If Disney user accounts can be hacked...what chance does your company have?

By Bill Dunnion

Mere hours after Disney launched its new monthly subscription-based streaming service, Disney+, news began to flood the airwaves of accounts being compromised. And though, to date, Disney has stated that no actual breach has occurred—breached by hackers—reports are showing that for a percentage of the services, 10 million+ users have had their usernames and passwords compromised.

What actually happened? Simply put, a large number of individuals who signed up for Disney+ are doing what everyone needs to stop doing right now: using the same user name and password for every account they own.

The issue here is not Disney, but the place where bad habits and criminal activities collide. In the past few years, we have seen organizations from LinkedIn to Facebook, Adobe, Yahoo, Marriott, Capital One, and hundreds more companies, being hacked—leaving private data such as user names and passwords, and much more, available for purchase on the dark web. In the case of Disney, cyber criminals literally had to do nothing but wait for the service to go live to use information already available from other major breaches.

This is where I say again, bad habits are what cause significant issues when it comes to cyber security and how companies manage their practices. In our daily work lives—providing security solutions for many of the country’s biggest companies—an ongoing challenge is the habitual aspects of human nature. People like simplicity, and what is more simple than using the same credentials all the time to log into any and all services.

Here’s a quick test to illustrate the issue right now. As you read this article, do you use the same email address and password for Facebook and LinkedIn? Or perhaps you use Facebook login for a few mobile apps, etc. More so, do you use your birthday or maybe your child’s birthday as a password? Maybe your phone number? If you answered yes to any of these, I highly suggest breaking that habit immediately as you are exposing yourself and perhaps your company to a multitude of risks.

Further to the bad habits associated with account management, there is the nefarious side of the equation. For every data breach that takes place, the likelihood of either yourself or someone you know been breached increases exponentially. For instance, with just the Capital One breach alone, the data of more than 6 million Canadians was exposed. To put that into context, Canada’s total population is only 37.5 million. This means that with just one breach a significant number of Canadians were placed at risk.

But it gets worse. In less than one year—November 2018 to June 2019—an estimated 19 million Canadians were affected by data breaches, and the numbers continue to rise. And though I’m not usually considered an alarmist, that number represents more than half of the country. So if you look at the person sitting beside you, one of you will be compromised.

So where does one go from here? There is a plethora of cyber security solutions out there that are available to ensure resiliency is maintained, both at the individual and corporate levels. But that’s not the topic of the day.

In short, the first best practice to implement—whether personally or corporately—is education. People can be naive about the criminal underworld, as they should be. People aren’t exposed to the dark places where criminals lurk. However, the reality now is that people must educate themselves on the nefarious practices lurking out there, waiting for someone to drop their guard.

We all as a society lock our doors at night because we are all aware of the potential for criminal activity. The world of cyber security is no different. Keeping your digital properties properly locked will go a long way in thwarting criminal behavior. By doing the simplest things such as creating difficult passwords (read our article on that topic here), changing passwords frequently, not using your social passwords at work, and not clicking on suspicious links in emails or on websites, will go a long way in ensuring your protection.

Then, of course, you can start using two-factor authentication (2FA). With 2FA, you’re adding an extra layer of security that will help you protect your critical assets. The first layer is usually your username and password, the second layer is one of three factors: something you know, something you have, or some part of your body. Start now with 2FA. It’s a simple solution, but a highly effective security tool. For more on  2FA read our article: I Have Your Password Now Give Me Money.

No one wants to have to think like a criminal, and I don’t suggest you do. I merely suggest you continue to lock your doors at night—both physically and virtually—so you can sleep well knowing that you and your family are safe from harm. That way you can enjoy the simple things of life, like the new Disney+ streaming service I keep hearing so much about.