Advertisement
Tech by VICE

Tools For Breaking into Disney+ Accounts Have Been Online for Months

Hackers are selling Disney+ accounts on the dark web, but the tools to break into the accounts in the first place are already established.

by Joseph Cox
Nov 18 2019, 8:22pm

Image: Disney

Last week Disney launched its much anticipated streaming service Disney+, and hackers wasted no time breaking into Disney+ accounts and then selling them online, ZDNet and the BBC found.

But this should not come as a surprise. Motherboard found that, for months, hackers have been giving away so-called "configs"—files that control special software for breaking into accounts en masse—designed to crack Disney+.

"DISNEY+ CONFIG," one thread on a hacking forum focused on breaking into online accounts reads. The author created the thread and shared the config itself two months ago, according to the forum.

Hackers load a config into a tool such as Sentry, which churns through combinations of email addresses and passwords in the hope that a user has shared one password across multiple services. Configs exist for all sorts of online services that may be attractive to hackers, such as Uber or Netflix. Hackers will typically use the software in conjunction with proxies, which route their traffic through different points before arriving at the Disney+ login portal, so Disney doesn't block the hackers.

Do you work for Disney+? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

Back when the Disney+ config creator published the file, the streaming service was only available in the Netherlands. The entrepreneurship wasn't lost on other users of the hacking forum.

"This is early n great share," one user wrote on a thread advertising the config at the time.

And since the Disney+ launch, hackers have paid more attention to the config.

"my mans this shit is sick af [as fuck]," one forum user responded on the thread on Sunday.

Within that last week other hackers also published their own configs to the same hacking forum.

Disney did not immediately respond to a request for comment.

Subscribe to our new cybersecurity podcast, CYBER.

This article originally appeared on VICE US.

Tagged:
Netflix
hackers
streaming
disney
Passwords
cracking passwords
two-factor authentication
Cracking
config