Originally Posted by
theimage13
No one has had their account "hacked". Morons who use the same password for every single account and have already had that information breached in the past have - unsurprisingly - had their credentials guessed by simple bots that take pre-existing lists and try them on other services.
This "hack" didn't happen to you unless you're using passwords that were already stolen from other phishing expeditions.
edit: just to clarify, the accounts were not compromised due to a lack of security on Disney's part; they were stolen using simple tricks that can ONLY be stopped by using common-sense practices on the user's end. I'm not victim-blaming anyone because it's still the thieves' fault, but the users, not Disney, are the ones who bear the burden of making their accounts accessible to nefarious actors in the first place.