EDIT: I have "merged" in quotes because I am not sure if changing your D+ email changes it for your MDE account as well, or vice-versa.
If the merger of Disney Movie Rewards and Disney accounts, or the merger of Marvel and Disney accounts are any indication to go by, it's likely forever to always be a mess. Disney's goal for "one account system" has just been one wild ride after another. Given how many of their websites still in 2019 redirect to or through *.go.com for reasons unknown, I have to imagine their web tech stack is a fascinating archeology dive under the hood.
TLDR: Disney+ wasn't actually hacked. But many people reused credentials from other sites that were already in account leaks.
The sellers get Massive email: password lists which are known combo lists. These are usually from hacked sites that have been SQL injected.
People probably all have giant lists of Netflix, Hulu Etc. accounts and then just recheck them on Disney+
Then they'll use a checker app which just mass checks the sites. I imagine Disney don't have a catchpa setup or requiring it after a large amount of failed logins.
There's no point IP limiting logins as most guys will be using massive botnet proxies services that give you a zillion IP's.
We really need a 2FA solution that's friendly enough for normal people to use. Like, yesterday.
Note that both Google and Facebook have extensive infrastructures in place to detect and block password reuse based account hacking. Knowing the password is not enough to always log in to a Google account. In some cases the login process will ask you questions about your account or ask you to receive a code on your phone to verify authenticity. It's a bit like a heuristically triggered and thus easier form of 2FA.
Disney's problem here is that they have tried to make their own global federated account system but without much expertise in doing so. Tech firms have successfully fought off and blocked these attacks years ago.
Shame on D+ for not screening passwords against known hacked u/p.
I rarely watch a tv show or a movie, but when I do I just torrent it. I've been doing this since Limewire (which was a lot of really shitty porn at the time).
Showed my boys Princess Mononoke the other day - will show them the Mandalorian tonight, a buddy told me its pretty good
Yes, people still steal. Torrenting is usually more convenient, but for media that actually cost a ton of money to produce, I still feel iffy about stealing it. I would never recommend it to anyone when buying and paying for media is still an option.
Even if something like Ghibli movies might not conveniently be available for on-demand streaming, I still think everyone is under the moral obligation to plan ahead and buy it on a more traditional format rather than to resort to piracy. It is your own short-sightedness if you can't anticipate the need beforehand and order it in time.
If for some reason media can't be bought new anymore and your money isn't good anywhere, then by all means pirate it. I consider that it has at that point entered a public domain of sorts.
It's still against the law in many places, but to call it stealing is just spreading misinformation and propaganda.
I've torrented all of game of thrones, yet, always pay my monthly for the service
In cases like that I turn to torrents and download whatever seasons I’m missing, watch them and delete them again. I still keep my streaming subscriptions though.
It has gotten better, and the problem is mostly confined to cross studio/service shows, or services not available in Europe.
HBO Nordic hasn’t even announced an air date for Mr. Robot season 4 yet, which I guess is great as I can only dodge spoilers for so long, so when it eventually hits I’ll know the ending.
Even if the show was available on a European streaming service, I’d probably stream it anyway. There’s a limit to how many streaming services I care to have, and torrenting is so much easier than trying to navigate the dark patterns most streaming services put around their unsubscribe pages.
I’m also too lazy to subscribe/unsubscribe multiple times per year to multiple services.
Perhaps a “pay per view” model that bills you X per show watched, up to a maximum equal to the monthly subscription fee. That way I could have multiple subscriptions and only pay subscription fees to the services I actually use, and once I stopped watching them I’d automatically be unsubscribed.
Of course that will never happen while there are a million services.
