•   
  •   

Tech & Science Thousands of Disney Plus accounts have already been hacked overseas. Now experts say one major security flaw could allow it to happen here.

05:47  20 november  2019
05:47  20 november  2019 Source:   businessinsider.com.au

How Disney's Imagineering Story Gives Incredible Insight To The World Behind The House Of Mouse

  How Disney's Imagineering Story Gives Incredible Insight To The World Behind The House Of Mouse Disney is a famously secretive company. It’s so secretive, in fact, that some of its biggest mysteries have elevated into legend. Have you heard there’s a basketball court inside the Matterhorn ride? Are there really full cities underneath the theme parks? In the Disney+ show The Imagineering Story, many of those legends will finally be revealed and we have filmmaker Leslie Iwerks to thank. Iwerks is the main force behind the new six-episode series, which debuts when Disney+ launches next week.

a close up of a toy: Thousands of Disney Plus accounts have reportedly been hacked. (Photo by Daniel Zuchnik, Getty Images) Thousands of Disney Plus accounts have reportedly been hacked. (Photo by Daniel Zuchnik, Getty Images)

After a hotly anticipated launch on Tuesday, Australia is now finally able to sign up and watch Disney Plus.

But with thousands of accounts stolen by hackers in the same week of its US launch, there's a possibility the same fate could befall Australians as hackers look to profit, security firm Sophos has warned.

"Excitement has been building for Disney+ and while it’s in limited release, people will seek out alternative means to use the platform, even if that includes using someone else’s password," senior security advisor John Shier told Business Insider Australia in an email.

Star Wars' Rey's Rise of Skywalker journey will be "fun" for fans, says Daisy Ridley

  Star Wars' Rey's Rise of Skywalker journey will be "The whole of Star Wars is about good and evil."Star Wars: The Rise of Skywalker threw a massive curveball at fans in its second trailer after seemingly showing a Dark Side version of Rey.

"It also means that cybercriminals would likely take this opportunity to send out Disney+ phishing campaigns to the net as many victims as possible and cash in on the hype."

Many American subscribers have complained of being hacked online, lamenting that it took just days for accounts to be compromised.

Disney for its part has bizarrely maintained there has been no hack.

"Disney takes the privacy and security of our users' data very seriously and there is no indication of a security breach on Disney+," a Disney spokesperson said.

Exactly how it's being done is also a matter of contention.

"Our experience suggests that this is likely the result of a credential stuffing attack, a phishing campaign against Disney+ users or the result of credential-stealing malware on users' devices," Shier said.

"Credential stuffing is when cybercriminals use leaked credentials from one website – which could already be for sale on the dark web – and try those same credentials on other online services. This breach is a prime example of the importance of having unique passwords across all of your online services."

Some users claim they have used unique passwords and been relatively diligent. One ran through the measures her friend had taken before losing her account.

An Android flaw lets apps secretly access people's cameras and upload the videos to an external server

  An Android flaw lets apps secretly access people's cameras and upload the videos to an external server A security flaw in Google'sAndroid lets malicious apps access users' camera and microphone to secretly record them and upload the videos to an external server. The flaw, uncovered by Checkmarx and reported by Ars Technica, also allowed hackers to track metadata like the GPS location where videos were recorded. Google has patched the flaw for its Pixel phones and Samsung has done the same for its devices, but other Android devices could still be vulnerable, according to Checkmarx. Visit Business Insider's homepage for more stories.

"From what she told me, it was a unique password that wasn’t similar to any other website. Her log in was her email. She did not click on any phishing/suspicious emails. She noted that there is no 2-way verification which is an issue," she tweeted.

Shier agrees that the lack of verification tools is a major security shortcoming.

"Unfortunately, the Disney Plus platform does not appear to offer any kind of multi-factor authentication which would thwart these kinds of attacks against online services," he said. "All services, such as Disney Plus, should offer multi-factor authentication to ensure that passwords are protected and not the only means of defense.”

In the meantime, he said there were some major things Australians could do to safeguard themselves.

"Don’t reuse passwords, as old breaches can come back to haunt you when cybercriminals use passwords from past breaches [and] provide as little personally identifiable information online as possible," he said.


Pompeo refuses to say what he and Giuliani talked about in newly disclosed calls .
The State Department released emails Friday showing that Pompeo and Giuliani spoke by phone twice in late March.Rep. Mark Meadows, R-N.C., is seen in the audience during the House Intelligence Committee hearing, on Nov. 21.

Topical videos:

usr: 1
This is interesting!