Since Disney+ went live last week on Tuesday, November 12, attackers have stolen thousands of customers’ accounts and put them up for sale on the dark web. Well, we’ve got an answer for why this happened, and it’s one we keep repeating over and over—stop reusing passwords across multiple services and websites.

Some users admitted that they reused existing passwords for Disney+, while some denied it. But given the low number of so-called “hacks,” it seems likely that bad password behavior is more to blame than a breach on Disney’s part.

Data breaches are shockingly common these days. If you reuse your login credentials across sites and services, a breach of just one can grant hackers access to all your accounts.

Memorizing passwords is difficult, and everything needs one these days. Fortunately, there’s a solution: Password managers. These programs keep track of all your logins, input them when needed, and can even create randomized passwords for each site and service you use. They’re great, and they make using unique passwords a breeze. Better yet, password managers are reasonably priced, and many even come free if you only need a device or two covered.

One thing Disney+ could do to help users would be to roll out support for multi-factor authentication, a simple solution that would prevent attacks relying on password reuse.

What Disney+ is facing right now is what other streaming services have been fighting against for years. Hacking forums have been overflowing with hacked Amazon Prime, Hulu, and Netflix accounts. The reason hackers are still putting up new accounts for sale on a regular basis is because people are buying.

Our advice for Disney+ account holders is to use unique passwords for their accounts. This won’t prevent malware on their devices from stealing their passwords, but it will prevent the most common scenario of hackers gaining access to accounts just by guessing the password.