What the Disney+ ‘hack’ should teach you about your own security

In this article:

Disney+ was launched on Nov. 12, and just a week later, security concerns emerged regarding users' accounts. According to an investigation by ZDNet, Disney+ (DIS) users have seen their accounts hijacked, and in some cases, have been completely locked out.

In a response to the controversy, a Disney spokesperson said that it doesn't appear as though there was a security breach made against Disney+. Still, thousands of accounts are for sale online, and some users have said their credentials have been changed, preventing them from accessing Disney+.

One theory as to why this all happened? Users breaking one of the most important rules of keeping safe online: reusing their usernames and passwords from other sites for Disney+.

FILE - In this Wednesday, Nov. 13, 2019 file photo, a Disney logo forms part of a menu for the Disney Plus movie and entertainment streaming service on a computer screen in Walpole, Mass. Disney Plus says it doesn’t have a security breach, but some users of the new streaming service have been shut out after hackers tried to break into their accounts.  (AP Photo/Steven Senne, File)
Some Disney+ users are seeing their accounts used by hackers who have sold their usernames and passwords online, according to reports. (AP Photo/Steven Senne, File)

What's the problem with reusing information?

We’re all guilty of reusing usernames and passwords. It’s a lot to remember when you’ve got logins for everything from your work computer to your email to messaging apps and banking apps.

But the problem with doing that is — if one of those accounts happens to be hacked, or you’ve got a piece of malware called a keylogger that’s able to collect your username and password from other sites — you’re putting yourself at risk of future security issues.

In the instance of Disney+, at least some customers may have been reusing their old usernames and passwords for their new accounts.

And if Disney+ customers recycled those same usernames and passwords on older sites that were hacked, they could be used to steal those new Disney+ accounts. The same could be true if Disney+ customers used usernames and passwords they accessed on devices infected with malware.

Even if you used a slightly different password, you’re still opening yourself up for potential attack.

It's worth pointing out that this issue isn't unique to Disney+. In fact, stolen Netflix (NFLX) usernames and passwords are available online and up for sale right now. Still, it’s surprising to see Disney+ passwords and usernames out there so quickly.

What to do to protect yourself

The most obvious way to keep your account safe online is not to reuse usernames and passwords. When putting together passwords, it’s also smart to use as many letters as possible, rather than a few letters and multiple numbers. That’s because there are more letters, 26, than numbers, 10, that can occupy a single character in a password. In other words, “TRPF” is going to be more secure than “5397.”

There are also apps available online that generate usernames and passwords for various sites you might want to log into, such as LastPass and 1Password.

If you're currently a Disney+ user and find yourself locked out of your account, your best bet is to reach out to customer support, which will provide you with information on how to either cancel or gain access to your account.

More from Dan:

Got a tip? Email Daniel Howley at [email protected] or [email protected], and follow him on Twitter at @DanielHowley.

Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, SmartNews, LinkedIn,YouTube, and reddit.

Advertisement