
Disney+ Might Have a Notable Hacker Problem - tumblen
https://fortune.com/2019/11/18/was-disney-plus-hacked-users-accounts-access/
======
dhagz
Extra fun tip I'm sort of nervous putting out there just because it's a
potential attack vector: if you used the same email address as your existing
MyDisneyExperience account, guess what? The password you set while registering
for Disney+ is now the password for your MDE account - they were "merged"
without notification (that I saw). So not only is your Disney+ account
compromised, potentially the account you use to book vacations is as well.

EDIT: I have "merged" in quotes because I am not sure if changing your D+
email changes it for your MDE account as well, or vice-versa.

~~~
WorldMaker
> I have "merged" in quotes because I am not sure if changing your D+ email
> changes it for your MDE account as well, or vice-versa.

If the merger of Disney Movie Rewards and Disney accounts, or the merger of
Marvel and Disney accounts are any indication to go by, it's likely forever to
always be a mess. Disney's goal for "one account system" has just been one
wild ride after another. Given how many of their websites still in 2019
redirect to or through *.go.com for reasons unknown, I have to imagine their
web tech stack is a fascinating archeology dive under the hood.

------
MaupitiBlue
With 10m moms and dads signing up, I'm going to guess this is largely due to
password reuse from prior hacks. Christmas123.

~~~
smacktoward
It does seem like a particularly soft target in that regard.

We really need a 2FA solution that's friendly enough for normal people to use.
Like, _yesterday._

~~~
WorldMaker
We really need even just a 1FA solution that's friendly enough for normal
people to use _securely_. Passwords clearly aren't secure for normal people,
and we should stop pretending like they ever were.

------
mjevans
The email change is particularly disturbing. A good security design would be
to send the old email a notice of change request and give them a link that can
always be used to undo that change (which might require the at the time older
password as well).

~~~
deckar01
Most services don't do that. I have had my personal email account DDoSed
before and requiring access to that inbox to change my email address would
have been impossible for over a month.

------
Starkus
Does anyone else still torrent?

I rarely watch a tv show or a movie, but when I do I just torrent it. I've
been doing this since Limewire (which was a lot of really shitty porn at the
time).

Showed my boys Princess Mononoke the other day - will show them the
Mandalorian tonight, a buddy told me its pretty good

~~~
httpsterio
Does anyone still shoplift? /s

Yes, people still steal. Torrenting is usually more convenient, but for media
that actually cost a ton of money to produce, I still feel iffy about stealing
it. I would never recommend it to anyone when buying and paying for media is
still an option.

Even if something like Ghibli movies might not conveniently be available for
on-demand streaming, I still think everyone is under the moral obligation to
plan ahead and buy it on a more traditional format rather than to resort to
piracy. It is your own short-sightedness if you can't anticipate the need
beforehand and order it in time.

If for some reason media can't be bought new anymore and your money isn't good
anywhere, then by all means pirate it. I consider that it has at that point
entered a public domain of sorts.

~~~
22c
Piracy isn't stealing. Many people have been over this. You've been
brainwashed if you think it's stealing.

It's still against the law in many places, but to call it stealing is just
spreading misinformation and propaganda.

~~~
bengotow
Hmm - is there a good summary of this argument I could read? I torrented many
years ago and it always felt like stealing and still does. Seems more or less
equivalent to shoplifting to me from a moral standpoint, would be curious to
read into this!

(I'm assuming this is not the "oh I actually pay and I just want to watch it
on an unsupported device" argument)

~~~
pcroh
If I shoplift a bag of Doritos, the shop has one fewer bag of Doritos.

If I pirate a show, it doesn't disappear from Disney's hard drives.

~~~
lillesvin
People use "steal" like that all the time. "You stole my idea." "He stole my
look!" "She stole my song." Etc... So I don't really think that's a very good
argument.

