Amid the massive launch last week for Disney+ that saw more than 10 million users sign up for the subscription streaming service in its first 36 hours on the market, hackers have reportedly stolen “thousands” of accounts and put them up for sale on the Dark Web.

According to ZDNet, many users have tried to log into their Disney+ account, only to find that their account credentials have been changed, and that they are locked out.

Indeed, MCN found a number of complaints about stolen Disney+ accounts on Reddit and Twitter.

“Both email and password and my main profile photo and name were changed... super frustrated!!! I can’t get through to them,” read one complaint on Reddit.

Further corroborating ZDNet’s report, the BBC found several accounts posted for sale on the Dark Web, one for as little as $3. Note that the subscription service costs $6.99 a month.

For their part, Disney reps said there has been no indication of a security breach, and that incidents might have spawned from previous compromises of customer security information.

“Disney takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+,” a company statement read. 

An online security expert has found yet more ways for malicious individuals to obtain sensitive information on Comcast subscribers using the company’s online customer service portal.

As first reported by Buzzfeed, cyber-security engineer Ryan Stephenson--a self-described “penetration tester”—has found two more ways a hacker could exploit Comcast customer-facing websites. It’s at least the second time in the last three months that Stephenson has found a breach in a Comcast portal, before going to the press about it.

In his latest discovery, Stephenson found one flaw on Comcast’s Xfinity in-home authentication page, which lets customers pay bills without entering their username and password, given that they’re connecting with their own IP address. Stephenson determined that a hacker could obtain a customer’s IP address, then derive partial home address info for the user.

Comcast is now requiring customers to authenticate, even though they’re in their bed or living room.

Related: Comcast Confirms Deactivation of Congestion Management System

The other exposed vulnerability involves Comcast’s authorized dealer sign-up page. If a hacker could obtain a customer’s billing address, they could use this tool to also illicitly obtain the last four digits of the subscriber’s Social Security number, the security consultant found.

“We quickly investigated these issues and within hours we blocked both vulnerabilities, eliminating the ability to conduct the actions described by these researchers,” Comcast said in a statement. “We take our customers’ security very seriously, and we have no reason to believe these vulnerabilities were ever used against Comcast customers outside of the research described in this report.”

The cable company continues to reconcile customer demand to make online tools intuitive and easy to use with the efforts of at least one notable online security guru, determined to find every conceivable way possible to exploit the cable company’s portals.

In May, for example, Stephenson discovered a means to use a Comcast online portal for router configuration to illicitly obtain home address info, as well as Wi-Fi network names and passwords, then reported to ZDNet.

And in June, ZDNet reported on a tip from anonymous security expert, showing that an API used by Comcast could be “tricked” into returning customer data, including account numbers and home addresses.