If you've been keeping up with the news, the recent Disney+ mass hacking case shouldn't be a completely foreign topic.
Still, we think everyone could do with a little refresher course.
So, what happened?
For those who aren't familiar, Disney+ is the new media streaming service that Disney recently developed and launched.
It operates along similar lines to other subscription-based platforms such as Netflix, and everything seemed to be going smoothly at first. However, fans soon changed their tune about the service, and it wasn't really by choice.
As we've seen, cyber attacks have become more frequent than ever, with the DDoS server attacks on Overwatch and World of Warcraft still being talked about today. Well, it seems Disney+ was a prime target for hackers too, and it's no surprise since the database is filled with personal details and credit card credentials.
[[nid:468643]]
Cutting to the chase, Disney+'s database was hacked and thousands of accounts had their personal details leaked, although Disney denies that any of its security measures were compromised, and suggested that the hack was done via external means. Third-party spyware and malware are one possibility, but till today the true culprit has yet to raise its head.
That being said, how it was done wasn't as concerning as where the information ended up.
Now, rookies to the cyber-sphere might not know about what people refer to as the "Dark Web". As the term suggests, it's essentially a hidden repository for the Internet's most questionable material, and we'll just leave it at that.
Going back on topic, people found that their leaked account details were being put up for sale on the Dark Web for as little as US$3 (S$4), and naturally, no one was pleased about it.
Now, what did people have to say?
According to external commentary from cybersecurity researchers and white-hat hackers, this operation could have been pulled off simply because of one often underestimated habit; using the same credentials for multiple accounts.
After all, everything is easier to keep track of if they're the same, aren't they? Following that train of thought, the hackers probably just snagged the info and tried their luck on other accounts, including Disney+.
This practice has got a name too; credential stuffing, and it's an important reason why most websites insist on a unique password you're not using for other accounts. Doing so would make your accounts harder to hack into, although most people just brush it aside for the sake of convenience.
Anyway, all eyes are still on Disney at the moment, waiting to see how they'll handle this breach of security and probably, consumer trust too. Sure, it might not be that their security measures were inadequate, but this whole fiasco has got their name written on the envelope, and they'll need to come up with a solution - fast.
This article was first published in Hardware Zone.