As ZDNet first reported, sellers on the dark web have been offering compromised Disney+ accounts for anywhere from no charge to $11.
According to Wired, the cause was probably credential stuffing, a commonly used process where the culprits use passwords that have previously leaked and try them on a different service to see which ones work, using various automated services to exploit people’s tendency to reuse passwords.