U.S. Markets close in 2 hrs 51 mins

What the Disney+ ‘hack’ should teach you about your own security

Daniel Howley
Technology Editor

Disney+ was launched on Nov. 12, and just a week later, security concerns emerged regarding users' accounts. According to an investigation by ZDNet, Disney+ (DIS) users have seen their accounts hijacked, and in some cases, have been completely locked out.

In a response to the controversy, a Disney spokesperson said that it doesn't appear as though there was a security breach made against Disney+. Still, thousands of accounts are for sale online, and some users have said their credentials have been changed, preventing them from accessing Disney+.

One theory as to why this all happened? Users breaking one of the most important rules of keeping safe online: reusing their usernames and passwords from other sites for Disney+.

Some Disney+ users are seeing their accounts used by hackers who have sold their usernames and passwords online, according to reports. (AP Photo/Steven Senne, File)

What's the problem with reusing information?

We’re all guilty of reusing usernames and passwords. It’s a lot to remember when you’ve got logins for everything from your work computer to your email to messaging apps and banking apps.

But the problem with doing that is — if one of those accounts happens to be hacked, or you’ve got a piece of malware called a keylogger that’s able to collect your username and password from other sites — you’re putting yourself at risk of future security issues.

In the instance of Disney+, at least some customers may have been reusing their old usernames and passwords for their new accounts.

And if Disney+ customers recycled those same usernames and passwords on older sites that were hacked, they could be used to steal those new Disney+ accounts. The same could be true if Disney+ customers used usernames and passwords they accessed on devices infected with malware.

Even if you used a slightly different password, you’re still opening yourself up for potential attack.

It's worth pointing out that this issue isn't unique to Disney+. In fact, stolen Netflix (NFLX) usernames and passwords are available online and up for sale right now. Still, it’s surprising to see Disney+ passwords and usernames out there so quickly. 

What to do to protect yourself

The most obvious way to keep your account safe online is not to reuse usernames and passwords. When putting together passwords, it’s also smart to use as many letters as possible, rather than a few letters and multiple numbers. That’s because there are more letters, 26, than numbers, 10, that can occupy a single character in a password. In other words, “TRPF” is going to be more secure than “5397.”

There are also apps available online that generate usernames and passwords for various sites you might want to log into, such as LastPass and 1Password.

If you're currently a Disney+ user and find yourself locked out of your account, your best bet is to reach out to customer support, which will provide you with information on how to either cancel or gain access to your account.

More from Dan:

Got a tip? Email Daniel Howley at danielphowley@protonmail.com or dhowley@yahoofinance.com, and follow him on Twitter at @DanielHowley.

Follow Yahoo Finance on TwitterFacebookInstagramFlipboardSmartNewsLinkedIn,YouTube, and reddit.