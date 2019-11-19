If you use the same password on multiple sites - YOU'RE the Dumbo

NOT CONTENT with utterly failing to prepare the infrastructure for its first day, streaming service Disney+ is now facing up to a hack which has seen thousands of customer credentials released on the web.

The service was a victim of account hijacking within hours of launch, with credentials for sale on the dark web at prices ranging from $3 to $11.

Given that a legitimate Disney+ subscription is $6.99/m and the chances of getting more than a month out of a stolen account before losing access again, the prices being offered seem a little on the steep side.

Users have complained of being unable to access their accounts after hackers got unauthorised access to them, then changed the passwords, effectively locking out the rightful account holders. This is commonly known as the "Yahoo Mail trick" because it is been happening to users of the webmail provider for years.

Social media has been awash with complaints from customers locked out, often after paying in advance for multi-year subscriptions. The problem is compounded because it is proving very difficult to raise anyone from Disney+ customer services, with some posters claiming to have been on hold for hours at a time.

Disney+ has said that no security breach has taken place, suggesting that the credentials have been the result of people using the same email/password combination as on other sites that have been hacking victims, and therefore the credentials were already in the public domain.

It's this aspect that might be driving the price up, as logically, the reverse will be true and these credentials could well be usable on other sites too.

The moral of the story is that sharing passwords between sites isn't a good idea. It may be a pain to remember all those passwords, but it really is the only way to stay safe. Best bet - use a password manager. μ