Disney+ hit the streaming scene this month like a meteor, sending ripples through the film and television streaming world. Customer bases shifted around as Netflix and Hulu users changed their subscriptions, work flows slowed as people dug into world of Marvel, Star Wars, Nat Geo and Disney content on the new service, young Yoda memes flooded the web.

But not long after that much-anticipated launch, hackers somehow obtained the password and login info for thousands of Disney+ accounts and started selling them the on the dark web.

The first black market Disney+ accounts started going up for illegal-sale just days after the streaming service started. And naturally, customers took to the web to vent about their inconsolable frustration that they they’d been digitally burgled of their $7-a-month subscription streaming service.

The hackers who had gained access were selling the hacked accounts for around $11 per.

So what happened? Disney has checked their servers and they say there is no evidence of a hack or security breach of any kind. They adamantly deny that this was an issue on their end.

“We have found no evidence of a security breach,” Disney said in a statement about the hacks. “We continuously audit our security systems and when we find an attempted suspicious login we proactively lock the associated user account and direct the user to select a new password.”

Which means that the most likely explanation for the leaked account info is something known as “credential stuffing” — a basic form of hacking wherein, the hacker(s) will plug username/password info that they’ve had success with in the past, into a new platform. That’s why, when this new streaming service launched, hackers were waiting with baited breath to start credential stuffing Disney+ like a porn star in a gangbang: not only would it give them account information to sell, but it would also give them new leads on credentials to try on different accounts elsewhere around the web.

Credential stuffing certainly isn’t rocket science, but it’s also apparently pretty effective. And it targets a very specific, and vulnerable group of individuals: people who use the same username/password combo for every single one of their online accounts.

That should be unsettling for anyone who had their Disney+ account hacked. If it happened to your Disney+ account, it could very well happen to any other account you use that same login information for. Whether that’s your bank, your Venmo, your healthcare, your Facebook, Twitter, even the computer you use — they’re all at risk of being hacked if they still have the same credentials as your hacked Disney+ account.

So, if that’s you, if you use the same info for every account and your Disney+ account was one of those that ended up on the Dark Web, it’s in your best interest to go through and change your passwords up.

No, nobody likes to keep track of a thousand different passwords, but it’s worth it to maintain the security of your online accounts. Keep a list, create a pattern, maintain different passwords for your most important accounts, do something, anything to make it harder for hackers like these to hoodwink you.

Then, at least you’ll be able to sit back and enjoy your Disney+ account with some peace of mind.