Educause Security Discussion mailing list archives

Re: Disney+ Hackef

From: "Scantlin, Aaron J." <ScantlinA () MISSOURI EDU>
Date: Tue, 19 Nov 2019 12:19:58 +0000

I don’t know… the vast majority of this is FUD.  This is the single relevant excerpt from the article:

“Two users who spoke with ZDNet on the condition we do not share their names admitted that they reused passwords. 
However, other users said online that they did not, and had used passwords unique for their Disney+ accounts.  This 
suggests that in some cases hackers gained access to accounts by using email and password combos leaked at other sites, 
while in other cases the Disney+ credentials might have been obtained from users infected with keylogging or 
info-stealing malware.”

While this might be the early signs of some major security failing, I think that the number of compromised accounts is 
small enough to suggest that password reuse is a much more reasonable suspicion.


Aaron J. Scantlin
Security Analyst, Division of IT
GSEC, GCFA, GNFA
University of Missouri - Columbia
(573) 884 - 7555
scantlina () missouri edu




From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Ronald Loneker
Sent: Monday, November 18, 2019 8:11 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Disney+ Hackef

Everyone -

Well that didn’t take long...

https://www.zdnet.com/article/thousands-of-hacked-disney-accounts-are-already-for-sale-on-hacking-forums/

Ron Loneker Jr
Director, IT Special Projects
College of Saint Elizabeth

--
---------------------------------------- Ron Loneker, Jr. Director, IT Special Projects College of Saint Elizabeth 2 
Convent Road Morristown, NJ 07960 Phone: 973-290-4229 E-mail: rloneker () cse edu<mailto:rloneker () cse edu>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

Disney+ Hackef Ronald Loneker (Nov 18)
- Re: Disney+ Hackef Scantlin, Aaron J. (Nov 19)
  - Re: Disney+ Hackef Barton, Robert W. (Nov 19)
    - Re: Disney+ Hackef Kevin Wilcox (Nov 19)