Thousands of Disney + accounts are already sold on the darknet

The streaming service Disney + earned only last week, but has already become the focus of scam. Thousands of Disney + accounts have already been sold on the darknet.

Although the launch of the service was overshadowed by major technical problems, and while Disney + works only in the USA, Canada and the Netherlands, it has collected more than 10 million subscribers in the first day alone.

“Hidden in the flood of complaints about technical issues, a smaller stream of users reported losing access to their accounts”, — write ZDNet reporters.

The ZDNet publication found out that user accounts are already sold on the darknet at a price of $ 3 to $ 11 apiece, and sometimes even free.

Victims say that hackers logged out of their accounts on all devices, and then changed their email address and password, effectively taking control and blocking the previous owner.

“The speed at which hackers have mobilized to monetize Disney+ accounts is astounding. Accounts were put up for sale on hacking forums within hours after the service’s launch.”, —wonder ZDNet reporters.

Although some victims admitted to reporters that they reused passwords, others said they did not and used unique credentials. This indicates that the attackers “steal” Disney + accounts not only with credentials leaked from other sites, but also with the help of keyloggers and other malware, which apparently infected victims’ devices.

Read also: US company discovered a hack when an attacker spent all the disk space on the server

According to the publication, the darknet already sells access to thousands of Disney + accounts.

“Disney + launch has been absolutely horrible. Their customer service is no help at all and apparently hundreds of accounts were hacked and sold online. My account got hacked & email/password changed, thankfully I cancelled my subscription before the hack”, — writes on Twiter Harry (@Harry8__) user.

In addition, some hacker forums have also published free Disney + credential lists for account sharing, as the service allows this. User names and credentials in these cases are available in clear text. Having contacted some of the defendants in these lists, the journalists found out that the credentials really belong to them and are still active.