Whether or not you’ve signed up for Disney+, it may be a good idea to change your password, especially if your password is Disney-related.
Just within a few hours of the launch of the Disney+, a number of accounts were hacked with users being locked out of their accounts. ZDNet reports that stolen accounts were being sold from $3 to $11 and some being offered for free. Since Disney+ does technically allow password sharing, so multiple devices are able to easily access one account.
Disney denied any security breach and confirms that their system was secure during the time when users were being locked out. This could only suggest that the stolen accounts could be attributed to using, or reusing, weak, common passwords.
Firefox mentions in a blog post that common targets for hackers are accounts that have been previously been compromised. It’s a common practice among many people to use the same username and password combination for multiple accounts which makes it easy for hackers as they can use the stolen data from before to filter out accounts who use Disney-related keywords.
Furthermore, HaveIBeenPwned.com, a website that records and collects data regarding compromised accounts, shows that the names of Disney princesses were among the most common passwords used, with Aladdin’s princess, “jasmine” being the most popular with almost 200,000 hits. The other princess names, while not as common as Jasmine, were still widely used with “moana” having the least uses at under 1000 hits.
Commonly used Disney-themed passwords aren’t just exclusively princess names. Firefox has also shared a number of generic, Disney-themed words that are being commonly used. For instance, the word “princess” has been used as a password a little over 480,000 times, while “starwars” was used 175,762 times. Other common passwords include “lionking“, “peterpan”, and even “disney”.
Disney+ currently has ongoing promos with companies like Google that provide free or discounted subscriptions. If you do decide to sign up, it’s best to use a unique password. It’s also worth noting that Disney+ currently has no added security measures, such as multi-factor authentication.