I am sure Netflix and amazon prime users also reuse their passwords, but I haven’t yet heard about users having the Disney+ issues with these accounts.
No idea about Netflix, but for Amazon I bet there’s less account sharing than the other two - because it’s your actual Amazon account. My Netflix account is the only one that doesn’t have a very complex password manager password, because I share it with family. I won’t share my amazon account because I won’t give it that sort of password. I guess Disney+ is much closer to Netflix on that scale.
Netflix definitely has trouble with this because they too lack the whole "delete all sessions" capability, so it's next to impossible to recover an account that has been compromised. My partner went through this, and Netflix support told her to delete the account and make a new one (losing all our recommendations in the process). Why they can't be bothered to add a "log out all users" feature the way something like Github or even Plex offers is beyond me.
For posterity, I'd recommend using a passphrase if you're sharing with family. If you're using the diceware method, you get 12.9~ bits of entropy per word.
So a three or four word passphrase should be sufficient, and is much easier to memorize + tell to someone.
It especially helps with the dreaded "what's the wifi password?"
From the article: The streaming service does not have two-factor authentication.
Yeah, I've logged into my Amazon account on my phone before and it wouldn't let me in until I verified something via email. The lack of these security controls is negligent these days. I can't totally blame Disney though, since the opportunity cost of implementing this level of security just isn't worth it. The public doesn't really care enough, and governments don't seem to care about security at all.
Even with identical security stance (which I doubt) across services I'd still expect this because A) pwnable accounts on existing services were most likely already pwned, whereas Disney+ has a mass onboarding of pwnable accounts, so it's Christmas for scrit kiddies and B) there's a ton of attention on Disney+ right now so there will be much more press scrutiny regardless of the true scale of the problem.
C) The early wave that seems to have been most targeted was early signups that included big sales on 2 and 3-year prepurchases. Risk/reward balance on stealing those accounts must have been hugely tempting.
Big launch -> lots of problems at once -> newsworthy. The rest have all have the same problem, just not all at once so no one cares. (And also it's easier for support to handle when not in a big lump, and also they're not brand new to the job.)
I used to use the same password for Netflix and several other websites. I definitely had issues with people using my Netflix account that had somehow gotten the password. I'm sure that happens regularly.
A jedermann Konto or Basiskonto refers only to a personal account. If a client uses this account for commercial activities (eg receiving payments in the said industry), the bank has every right to close the account.
Depends on what your "salary" is. In the EU, the banks are obligated to find out where you get your money. And they have an obligation to close your account if they don't get satisfactory answers. "Know your customer".
My bank has recently started to ask customers to clarify transfers, and even shoot and send some video of themselves, smiling, and explaining things. I haven't got that myself yet but several colleagues have. I'm thinking I should change banks, but am unsure if any other bank is any better, because this is the result of government regulation.
The EU laws to fight money laundering are in conflict with national laws for privacy. And because laws for money laundering impact tax revenue, they will triumph over privacy.
My business got a KYC letter last year. So far I've ignored it. They haven't shut the account yet.
These things are usually treated as box ticking exercises, not as fervent investigative due diligence.
I would guess money laundering happens elsewhere.
For as little as $1m you can set up or buy a bank of your own. For $10m or more you can buy a regulated operating bank with employees and deposits.
The process is more complicated than plain old incorporation, but I would guess it won't be unduly troubling to people with a lot of spare cash at hand.
I suppose you can ignore the letters, if having your bank account suspended for some weeks doesn't cause major business risks to you. The downside with box ticking exercises is that eventually, someone may calculate the ticks, and his/her guidelines will say that this account belongs to a risky category.
The regulation is rather new, and at least Scandinavian banks seem to be hyper sensitive to be on the safe side from the money laundering risk point of view. In part this is due to the allegations and campaigns against Nordea and the actual laundering scandal at Swedbank. The privacy of customers (against having to provide personal information to the bank) is secondary.
Your bank doesn't need to be so invasive, so if they are you need to switch. There is no EU directive that tells them to clarify things using some sort of weird video proof.
But that may still be the easiest of ways required by the financial authority - which comes up with its own rules, the EU rules only being the minimum of what regulators in each country must implement. Often regulators want to be stricter, in order appear as "good tax collectors" and to avoid being targeted by social media campaigns etc.
They may see who is the sender of transfer, but that in itself is not a sufficient explanation for where the funds actually come and whether they are legitimate.
Series of transfers are a basic step in money laundering processes, so from that point of view the need for clarification of each step is understandable.
yes. they will close your account if you receive money from dubious activities (sex and drugs usually).
they will also close your account if you can't prove where the money is from.
i had this issue myself in europe. a friend paid me back a hefty sum. my friend had issues proving where he got the money from.
my account was swiftly closed.
