Over 15,000 Roku Accounts Hacked in Security Breach
By Movieguide® Contributor
Roku recently disclosed that a security breach hacked over 15,000 accounts, using those accounts to attempt to purchase streaming subscriptions.
According to the Bleeping Computer, “On Friday, Roku first disclosed the data breach, warning that 15,363 customer accounts were hacked in a credential stuffing attack. A credential stuffing attack is when threat actors collect credentials exposed in data breaches and then attempt to use them to log in to other sites, in this case, Roku.com.”
The company explained that unauthorized actors likely “obtained certain usernames and passwords of consumers from third-party sources (that is, through data breaches of third-party services that are not related to Roku),” per Variety.
The company wrote, “It appears likely that the same username/password combinations had been used as login information for such third-party services as well as certain individual Roku accounts.”
“However, access to the affected Roku accounts did not provide the unauthorized actors with access to social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification,” the statement continued.
To provide better security for their customers, Roku took multiple action steps.
“When we identified potentially impacted Roku accounts, we secured the accounts from further unauthorized access by requiring the registered account holder to reset the password, we investigated account activity to determine whether the unauthorized actors had incurred any charges, and we took steps to cancel unauthorized subscriptions and refund any unauthorized charges,” the company noted.
Roku has done all it can to resolve the issues caused by the breach, and the streaming service is now asking consumers to take extra precautions to protect themselves from a similar incident.
Roku urged its customers to “Review the subscriptions and the devices linked to your Roku account. You can access that information from your Roku account dashboard. Always use a strong unique password for each of your online accounts. Remain vigilant against incidents of identity theft and fraud by monitoring your account activity, account statements, credit reports, and other online account information for suspicious activity and to report any suspicious activity promptly to your account provider or other applicable institutions.”
Movieguide® previously reported on Meta users’ accounts being hacked:
Forty-one state attorneys general have demanded immediate action from Meta due to the “dramatic increase” in account takeovers and lockouts occurring on Facebook and Instagram.
“Account takeovers are not a new phenomenon. This issue affects all social media platforms and other online accounts as well,” the attorneys general wrote in a joint letter to Meta’s chief legal officer, Jennifer Newstead. “However, the frequency and persistence of account takeover on Meta-owned platforms puts it in a league of its own.”
During an account takeover or lockdown, a bad actor will obtain access to a legitimate user’s account before switching their passwords and locking them out. The hacker may then use the account to message friends and family to scam them or to blackmail the original user, demanding money to restore access to the account.
- Content: +1Share:
- Content: +4