Within hours of the launch of the new Disney+ streaming service thousands of account holders discovered their accounts had been hacked and their access to their accounts denied.  In many instances, the cybercriminals hacked into the Disney + accounts of their victims and then changed the account’s email and password which prevented their victims from being able to access their own accounts.  Many of the hacked accounts were being offered for sale on the Dark Web, that part of the Internet were cybercriminals buy and sell goods and services.    Many of the hacked accounts used the same passwords of other accounts of the victims, which is a problem when a data breach occurs in which hackers obtain your password. You should have a unique, strong password for each of your online accounts so that in the event that there is a data breach and the password for one of your accounts becomes compromised, all of your accounts will not become vulnerable to being hacked.  In other instances, the computers, tablets and cellphones of Disney + subscribers who used unique passwords for all of their accounts are thought to have clicked on links in phishing emails that downloaded keystroke logging malware that enabled the hackers to find and steal the password for their Disney + accounts.  One of the primary ways that identity thieves steal from your online accounts such as your online banking is by luring you with phishing emails or more targeted spear phishing emails to either click on links that download keystroke logging malware that will search your computer for the passwords to your accounts or by prompting you to click on a link that takes you to a phony, but legitimate looking website that appears to be that of your bank or some other company where you have an account where you are instructed to insert your password.  Mere passwords have not proven to be a particular secure method of authentication. Many people use simple to guess passwords and even what may appear to be complex passwords can often be identified by sophisticated hackers using password cracking software.  Regardless, however of how strong your password is, if you provide it to an identity thief, the criminal will be able to access your account.  It is for this reason that many companies offer dual factor authentication, by which when your password is used to access your account, a special code is sent to your smartphone by text message that must be used in order to complete access to the account. This provides dramatically enhanced security.  While this may seem to be inconvenient, some dual factor authentication protocols do not require it to be used when you are accessing your account from the computer or smartphone that you usually use, but only require its use if the request to access the account comes from a different device.

TIPS

Passwords are just too vulnerable to be the sole method of authentication for important apps or accounts.  Whenever you are able to use dual factor authentication for a particular website, account or app, you should do so.  Unfortunately, it does not appear that Disney + provides for dual factor authentication at this time.  Whenever possible use dual factor authentication for your accounts so that when you attempt to log in, a one-time code will be sent to your cell phone to insert in order to get access to your account.  For convenience sake you can set up dual factor authentication so that it is only required if you are logging in from a different computer or device than you normally use.

Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear.  You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts.   Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.

Also, avoid phishing and spear phishing by never clicking onlinks in emails and text messages unless you have absolutely confirmed that the communication was legitimate.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”