The streaming service Disney + earned only last week but has already become the focus of scammers.
Although the launch of the service was overshadowed by major technical problems, and while Disney + works only in the United States, Canada, and the Netherlands, it has collected more than 10 million subscribers in the first day alone. Journalists from ZDNet found out that user accounts are already sold on the darknet at a price of $ 3 to $ 11 apiece, and sometimes even free.
Journalists write that for technical problems, few notice complaints from users on social networks who complain that they have lost control of their account. Victims say that hackers logged out of their accounts on all devices, and then changed their email address and password, effectively taking control and blocking the previous owner.
And although some victims admitted to reporters that they reused passwords, others said they did not and used unique credentials. This indicates that the attackers “steal” Disney + accounts not only with credentials leaked from other sites, but also with the help of keyloggers and other malware, which apparently infected the victims’ devices.
In addition, some hacker forums have also published free Disney + credential lists for account sharing, as the service allows this. User names and credentials in these cases are available in cleartext. Having contacted some of the defendants in these lists, the journalists found out that the credentials really belong to them and are still active.