In this photo illustration, the Disney + logo is displayed on the screen of an Apple MacBook Pro computer on November 08, 2019 in Paris, France. Chesnot | Getty Images

Thousands of Disney+ user accounts have been stolen by hackers and put up for sale on the dark web, according to multiple reports. Disney+ is the new subscription-based streaming service from Disney that was officially launched last Tuesday. Just hours after the service was rolled out, hackers hijacked user accounts and were either offering them for free on hacking forums or selling them for prices between $3 to $11, according to investigations by news site ZDNet.

Users said hackers were accessing their Disney+ accounts, logging them out of their devices and then changing the email and password associated with that account, according to ZDNet. The BBC also reported that it found hacked customer accounts for sale on the dark web. A spokesperson for Disney told CNBC the company "takes the privacy and security of our users' data very seriously and there is no indication of a security breach on Disney+."

It is likely that some users may have used the same email and password for multiple sites, including Disney+, and their credentials could've been stolen during previous security breaches at other companies. A cybersecurity expert told CNBC that when hackers obtain large databases, they use various means to take over an account, including something known as "credential stuffing." It "happens when the attacker automates the process of trying usernames and password on a targeted site," said Etay Maor, chief security officer at cyberintelligence company IntSights. He explained that such a method is powerful because "many people use the same password on multiple websites. This allows the attacker to 'test' and see if the password from the obtained database was used on the targeted site."