The scary headlines started popping up almost immediately. “Thousands of hacked Disney+ accounts are already for sale on hacking forums,” ZDNet proclaimed last week. This morning, the BBC followed up with “Disney+ fans without answers after thousands hacked.” Well, I’ve got an answer for you, and it’s one you’ve probably heard before. Stop reusing passwords across multiple services and websites.
Both sites found “thousands” of Disney+ logins available on the Dark Web—just over 4,000, in the BBC’s case. When the publications reached out to affected customers, some admitted that they reused existing passwords for Disney+, while some denied it. But given the low number of so-called “hacks”—a few thousand confirmed for a service that already boasts over 10 million users is a drop in a pool, as RockPaperShotgun cofounder John Walker points out—it seems likely that bad password behavior is more to blame than a breach on Disney’s part.
Data breaches are shockingly common these days. If you reuse your login credentials across sites and services, a breach of just one can grant hackers access to all your accounts. CyberInt researcher Jason Hill told the BBC that this indeed seems to be the case with the Disney+ credentials for sale in the Web’s seedy underbelly. These accounts weren’t “hacked,” rather, their owners probably got sloppy.
The best overall password manager
I get it. Memorizing passwords sucks, and everything needs one these days. Fortunately, there’s a solution: Password managers. These programs keep track of all your logins, input them when needed, and can even create randomized passwords for each site and service you use. They’re great, and they make using unique passwords a breeze. Better yet, password managers are pretty cheap, and many even come free if you only need a device or two covered. PCWorld’s guide to the best password managers can help you find the best one to fit your needs.
Activating two-factor authentication—which demands a text- or app-based code in addition to your password—is a good idea for critical accounts too. We’ve got a guide to the best two-factor authentication apps and hardware, too. Finally, if you’ve been reusing passwords and want to batten down the hatches even further after using a password manager to generate unique logins for your accounts, check out what to do after a data breach. You won’t find any tinfoil hats, but you will find information about burner cards and specialized data recovery email addresses if you want to go even deeper down the rabbit hole.