Disney+ became available less than a week ago, yet thousands of hijacked accounts are already being offered for sale in cybercriminal marketplaces, and many users are reporting Disney+ account takeovers on social media, according to ZDNet (opens in new tab).
Yet it's not that Disney+ has been hacked. Far from it. Rather, it's likely that the bulk of the account takeovers stem from password reuse, i.e. account owners using passwords already used for other accounts. (You should never reuse a password.)
Disney could have spared itself this public-relations mess had it let its users set up two-factor authentication (2FA), which would make it much harder for crooks to hijack accounts even with correct passwords.
But Netflix doesn't offer 2FA either, and neither does Hulu, even though Amazon, Google, Facebook and dozens of other online services do. A cynic might wonder if that omission helps boost viewing audiences for streaming services by making it easier for friends and family members to share account passwords.
How to protect your Disney+ account
Until Disney changes its mind about 2FA, your Disney+ account is going to be a sitting duck for hackers.
If you get an email, social-media message or text message saying your Disney+ account is in danger, don't click any links in the message. Instead, open a new browser tab and manually log into Disney+ that way.
To help both keep track of your passwords and create strong new ones, you should be using one of the best password managers.