Repeat Password Mistakes Lead to Theft of 15,000+ Roku Accounts
Repeat Password Mistakes Lead to Theft of 15,000+ Roku Accounts
In a new breach notice , Roku says that hackers hijacked over 15,000 user accounts and utilized customers’ saved credit card information. However, Roku’s security was not compromised in this breach. This is a case of customers reusing old passwords.
An attack method called credential stuffing is responsible for this breach. Credential stuffing is incredibly simple—hackers take a list of known email and password combinations, dump each one into a website’s login field, and take note of any credentials that produce a successful login. The emails and passwords used in this breach were obtained from previous, unrelated data breaches.
Several individuals or groups may have participated in this attack. They likely used credential-stuffing tools like Open Bullet 2 to automate the attack process. And, as discovered by Bleeping Computer, compromised Roku accounts were sold on Telegram and other platforms for as little as 50¢ apiece. Buyers were encouraged to immediately change the login and recovery details for purchased accounts. In some cases, these buyers also used customers’ credit card information to purchase new streaming subscriptions or Roku hardware.
“Through our investigation, we determined that unauthorized actors had likely obtained certain usernames and passwords of consumers from third-party sources (e.g., through data breaches of third-party services that are not related to Roku)”
According to Roku’s breach notice, 15,363 customer accounts were affected in this breach. The number of accounts that were hit by fraudulent purchases is unknown.
Sensitive materials, such as birthdays or full payment details, were not exposed in this breach. However, hackers are well aware that a successful username and password combination may be reused across several websites or services. You need to stop reusing passwords and consider using a password manager . I also suggest using HaveIBeenPwned to see if your credentials have appeared in a public data breach.
Of course, customers can’t be blamed for this breach. Roku needs to take steps to prevent unauthorized account logins. If a Roku account can make purchases with a credit card, the account should be protected by two-factor authentication and other security systems. Roku currently offers two-factor authentication for its smart home products but does not provide the same protection for streaming accounts.
Roku published its data breach notice on Friday, March 8th. This notice will be sent to affected customers, though Roku has already forced customers to reset their passwords. The company also says that it has identified and reversed fraudulent purchases. You may have received a refund for a fraudulent purchase without realizing it, though you should still take a few minutes to investigate your Roku account and associated credit card bill.
Source: Roku via Bleeping Computer
Also read:
- [New] In 2024, Unveiling Secrets of Hulu Recording Across Windows/MacOS/iOS
- [Updated] 2024 Approved Mastering Viral Videos Creating Engaging Memes for FB/Insta
- 2024 Approved Instagram's Abandoned Followers Map
- Effective Ways To Fix Checkra1n Error 31 From iPhone SE
- How to Track a Lost Itel P55+ for Free? | Dr.fone
- Learning Constraints: The Grammar Factor?
- Ready, Set, Go! Accelerate Your PC's Warmup with Win11 Tips
- Top 10 Netflix Substitutes for Watching Films at No Cost: Explore the Best Options Available
- Troubleshooting Error Connecting to the Apple ID Server From Apple iPhone 6s
- Unveiling the Features of the Toshiba 55LF711U20: Smart Television for Amazon Prime Loyalists
- Unveiling the Potential: A Comprehensive Review of the New Apple iPad - Boosting Productivity with IPadOS
- Unveiling the Power of Google WIFI - Your Perfect Home or Office Networking Fix
- Unveiling the Quality: A Thorough Review of the BYB E430 Swing-Arm Lighting Solution
- Unveiling the Samsung Galaxy Tab S7 – A Premier Option in Mid-Tier Android Tablet Market
- Wondering About ChatGPT Plus Worthiness? Here Are 5 Reasons to Get on Board Now!
- Title: Repeat Password Mistakes Lead to Theft of 15,000+ Roku Accounts
- Author: Steven
- Created at : 2024-10-07 18:32:03
- Updated at : 2024-10-12 21:21:28
- Link: https://buynow-marvelous.techidaily.com/repeat-password-mistakes-lead-to-theft-of-15000plus-roku-accounts/
- License: This work is licensed under CC BY-NC-SA 4.0.