[dhagz]

Extra fun tip I'm sort of nervous putting out there just because it's a potential attack vector: if you used the same email address as your existing MyDisneyExperience account, guess what? The password you set while registering for Disney+ is now the password for your MDE account - they were "merged" without notification (that I saw). So not only is your Disney+ account compromised, potentially the account you use to book vacations is as well.

EDIT: I have "merged" in quotes because I am not sure if changing your D+ email changes it for your MDE account as well, or vice-versa.

[WorldMaker]

> I have "merged" in quotes because I am not sure if changing your D+ email changes it for your MDE account as well, or vice-versa.

If the merger of Disney Movie Rewards and Disney accounts, or the merger of Marvel and Disney accounts are any indication to go by, it's likely forever to always be a mess. Disney's goal for "one account system" has just been one wild ride after another. Given how many of their websites still in 2019 redirect to or through *.go.com for reasons unknown, I have to imagine their web tech stack is a fascinating archeology dive under the hood.

[gamblor956]

Based on the description of the hack, if your Disney+ account was "hacked" then your MDE account details were already on the black market.

TLDR: Disney+ wasn't actually hacked. But many people reused credentials from other sites that were already in account leaks.