from Hacker News

Disney+ Might Have a Notable Hacker Problem

by tumblen on 11/18/19, 6:27 PM with 30 comments

  • by dhagz on 11/18/19, 7:19 PM

    Extra fun tip I'm sort of nervous putting out there just because it's a potential attack vector: if you used the same email address as your existing MyDisneyExperience account, guess what? The password you set while registering for Disney+ is now the password for your MDE account - they were "merged" without notification (that I saw). So not only is your Disney+ account compromised, potentially the account you use to book vacations is as well.

    EDIT: I have "merged" in quotes because I am not sure if changing your D+ email changes it for your MDE account as well, or vice-versa.

  • by MaupitiBlue on 11/18/19, 6:52 PM

    With 10m moms and dads signing up, I'm going to guess this is largely due to password reuse from prior hacks. Christmas123.
  • by mjevans on 11/18/19, 6:53 PM

    The email change is particularly disturbing. A good security design would be to send the old email a notice of change request and give them a link that can always be used to undo that change (which might require the at the time older password as well).
  • by Starkus on 11/18/19, 7:10 PM

    Does anyone else still torrent?

    I rarely watch a tv show or a movie, but when I do I just torrent it. I've been doing this since Limewire (which was a lot of really shitty porn at the time).

    Showed my boys Princess Mononoke the other day - will show them the Mandalorian tonight, a buddy told me its pretty good