Netflix and Disney+ Hit by Account Hacking, Password Sharing

As Netflix (NFLX) and Walt Disney (DIS) go head to head, they’re finding they have a common enemy: criminals taking over their customer accounts. Within days of Disney+ launching in the US, thousands of customers lost their accounts in mass hacking. The hacked Disney+ accounts ended up on the dark web, selling for a fraction of what a legitimate account costs. Disney+ subscribers in Australia ran into a similar account hacking problem when the service launched there. Disney+ arrived in Australia and New Zealand a week after its US debut.

Now the account hacking spotlight is on Netflix. A BBC investigation has uncovered the hacking of dormant Netflix customer accounts.

When people stop their Netflix subscription, the company requires them to log out of their accounts. However, Netflix doesn’t delete the accounts immediately. Instead, the company keeps the accounts dormant for up to ten months, ensuringthat if customers change their mind and want to return, they can do so easily. However, criminals have found a way to reactivate and continue using dormant Netflix accounts with the still-linked billing details, selling the accounts cheaply on platforms such as eBay.

Sales of hacked customer accounts deny companies such as Netflix and Disney revenue from the services they offer. For Netflix, account hacking adds to its longstanding problem, password sharing, which costs the company more than $1.6 billion in revenue annually. As a result of the revenue leak, Netflix has had to borrow to plug its cash shortages. Disney cut a deal with Charter Communications (CHTR) to keep such revenue leaks in check.

Account hacking also puts Netflix’s and Disney’s reputation at risk. Amid high-profile data breaches around the world, people have become more concerned about their data’s security and privacy. Incidents such as account hacking could shake consumer confidence in streaming services, affecting sales and sparking costly and distracting lawsuits.

However, Netflix and Disney have indicated they may not be to blame for the account hacking. They have suggested that by reusing old passwords or sharing account login credentials, customers may have made themselves vulnerable to hacking.