Roku Security Breach: Over 15K Users Compromised by Password Recycling
Roku Security Breach: Over 15K Users Compromised by Password Recycling
In a new breach notice , Roku says that hackers hijacked over 15,000 user accounts and utilized customers’ saved credit card information. However, Roku’s security was not compromised in this breach. This is a case of customers reusing old passwords.
An attack method called credential stuffing is responsible for this breach. Credential stuffing is incredibly simple—hackers take a list of known email and password combinations, dump each one into a website’s login field, and take note of any credentials that produce a successful login. The emails and passwords used in this breach were obtained from previous, unrelated data breaches.
Several individuals or groups may have participated in this attack. They likely used credential-stuffing tools like Open Bullet 2 to automate the attack process. And, as discovered by Bleeping Computer, compromised Roku accounts were sold on Telegram and other platforms for as little as 50¢ apiece. Buyers were encouraged to immediately change the login and recovery details for purchased accounts. In some cases, these buyers also used customers’ credit card information to purchase new streaming subscriptions or Roku hardware.
“Through our investigation, we determined that unauthorized actors had likely obtained certain usernames and passwords of consumers from third-party sources (e.g., through data breaches of third-party services that are not related to Roku)”
According to Roku’s breach notice, 15,363 customer accounts were affected in this breach. The number of accounts that were hit by fraudulent purchases is unknown.
Sensitive materials, such as birthdays or full payment details, were not exposed in this breach. However, hackers are well aware that a successful username and password combination may be reused across several websites or services. You need to stop reusing passwords and consider using a password manager . I also suggest using HaveIBeenPwned to see if your credentials have appeared in a public data breach.
Of course, customers can’t be blamed for this breach. Roku needs to take steps to prevent unauthorized account logins. If a Roku account can make purchases with a credit card, the account should be protected by two-factor authentication and other security systems. Roku currently offers two-factor authentication for its smart home products but does not provide the same protection for streaming accounts.
Roku published its data breach notice on Friday, March 8th. This notice will be sent to affected customers, though Roku has already forced customers to reset their passwords. The company also says that it has identified and reversed fraudulent purchases. You may have received a refund for a fraudulent purchase without realizing it, though you should still take a few minutes to investigate your Roku account and associated credit card bill.
Source: Roku via Bleeping Computer
Also read:
- [New] Elicit Entertainment Giphy's Meme Makers
- [New] Perfecting Live Broadcasts with Streamlabs OBS Tips for 2024
- [Updated] In 2024, Three Methods to Capture YouTube Images for Mac/Windows Users
- How To Restore Missing Music Files from Y100t
- PlayStation's New Era: Examine These Four Reasons to Upgrade
- Precision and Elegance Melded in the H8i's Sound
- QuietComfort Pro Canal Plugs Reviews
- Review of LightZone Pro: Top-Quality Photo Editing Suite for PCs and Macs
- Should I Jump on Apple Watch's Newest Model?
- The Art of Influencing Amplifying Instagram Post Reach
- Transforming Patient Reach Top FB Med Ad Tactics
- Title: Roku Security Breach: Over 15K Users Compromised by Password Recycling
- Author: Steven
- Created at : 2024-09-27 19:25:53
- Updated at : 2024-10-01 19:37:43
- Link: https://buynow-marvelous.techidaily.com/roku-security-breach-over-15k-users-compromised-by-password-recycling/
- License: This work is licensed under CC BY-NC-SA 4.0.