Roku disclosed a second security breach in two months, disclosing that hackers breached over 576,000 customer accounts. Credential stuffing, a technique that hackers use to access additional accounts without authorization, led to the compromise of Roku customer data.
The cybercriminals used the saved payment information to make illegal purchases of Roku hardware and streaming subscriptions through the hacked accounts less than 400 times, Roku revealed in a statement on Friday. The company assured affected users that they had received reimbursements for these fraudulent transactions.
In spite of the security issue, Roku guaranteed its 80 million subscribers that the hackers could not access private user data or complete payment card information, according to TechCrunch.
Earlier Data Breach Impacted 15,000 Users
When Roku discovered this most recent problem, it was in the midst of alerting nearly 15,000 Roku customers about an earlier credential stuffing attempt.
According to a TechTimes report, the earlier breach, revealed in March, gave hackers access to stored credit card information, enabling them to make unauthorized transactions and sell hundreds of hacked accounts online.
The TV streaming firm discovered the information in records it sent to Maine and California attorneys general, according to reports released on Friday. The public records reveal that the breach impacted a total of 15,363 accounts from December 28, 2023, to February 21, 2024.
The filed documents state that hackers circumvented Roku’s internal procedures to take advantage of the accounts by using login credentials they had acquired from other sources. Threat actors use credential stuffing to enter other systems, leveraging publicly available credentials from previous data breaches.
Read Also: ChatGPT Upgrade: GPT-4 Turbo Model Now Better at Math, Coding, and More
According to Roku, once in, the hackers may change any user information, including passwords, email addresses, and shipping information. However, Roku clarified that the illegal access did not compromise sensitive personal data such as dates of birth, social security numbers, or full payment account details.
(Photo: Justin Sullivan/Getty Images) Roku’s company logo is seen in front of Roku headquarters on November 18, 2022, in San Jose, California.
Roku Users Urged to Create Stronger Passwords
Roku users were unable to access their accounts in the TV streaming platform, allowing threat actors to utilize stolen credit card information for transactions without sending order confirmation emails to legitimate account holders.
Due to cybersecurity concerns, Roku users must utilize two-factor authentication, which needs a time-sensitive code and login credentials. User account credential-stuffing may be prevented with this method.
Roku asks its customers to “be vigilant,” noting any “suspicious communications appearing to come from the company, such as requests to update your payment details, share your username or password, or click on suspicious links.” Roku recommends a “strong, unique password” for user accounts, per CBS News.
“We sincerely regret that these incidents occurred and any disruption they may have caused,” it said. “Your account security is a top priority, and we are committed to protecting your Roku account.”
Related Article: Conservative Think Tank The Heritage Foundation Hit by Cyberattack: Investigation Ongoing
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
