I am sure Netflix and amazon prime users also reuse their passwords, but I haven’t yet heard about users having the Disney+ issues with these accounts.
No idea about Netflix, but for Amazon I bet there’s less account sharing than the other two - because it’s your actual Amazon account. My Netflix account is the only one that doesn’t have a very complex password manager password, because I share it with family. I won’t share my amazon account because I won’t give it that sort of password. I guess Disney+ is much closer to Netflix on that scale.
Netflix definitely has trouble with this because they too lack the whole "delete all sessions" capability, so it's next to impossible to recover an account that has been compromised. My partner went through this, and Netflix support told her to delete the account and make a new one (losing all our recommendations in the process). Why they can't be bothered to add a "log out all users" feature the way something like Github or even Plex offers is beyond me.
For posterity, I'd recommend using a passphrase if you're sharing with family. If you're using the diceware method, you get 12.9~ bits of entropy per word.
So a three or four word passphrase should be sufficient, and is much easier to memorize + tell to someone.
It especially helps with the dreaded "what's the wifi password?"
From the article: The streaming service does not have two-factor authentication.
Yeah, I've logged into my Amazon account on my phone before and it wouldn't let me in until I verified something via email. The lack of these security controls is negligent these days. I can't totally blame Disney though, since the opportunity cost of implementing this level of security just isn't worth it. The public doesn't really care enough, and governments don't seem to care about security at all.
Even with identical security stance (which I doubt) across services I'd still expect this because A) pwnable accounts on existing services were most likely already pwned, whereas Disney+ has a mass onboarding of pwnable accounts, so it's Christmas for scrit kiddies and B) there's a ton of attention on Disney+ right now so there will be much more press scrutiny regardless of the true scale of the problem.
C) The early wave that seems to have been most targeted was early signups that included big sales on 2 and 3-year prepurchases. Risk/reward balance on stealing those accounts must have been hugely tempting.
Big launch -> lots of problems at once -> newsworthy. The rest have all have the same problem, just not all at once so no one cares. (And also it's easier for support to handle when not in a big lump, and also they're not brand new to the job.)
I used to use the same password for Netflix and several other websites. I definitely had issues with people using my Netflix account that had somehow gotten the password. I'm sure that happens regularly.