The dark tale of the Disney+ cyber attack
How 10 million subscribers’ private data was threatened by credential stuffing
From Aladdin to Frozen, Disney+ promised film lovers a streaming service like no other! But when 10 million users signed up to watch their favourite heroes and villains, they didn’t realise they would soon be watching a darker tale unfold as cyber criminals unexpectedly compromised their accounts.
As thousands of users were locked out of their account, social media exploded with panicked users worrying about their leaked passwords and compromised security. So what exactly happened when the eagerly anticipated streaming service launched in 2019?
Join us as we decode the details and explore more…
What happened?
On 12 November 2019, the first day of Disney+ going live, users began complaining on social media that they were having technical issues and were locked out of their accounts.
Disney commented that they’d had an ‘overwhelming’ response and offered an apology. But still, the negative social posts poured in, with many users unable to access their account at all, while others watched their private details being changed.
Remember – even if an issue is resolved, once threads and posts appear online, they can remain for years, damaging a company’s reputation.
The global awareness and instant feedback from social media show just how fast bad news can spread – and why it’s crucial to keep on top of your security game!
How did it happen?
As with any cyber incident, several different theories started to circulate on how this might have happened. It’s worth noting that Disney+ have never released a statement that confirms exactly what occurred.
It’s assumed that hackers obtained a database of passwords and usernames from a previous security breach, then used a brute force attack to attempt that same data on Disney+ systems.
This method is called credential stuffing, and it works when a cyber criminal steals a list of user details and then uses it to breach a system. They assume that usernames and passwords may be the same across different sites and devices.
Disney signed up 10 million subscribers on the first day. Statistically, some of those users had likely been hacked before and had left their usernames/passwords the same.
What would be the role of a cyber security professional in this incident?
When looking at incidents similar to the Disney+ attack, a Security Operations Centre (SOC) Analyst could have played a significant role.
A SOC Analyst is someone who monitors and fights threats to an organisations infrastructure. They look for areas of weakness where a cyber criminal may take advantage.
If you were a SOC Analyst working on this new streaming service, you would have been thinking ahead to a future scenario where a credential stuffing attack took place. You would work on innovative ways that prevent, detect and monitor cyber attacks just like this one!
A SOC Analyst is someone who monitors and fights threats to an organisations infrastructure.
Think you could be a good SOC Analyst? Take our personality trait test to see which cyber security role would suit you best!
How can we prevent this kind of password disaster scenario?
An attack like this could have been prevented with multi-factor authentication (MFA). However, credential stuffing attacks will continue to happen if we don’t use a password manager when signing up to various subscription sites.
Password managers generate original, hard-to-crack passwords for your different accounts and save them, so you always have access and don’t need to remember each one. It’s crucial that the same usernames and passwords aren’t repeated across multiple sites.
Sadly, Disney+ is not the first service to encounter a credential stuffing cyber attack. Imagine if both users and subscription-based service providers are alert to the threats of cyber attacks and committed to preventing them through MFA and unique password creation. We’d be more likely to enjoy the films and entertainment we love without setting the scene for a hacking drama!
To experience and learn more about how cyber attacks just like this unfold, let’s take a look at one of the cases in CyberStart Game…
HQ L02 C10 - Useful Hack
The ‘Useful Hack’ brief requires you to login to the website of a criminal gang called the Slootmaekers. We don’t have the specific username and password, but are aware that a popular social media site was recently hacked and many usernames and passwords from that site were stolen.
How do we find the login details? You’ll receive an email from Agent J which contains a data dump file. This file contains many usernames and passwords taken from the social media site hack. Investigate the data dump and see if any of the usernames and passwords let you login to the criminal gang’s website.
This case shows you how easy it can be to obtain user data and exploit it to access further private information. By promoting proper login methods and password management to both organisations and users, we can hopefully prevent attacks like this in the future.
Whether you want to be at the forefront of a digital investigation or improve your digital skills to be aware of sophisticated cyber attacks just like this, CyberStart Game can help you progress with free learning games and challenges!
