Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/18/2019
05:35 PM
100%
0%

Disney+ Credentials Land in Dark Web Hours After Service Launch

The credentials, priced from free to $11 per account, appear to be due to victims' re-use of logins and passwords.

That didn't take long: stolen user accounts for the new Disney+ streaming service began appearing on Dark Web sites just hours after it went live on November 12.

ZDNet found some credentials for sale in the underground for $3 to $11 per account and others, for free, as attackers took advantage of users who share their accounts. Some victims were locked some out of their accounts entirely.

While no single mechanism for the credential theft has been identified, it seems that some victims re-used credentials from other sites — credentials that had previously been breached and posted on the Dark Web. Disney+ did not offer strong authentication options for its streaming service accounts.

"What is missing from the Disney+ security service is multi-factor-authentication," says Jonathan Deveaux, head of enterprise data protection at comforte AG. "MFA does not guarantee that only the authorized user is indeed accessing the service, but it does help slow down or reduce the likelihood of bad-actors gaining access with only user ID and password credentials."

Another factor is that some users opted for short or weak passwords for their accounts. "If you have ever had to enter a complex password on a streaming app, you can see why someone would want to use something easy," says Lamar Bailey, senior director of security research at Tripwire. 

As of today, Disney+ officials had no comment.

For more, read here and here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How Medical Device Vendors Hold Healthcare Security for Ransom."

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
11/18/2019 | 6:35:58 PM
MFA needs to be an option and overly present
Disney definitely needs to incorporate MFA. I also think that MFA options need to be more transparent. Some app providers do a good job of this and put up a splash screen as soon as you log into the app. It really doesn't take that much more time to utilize MFA.
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19631
PUBLISHED: 2020-01-24
An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. A read-only user can ac...
CVE-2020-5219
PUBLISHED: 2020-01-24
Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the appli...
CVE-2019-18900
PUBLISHED: 2020-01-24
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions p...
CVE-2020-7226
PUBLISHED: 2020-01-24
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...
CVE-2012-6302
PUBLISHED: 2020-01-24
Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox.