Tech & Science Thousands of Disney Plus accounts have already been hacked overseas. Now experts say one major security flaw could allow it to happen here.
How Disney's Imagineering Story Gives Incredible Insight To The World Behind The House Of Mouse
Disney is a famously secretive company. It’s so secretive, in fact, that some of its biggest mysteries have elevated into legend. Have you heard there’s a basketball court inside the Matterhorn ride? Are there really full cities underneath the theme parks? In the Disney+ show The Imagineering Story, many of those legends will finally be revealed and we have filmmaker Leslie Iwerks to thank. Iwerks is the main force behind the new six-episode series, which debuts when Disney+ launches next week.
After a hotly anticipated launch on Tuesday, Australia is now finally able to sign up and watch Disney Plus.
But with thousands of accounts stolen by hackers in the same week of its US launch, there's a possibility the same fate could befall Australians as hackers look to profit, security firm Sophos has warned.
"Excitement has been building for Disney+ and while it’s in limited release, people will seek out alternative means to use the platform, even if that includes using someone else’s password," senior security advisor John Shier told Business Insider Australia in an email.
Star Wars' Rey's Rise of Skywalker journey will be "fun" for fans, says Daisy Ridley
"The whole of Star Wars is about good and evil."Star Wars: The Rise of Skywalker threw a massive curveball at fans in its second trailer after seemingly showing a Dark Side version of Rey.
"It also means that cybercriminals would likely take this opportunity to send out Disney+ phishing campaigns to the net as many victims as possible and cash in on the hype."
Many American subscribers have complained of being hacked online, lamenting that it took just days for accounts to be compromised.
Not even been half of a week and my dad’s Disney+ account has ALREADY been hacked.
Great security there @disneyplus @Disney. Unbelievable. #DisneyPlus
— Jesse (@CommandrBlitzer) November 15, 2019
#distwitter has anyone’s @disneyplus account been hacked? My friend’s was; hackers changed email and password. Now she’s completely blocked from her 3-year prepaid Disney+ account. She’s been on hold for >2 hours
— cat+dog=happyhome (@Travel4vr) November 12, 2019
2K's Social Media Accounts Have Been Hacked To Post Some Bad Stuff
Publisher 2K have suffered quite the security breach tonight, as pretty much every aspect of their social media presence, from Twitter to Facebook, have been hacked, with those responsible posting their own ramblings across the accounts. While 2K have now regained control over many of those accounts, some—like the company’s Facebook page—are still hosting the intrusive comments from earlier in the evening.
Disney for its part has bizarrely maintained there has been no hack.
"Disney takes the privacy and security of our users' data very seriously and there is no indication of a security breach on Disney+," a Disney spokesperson said.
Exactly how it's being done is also a matter of contention.
"Our experience suggests that this is likely the result of a credential stuffing attack, a phishing campaign against Disney+ users or the result of credential-stealing malware on users' devices," Shier said.
"Credential stuffing is when cybercriminals use leaked credentials from one website – which could already be for sale on the dark web – and try those same credentials on other online services. This breach is a prime example of the importance of having unique passwords across all of your online services."
Some users claim they have used unique passwords and been relatively diligent. One ran through the measures her friend had taken before losing her account.
An Android flaw lets apps secretly access people's cameras and upload the videos to an external server
A security flaw in Google'sAndroid lets malicious apps access users' camera and microphone to secretly record them and upload the videos to an external server. The flaw, uncovered by Checkmarx and reported by Ars Technica, also allowed hackers to track metadata like the GPS location where videos were recorded. Google has patched the flaw for its Pixel phones and Samsung has done the same for its devices, but other Android devices could still be vulnerable, according to Checkmarx. Visit Business Insider's homepage for more stories.
"From what she told me, it was a unique password that wasn’t similar to any other website. Her log in was her email. She did not click on any phishing/suspicious emails. She noted that there is no 2-way verification which is an issue," she tweeted.
From what she told me, it was a unique password that wasn’t similar to any other website. Her log in was her email. She did not click on any phishing/suspicious emails. She noted that there is no 2-way verification which is an issue
— cat+dog=happyhome (@Travel4vr) November 17, 2019
Shier agrees that the lack of verification tools is a major security shortcoming.
"Unfortunately, the Disney Plus platform does not appear to offer any kind of multi-factor authentication which would thwart these kinds of attacks against online services," he said. "All services, such as Disney Plus, should offer multi-factor authentication to ensure that passwords are protected and not the only means of defense.”
In the meantime, he said there were some major things Australians could do to safeguard themselves.
"Don’t reuse passwords, as old breaches can come back to haunt you when cybercriminals use passwords from past breaches [and] provide as little personally identifiable information online as possible," he said.
Pompeo refuses to say what he and Giuliani talked about in newly disclosed calls .
The State Department released emails Friday showing that Pompeo and Giuliani spoke by phone twice in late March.Rep. Mark Meadows, R-N.C., is seen in the audience during the House Intelligence Committee hearing, on Nov. 21.
The National for Monday, Nov. 18 — Hong Kong’s prolonged standoff; Cancer rate up in young Canadians
Welcome to The National, the flagship nightly newscast of CBC News »»» Subscribe to The National to watch more videos here: ...
The Escape Key Returns - This is Only a Test 526 - 11/14/19
This week, we discuss the launch of Disney+ and the first episode of The Mandalorian (no big spoilers!), Apple's 16-inch MacBook Pro details, and the logistics ...