Disney+ data hits dark web, but Magic Kingdom claims no hack

If the "Pirates of the Caribbean" became part of the sequel to "Ralph Breaks the Internet," that would describe the plot line for the latest drama surrounding Disney's 18-day-old streaming service.

Disney+ launched amidst a flood of tech glitches, but now social media is on fire with reports of accounts being hacked and log-ins being sold on the dark web. Disney is pushing back against reports of a security breach on the platform.

A spokesperson for the company told FOX Business that no indications could be found pointing to a data hack: “We have found no evidence of a security breach. We continuously audit our security systems and when we find an attempted suspicious login we proactively lock the associated user account and direct the user to select a new password.”

However, Twitter is rich with messages of claims of hacking.

News site ZDNet found stolen account usernames and passwords selling for $3 on underground hacking forums. Although Disney+ only costs $6.99 per month, many accounts are pre-paid annually at $69.99, so buyers of this information are literally getting a steal.

Disney said those hacks came before the launch of Disney+ and that its streaming service is secure: “We have seen a very small percentage of users in this situation and encourage any who are having issues to reach out to our customer support so we can help them.”

Some email and password combinations could have been reused by new Disney+ subscribers after they had previously been stolen from other online services. The company did not say how many subscribers have had security problems.

Kevin Mayer, the head of Disney’s direct-to-consumer and international division which oversees Disney+, pointed to heavy traffic on the platform, which could explain some user lockouts and technical issues: “We never had demand like we saw that day,” he said at Recode’s Code Media Conference Tuesday. “We ran into issues with the architecture,” he added, explaining that Amazon was not to blame for the customer service issues. “It was a coding issue and we are going to recode it,” he said, promising software updates in the coming weeks.

Suspicions of a breach at Disney+ is the latest occurrence in a series of hacks targeting sensitive data. Per intelligence-data website Risk Based Security, the first six months of 2019 saw 4,000 publicly disclosed breaches, exposing 4.1 billion records.

Dan Rayburn, a principal analyst at market research firm Frost and Sullivan, told FOX Business that there are a few defenses users can employ to protect their online data.

“It’s simple: You need a password that’s hard to recognize and that you haven’t used on other accounts. There is nothing Disney can do if users use a very simple password that can easily be guessed or that they’ve used already on other accounts on a public domain.”

Ticker Security Last Change Change %
DIS THE WALT DISNEY CO. 112.95 -0.94 -0.83%

Kelvin Coleman, executive director of the National Cyber Security Alliance, agreed.


“We tell people to ‘own it, secure it and protect it’ by using long and strong passwords or passphrases, implementing multi-factor authentication on any account it’s offered and to update the latest security software, web browser and operating systems,” Coleman said.

The NCSA works with the U.S. Department of Homeland Security.


The incident at Disney+ comes as it launches itself into a highly contested streaming war with competitors like Netflix, AppleTV+ and the soon-to-launch HBOMax.

Disney’s stock is up nearly 30 percent on the year and more than 33 percent year-to-date.