Did Disney get hacked?

The very same day Disney’s new streaming service went live, hackers began stealing Disney+ user accounts and selling them on the dark web for as little as $3. Many customers were locked out of their accounts and spent hours waiting on customer support.

But is Disney to blame? “Disney takes the privacy and security of our users’ data very seriously, and there is no indication of a security breach on Disney+,” a spokesman said.

It is very possible that Disney’s systems were not compromised. User accounts could have been stolen in other ways. 

One of the simplest explanations comes down to the reuse of passwords across different accounts. If user credentials were stolen or leaked in a separate incident, email and password combinations could be reused to gain access to Disney+ accounts. There is also the possibility that credentials could have been stolen from user devices using keylogging or spyware.

The incident highlights a couple issues with Disney’s security. First, the service does not offer two-factor authentication. If users had the option to add an additional layer of security beyond their password, this could have protected many accounts. Second, users reported that all their Disney accounts were linked. This led to major confusion as users scrambled to update passwords. Plus, getting locked out of Disney+ meant losing access to the store, recreation parks, and all Disney products.

If a brand new service like Disney+ can suffer a security breach so quickly, it’s more important than ever to set good habits online. In fact, CNN and USA Today both recommended getting Dashlane in the days following the Disney+ incident. Whether you were affected by the Disney+ hack or not, here are three tips to keep your personal information safe.

3 steps to keep your passwords off the dark web using Dashlane

1. Run a dark web scan
Dashlane’s Dark Web Monitoring scans the web for leaked personal data and sends you alerts so you can take action to protect your accounts.

Premium users have access to Dark Web Monitoring and if you sign up today with a new account, you’ll get free access for the next 30 days.

2. Update compromised or weak passwords
Visit Dashlane’s Identity Dashboard, where you’ll see which passwords need to be updated immediately and find tools to instantly improve your Password Health Score.

3. Use a different password for every account
That way, if someone gets the password to your Disney+ account, it stops there. They won’t be able to then access your bank account or email. You can use Dashlane’s Password Generator to create unique, complex passwords for every account.

And don’t worry about remembering these complicated passwords. Dashlane saves them for you and automatically logs you in wherever you’re using the internet—across all browsers and devices.