Disney castle at night

Disney+ besieged by hackers, crooks and eager VPN users

Image credit: Dreamstime

Disney is already being challenged by hackers and VPN users, following the long-awaited launch of the entertainment behemoth's own streaming service.

Disney first hinted at its own streaming service in 2018. The service, called 'Disney+', allows customers to stream a wide range of films and television series produced by Disney and its associated studios - including Pixar, Marvel Studios, Lucasfilm and 20th Century Fox - for $7 per month or $70 per year.

Disney+ was finally launched on 12 November 2019 in Canada, the US and the Netherlands, gaining 10 million subscribers in its first 24 hours. Disney blamed this enormous, apparently unexpected demand for a mass of technical issues experienced soon after launch. The service was extended to Puerto Rico, Australia and New Zealand a few days later. The global rollout is anticipated to continue throughout 2020 and 2021, complicated by existing streaming deals already in place with competing services such as Amazon Prime and Netflix. Disney+ is expected to arrive in the UK, Ireland, France, Germany, Spain, Italy and Sweden by the end of March 2020.

Impatient users outside the select countries which already have access to Disney+ have been seeking means of sneaking around the restrictions, with some hackers and VPN service providers eager to meet this demand.

Last week, ZDNet reported that thousands of Disney+ accounts had already been hacked. Several users had complained on Twitter that hackers were accessing their accounts, then logging out of all devices before changing sign-in details and taking control of the account. The appeal for hackers is that many new Disney+ users may have already paid in full for up to three years' worth of membership, making such accounts a lucrative target.

Furthermore, underground shopping sites on the dark web have quickly filled with stolen accounts being offered for sale for as low as $3. While hacked streaming service accounts are frequently found on these websites, the speed with which Disney+ accounts have been snatched and flogged is startling.

Disney later told Variety that it had not suffered a security breach, effectively laying the blame with the hacking victims, some of which had reused existing passwords. A security breach affecting a different site could compromise a user’s Disney+ account if they used the same password and email address for the two accounts. Also, the temptation of many users to choose a popular Disney character - such as any one of the much-loved princess characters enjoyed down the years - as the basis for their password is another potential security weakness for enterprising hackers to exploit.

Meanwhile, several VPN providers have been promoting their services as a means of accessing Disney+ from outside the six countries in which it has already been launched. A quick search-engine query is already bringing up sponsored results from VPN providers such as Surfshark, ExpressVPN and CyberGhost, all prominently advertising their service as a way of accessing Disney+. A VPN extends a private network, allowing users to access the internet while effectively appearing to be based elsewhere.

Last week, Google Trends reported that the number of search queries based around how to watch Disney+ from the UK has skyrocketed since the service launched.

According to Screen Binge, Disney has been taking action against tech-savvy customers in the UK and other countries by blocking foreign accounts found to be using VPNs. These users have been facing ‘Error Code 73’, indicating Disney has detected that the user is trying to access the service from a region in which it is not legally permissible, or through a VPN. Many of the most popular VPNs have now been blocked, with the quiet battle between Disney and VPN providers ongoing.

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles