You may or may not have heard by now that Disney's new streaming media service, Disney+, has been hacked. 

The service suffered a slew of technical problems at launch, and it seems at least some of those issues were due to attacks from parties compromising the service.

Security researchers have already found 4,000+ Disney+ accounts for sale on the Dark Web (the nether-regions of the internet.)  Why is this bad?  All Disney accounts are linked - meaning a breach of your Disney+ account may also mean your Disney.com account, Disney Store account and others may also be at risk.

Making matters even worse are Disney+ users who reused the same email and password for the service as they do other sites (email, bills, banking etc.)  Once an account is compromised and the credentials stolen, hackers can then (and usually do) try those same credentials on other popular sites hoping that the user is a member and used the same username/password.  If that's the case then they now have access to whatever that site is also.

Disney is being tight-lipped on the nature of the breach, as they should do.  It's also worth noting that it's *possible* that these accounts were compromised by using the method I described above...using credentials the hackers already had from other compromised websites and trying them on Disney+.

If you're a Disney+ subscriber I suggest changing your password to something unique (not used anywhere else!) and keeping a close eye on your personal information and other accounts for a few weeks. 

Always better to be safe than sorry.

Securely,

Patrick