Disney+ Hotstar users are having trouble logging in with forced migration from email login to SMS-based OTP only. In late February, Disney+ Hotstar — then just Hotstar — began moving its existing subscribers from email addresses to phone numbers to log in. The streaming service reportedly took this step to tighten security, as future login attempts would require a one-time password (OTP) sent to the mobile in question. This takes Disney+ Hotstar a step ahead of Netflix, which doesn’t offer any two-factor authentication method as yet. And then, in a further push in April, Disney+ Hotstar disabled the option to sign up with an email address, or login with an email address if a phone number was also registered to your account. Unfortunately, this has resulted in a series of avoidable consequences.
Hey! We have stopped new email ID sign ups. If your subscription is bought on a mobile number account, you will not be able to change it to an email ID and password login. DM us to know morehttps://t.co/9NGF8I7c7u
— Disney+HS_helps (@hotstar_helps) May 4, 2020
Some Disney+ Hotstar subscribers are reporting that they can’t log into the service because the accounts are associated with phone numbers unknown to them. Gadgets 360 has learnt that this is because their Disney+ Hotstar account credentials have been compromised via emailed phishing schemes, fake websites, modded APKs, or password reuse. The last of those happens when you use the same password across websites. These credentials have since been circulating on publicly accessible websites and the dark web. This was a secondary reason cited internally to transition to SMS-based OTP logins.
Now, you can change the phone number associated with your Disney+ Hotstar account. Unfortunately, you’ll have to deal with Disney+ Hotstar’s customer support team on Twitter to do this. Subscribers can’t change the number on their own, though Disney+ Hotstar hopes to work on this feature “soon”. To get the number changed, you’ll need to present your purchase invoice of Disney+ Hotstar, be it the Google Play or iTunes receipt, or a statement from your bank. Users aren’t too pleased about this, as you’d think, but customers can redact everything on bank statements, minus the name, phone number, and the Disney+ Hotstar transaction.
It’s not clear why Disney+ Hotstar didn’t just allow subscribers to receive OTPs on their existing email address, as some have demanded. Moreover, the service transitioned users away from a working login method without informing them either by email or by sending a notification.
If it’s user security that Disney+ Hotstar is truly worried about here, then you’d think it would consider moving to an app-based two-factor authentication (2FA) system, as is offered by Amazon Prime Video. Experts have shown that SMS-based OTPs are vulnerable. This could occur via fraudulent apps installed on the user device, or on the network end, since text messages aren’t encrypted by default and are stored in plain text en route. The least it could’ve done was offer OTPs on email, which is arguably safer than SMS, and it’s annoying that Disney+ Hotstar can’t — or rather, won’t.
But if it helps, you can still log into existing Disney+ Hotstar accounts with your email address, if you haven’t linked a phone number yet. Now we wait till that becomes mandatory someday.
Can Netflix force Bollywood to reinvent itself? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS. You can also download the episode or just hit the play button below.