unless you are 100% sure that the message is authentic. If needed, contact the sender through other verified channels to make sure that they sent it. You can check out our earlier article that deals with phishing attacks in greater detail.

Prevent
Having healthy cybersecurity habits, taking a common-sense approach and using a reputable security solution will generally go a long way towards keeping you safe in the digital realm. In the words of Benjamin Franklin “An ounce of prevention is worth a pound of cure” – and that applies a thousand-fold for cybersecurity.