I preordered my Disney+ account to beat the mad dash to stream old Disney favorites like “Cinderella” and new add-ons like the highly anticipated new Star Wars series, “The Mandalorian.”
But when I tried to log in on launch day, I couldn’t access a single Disney film or show. When I was finally able to access the streaming service the next day, I could barely get through an episode of “The Mandalorian” without excessive buffering, screen freezing, and pixilation.
According to Disney, its new streaming service — with access to almost every Disney and Star Wars movie ever made, along with the entire Marvel Cinematic Universe (MCU) — crashed on the first day due to an “error” in code.
Then, hackers stole millions of Disney customers’ usernames and passwords to sell on the dark web for as little as $3.
In the spirit of Queen Elsa from Disney’s popular animated film “Frozen” (whose sequel will debut in time for Thanksgiving) should Disney fans just “let it go”?
Maybe if Disney would own up to the flub. But the multibillion-dollar media company wouldn’t even acknowledge the hack even as it tried to play down the site crash — and now consumers are left wondering whether their accounts or sensitive information has been compromised.
Disney’s chairman of direct-to-consumer, Kevin Mayer, said at Recode’s Code Media Conference that Disney wasn’t expecting such huge demand for the streaming service. Its software simply couldn’t handle millions of consumers trying to access the treasure trove of Disney classics and the Star Wars content.
“It was a coding issue and we are going to recode it,” Mayer said.
Really? Disney couldn’t anticipate demand and attributed it to a coding error? Since when has the biggest media company in the world ever failed to anticipate demand?
Isn’t this the same company that bought Marvel Studios in 2009 after the blockbuster success of “Iron Man” (2008) and turned the MCU into the highest-grossing film franchise of all time, raking in more than $22 billion at the box office globally?
And it’s not like streaming technology is new. Amazon launched its Prime Video streaming service in 2006, followed by Netflix and Hulu in 2010. Disney is a bigger company than all three of its streaming competitors, with considerably more media expertise.
In response to multiple news reports about the Disney+ hack, a Disney spokesperson told CNBC that Disney “takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+.”
The dark web begs to differ.
Thousands of Disney+ users took to Twitter and Reddit to complain about how they couldn’t access their accounts due to the breach.
“has anyone’s @disneyplus account been hacked? My friend’s was; hackers changed email and password. Now she’s completely blocked from her 3-year prepaid Disney+ account. She’s been on hold for >2 hours,” one Twitter user said.
Some users even had to cancel their subscriptions because hackers stole and then locked them out of their own accounts.
Because Disney hasn’t offered its users any guidance on how to protect themselves or how to even know if they’ve been hacked, a cybersecurity expert told me that every Disney+ user should just change their password right now to be safe — and it shouldn’t be a password used for any other account.
“If you noticed you’re not offered a 2-factor authentication, you have to really think about the password you’re using,” cybersecurity firm SiteLock’s product specialist Monique Becenti said. “Using a strong password that isn’t associated with any other account is really the best advice I can give.”
She also pushed back on Disney’s PR boilerplate that there was no security incident.
“This is definitely a really big breach that happened,” Becenti said.
