Tech & Science : Thousands of Disney Plus accounts have already been hacked overseas. Now experts say one major security flaw could allow it to happen here. - - PressFrom - Australia
  •   
  •   

Tech & Science Thousands of Disney Plus accounts have already been hacked overseas. Now experts say one major security flaw could allow it to happen here.

05:47  20 november  2019
05:47  20 november  2019 Source:   businessinsider.com.au

The app for EU citizens applying to remain in the UK after Brexit has major security flaws which mean it can be easily hacked

  The app for EU citizens applying to remain in the UK after Brexit has major security flaws which mean it can be easily hacked The UK government's official smartphone app for EU citizens registering to remain in the country after Brexit has serious vulnerabilities which could be easily hacked to steal users' phone numbers, addresses, and passport details. Over one million EU citizens have downloaded the app, which allows them to submit photographs of their passports. A spokesperson for the3million, which campaigns for EU citizens' rights, said: 'For many EU citizens, trust in the Home Office is already very low and we fear that many concerned will not apply now.' Visit Insider's home page for more stories.

Hacked Disney + accounts are reportedly being sold for as little as . Thousands of Disney + user accounts have been stolen by hackers and put up for sale on the dark web A spokesperson for Disney told CNBC the company "takes the privacy and security of our users' data very seriously and

Hackers have gained access to thousands of Disney + user accounts , selling them for between Disney said in a statement that there is “no indication of a security breach on Disney +” and that it Disney + itself does not appear to have been hacked . Instead, Disney + customers’ credentials were

a close up of a toy: Thousands of Disney Plus accounts have reportedly been hacked. (Photo by Daniel Zuchnik, Getty Images) Thousands of Disney Plus accounts have reportedly been hacked. (Photo by Daniel Zuchnik, Getty Images)

After a hotly anticipated launch on Tuesday, Australia is now finally able to sign up and watch Disney Plus.

But with thousands of accounts stolen by hackers in the same week of its US launch, there's a possibility the same fate could befall Australians as hackers look to profit, security firm Sophos has warned.

"Excitement has been building for Disney+ and while it’s in limited release, people will seek out alternative means to use the platform, even if that includes using someone else’s password," senior security advisor John Shier told Business Insider Australia in an email.

2K's Social Media Accounts Have Been Hacked To Post Some Bad Stuff

  2K's Social Media Accounts Have Been Hacked To Post Some Bad Stuff Publisher 2K have suffered quite the security breach tonight, as pretty much every aspect of their social media presence, from Twitter to Facebook, have been hacked, with those responsible posting their own ramblings across the accounts. While 2K have now regained control over many of those accounts, some—like the company’s Facebook page—are still hosting the intrusive comments from earlier in the evening.

Many of these accounts are now being offered for free on hacking forums, or available Disney + has been open for like 10 hours and my account has already been hacked Disney + launch has been absolutely horrible. Their customer service is no help at all and apparently

Now , about a week later, hackers have already hijacked “ thousands ” of user accounts . The Disney premium streaming service has been wildly popular, but its launch was But buried in the deluge of user complaints were sporadic reports of Disney + customers being locked out of their own accounts .

"It also means that cybercriminals would likely take this opportunity to send out Disney+ phishing campaigns to the net as many victims as possible and cash in on the hype."

Many American subscribers have complained of being hacked online, lamenting that it took just days for accounts to be compromised.

Disney for its part has bizarrely maintained there has been no hack.

"Disney takes the privacy and security of our users' data very seriously and there is no indication of a security breach on Disney+," a Disney spokesperson said.

Exactly how it's being done is also a matter of contention.

"Our experience suggests that this is likely the result of a credential stuffing attack, a phishing campaign against Disney+ users or the result of credential-stealing malware on users' devices," Shier said.

"Credential stuffing is when cybercriminals use leaked credentials from one website – which could already be for sale on the dark web – and try those same credentials on other online services. This breach is a prime example of the importance of having unique passwords across all of your online services."

Some users claim they have used unique passwords and been relatively diligent. One ran through the measures her friend had taken before losing her account.

An Android flaw lets apps secretly access people's cameras and upload the videos to an external server

  An Android flaw lets apps secretly access people's cameras and upload the videos to an external server A security flaw in Google'sAndroid lets malicious apps access users' camera and microphone to secretly record them and upload the videos to an external server. The flaw, uncovered by Checkmarx and reported by Ars Technica, also allowed hackers to track metadata like the GPS location where videos were recorded. Google has patched the flaw for its Pixel phones and Samsung has done the same for its devices, but other Android devices could still be vulnerable, according to Checkmarx. Visit Business Insider's homepage for more stories.

This Disney Plus hack has left thousands of subscribers without access to their accounts while attackers The first accounts stolen went up for sale within hours of the service’s launch. In any case, there is no indication of a security breach on Disney Plus servers, meaning hackers acquired

Thousands of Disney + Accounts Have Already Been Hacked : Many speculate its rocky launch was partly due to locked accounts . Thousands of Disney + Accounts Have Already Been Hacked . @disneyplus HUGE security issue- all Disney accounts are linked together so they have the same

"From what she told me, it was a unique password that wasn’t similar to any other website. Her log in was her email. She did not click on any phishing/suspicious emails. She noted that there is no 2-way verification which is an issue," she tweeted.

Shier agrees that the lack of verification tools is a major security shortcoming.

"Unfortunately, the Disney Plus platform does not appear to offer any kind of multi-factor authentication which would thwart these kinds of attacks against online services," he said. "All services, such as Disney Plus, should offer multi-factor authentication to ensure that passwords are protected and not the only means of defense.”

In the meantime, he said there were some major things Australians could do to safeguard themselves.

"Don’t reuse passwords, as old breaches can come back to haunt you when cybercriminals use passwords from past breaches [and] provide as little personally identifiable information online as possible," he said.


OnePlus suffers second major data breach in two years .
Late on Friday, OnePlus revealed that its systems were breached by an unauthorized third party individual or individuals and that a whole bunch of user information was exposed. Back in early 2018, OnePlus revealed that a data breach exposed the credit card details of some 40,000 of its customers. That breach happened in November of the previous year and included credit card numbers, security codes, and expiration dates. This latest breach appears to be somewhat less serious, but it’s nonetheless annoying for OnePlus users.

—   Share news in the SOC. Networks

Topical videos:

usr: 4
This is interesting!