Photo: SOPA Images/Getty Images

Hacked Disney+ accounts showed up for sale on dark web criminal markets almost immediately after Disney's new streaming service went live, reported ZDNet.

The big picture: The hijacking of account credentials no doubt came as a shock to the affected users, who suddenly found their passwords changed and their accounts inaccessible. But it's a commonplace occurrence in a world where many users reuse passwords from one service to another.

Details:

  • Accounts on Netflix, Hulu and other services are also widely on sale.
  • Users typically lose control of their accounts either because they've reused passwords from other sites that have been compromised, or they chose extremely common passwords that hackers could guess.
  • Hackers use automated systems to try usernames, email addresses and passwords taken from sites breached days, months or years in the past on new sites.
  • Some users have claimed to have unique passwords stolen — which, if accurate, could mean those account login details were stolen using malware. However, that's rarely the norm for this kind of theft.

The bottom line: Disney+ accounts are now said to be on sale for between $3 and $11 dollars. When the next big streaming service launches, expect access to that site's accounts to go on sale as well.

Go deeper: Most retail site traffic aims to steal accounts

Go deeper

Updated 52 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Politics: Chris Christie: Wear a mask "or you may regret it — as I did" — Senate Democrats block vote on McConnell's targeted relief bill.
  2. Business: New state unemployment filings fall.
  3. Economy: Why the stimulus delay isn't a crisis (yet).
  4. Health: FDA approves Gilead's remdesivir as a coronavirus treatment How the pandemic might endMany U.S. deaths were avoidable.
  5. Education: Boston and Chicago send students back home for online learning.
  6. World: Spain and France exceed 1 million cases.

FBI: Russian hacking group stole data after targeting local governments

FBI Headquarters. Photo: Mark Wilson/Getty Images

Energetic Bear, a Russian state-sponsored hacking group, has stolen data from two servers after targeting state and federal government networks in the U.S. since at least September, the FBI and Cybersecurity and Infrastructure Security Agency said on Thursday.

Driving the news: Director of National Intelligence John Ratcliffe announced Wednesday that Iran and Russia had obtained voter registration information that could be used to undermine confidence in the U.S. election system.

FDA approves Gilead's remdesivir as a coronavirus treatment

A production line of Remdesivir. Photo: Fadel Dawood/picture alliance via Getty Images

Gilead Sciences on Thursday received approval from the Food and Drug Administration for remdesivir, an antiviral treatment that has shown modest results against treating COVID-19.

Why it matters: It's the first and only fully FDA-approved drug in the U.S. for treating the coronavirus.