Account credentials were listed across various online black markets, with some users claiming to be unable to log in after their email address and password were changed.
More than 10 million people have already subscribed to Disney+ since it launched last week, despite technical issues preventing some users from accessing the platform.
Disney claims that its security systems have not been compromised, saying in a statement that it “takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+”.
Some cyber security experts speculated that login credentials may have been acquired through previous hacks, as many people use the same email and password combination for multiple online accounts.
“The Disney+ hack is a classic example of credential stuffing – hackers using password and email combinations, stuffing them into the sign-in page and seeing what results they get,” Andrew Martin, CEO of cyber security firm DynaRisk, told The Independent.
“It is likely that some users may have used the same email and password for multiple sites, including Disney+, and their credentials could have been stolen during previous security breaches at other companies.
Disney+ logins on the dark web were first discovered by ZDNet, who reported seeing them for sale at prices between $3 and $11.
Listings seen by DynaRisk revealed that some login credentials were being shared for free.
Mr Martin said it once again highlighted the importance of using unique passwords for all online accounts, as well as extra security measures like two-factor authentication when possible.
Other experts also warned of a recent spike in illegal streaming links being shared online that claim to offer free ways to watch Disney+ content.
Many of these links may lead to scam sites designed to steal private data or spread dangerous malware.
“Bogus streaming links offering the latest shows but actually giving nothing but fake surveys and downloads spike whenever a new show launches, but an entire channel was always going to increase the target area,” said Chris Boyd, lead malware analyst at MalwareBytes.
“Staggering rollout will only make the problem worse, and the various technical hitches suffered during the Disney+ rollout has meant a strong interest in torrents, even in areas the service is available," he said.