See the source image

Have you signed up for Disney+ yet?  With more than 10 million enrollments in its first day, and a projected 60-90 million subscribers by the year 2024, chances are that you either have or will very soon.  The highly anticipated roll out of Disney+ has been years in the making. However, within hours of the launch, the platform had already been “hacked,” and login credentials were found online.  

Have you signed up for Disney+ yet?  With more than 10 million enrollments in its first day, and a projected 60-90 million subscribers by the year 2024, chances are that you either have or will very soon.  The highly anticipated roll out of Disney+ has been years in the making. However, within hours of the launch, the platform had already been “hacked,” and login credentials were found online.  

How could this happen to a powerhouse like Disney, and how did it happen so fast?  When asked those questions, Disney stated that there had been no breach. Instead, the “hackers” were using a technique called “credential stuffing.” This means that they took previously stolen login credentials from previous breaches and assumed that some of the login credentials would be the same.  With the Facebook breach exposing 50 million user accounts, even a small percentage of matches would yield an endless amount of Disney+ login credentials to be posted.  

We all know what we should do to protect our data.  Don’t use the same password for all your sites. Make your password “strong” and incorporate uppercase letters, numbers, and special symbols.  But let’s be honest: it is common for people to use the same two or three usernames and recycle the same three or four passwords. And while we continue to do this, we need to accept that “credential stuffing” is something that could easily happen to us.  While someone accessing your Disney+ account doesn’t seem life-changing, it is possible they are using the same valid credentials to access other sites or accounts, like your banking or business sites.