Roku
has
disclosed
a
breach
that
allowed
hackers
to
gain
access
to
15,363
accounts
and
stored
credit
card
information,
as
first
reported
by
Bleeping
Computer.
In
a
notice
sent
to
customers,
Roku
says
hackers
obtained
login
information
and
tried
to
purchase
streaming
subscriptions
in
a
“limited
number”
of
instances.
Hackers
likely
obtained
account
information
exposed
in
previous
data
breaches
of
third-party
services,
Roku
says.
This
kind
of
attack,
called
credential
stuffing,
involves
hackers
getting
the
emails
and
passwords
exposed
in
data
breaches
and
trying
the
combination
on
other
services.
Once
they
gained
access
to
an
account,
Roku
hackers
changed
the
login
information
for
some
accounts,
allowing
them
to
gain
full
control.
If
the
account
had
stored
credit
card
info,
hackers
could
also
purchase
subscriptions
within
Roku
for
services
such
as
Netflix,
Max,
Paramount
Plus,
Hulu,
Peacock,
Disney
Plus,
and
others.
Bleeping
Computer
also
found
that
hackers
are
selling
the
stolen
information
for
around
50
cents
per
account
on
a
hacking
marketplace.
One
saving
grace
is
that
the
Roku
accounts
didn’t
reveal
social
security
numbers,
full
payment
account
numbers,
or
dates
of
birth.
Roku
says
it
has
since
“secured
the
accounts
from
further
unauthorized
access”
by
asking
affected
users
to
reset
their
passwords.
It’s
also
working
to
cancel
and
refund
unauthorized
purchases.
Even
if
you
weren’t
affected
by
this
data
breach,
it
still
might
be
worth
checking
HaveIBeenPwned
to
see
if
any
of
your
credentials
have
been
exposed
recently.
It
also
couldn’t
hurt
to
change
your
Roku
password.
(Originally posted by Emma Roth)
Comments