Over 15K Roku Accounts Hacked And Are Being Sold, What To Know
In a notice sent to customers, Roku said hackers obtained login information and tried to purchase streaming subscriptions. The breach allowed hackers to gain access to over 15,000 accounts and stored credit card information. Hackers likely obtained account information exposed in previous data breaches of third-party services, Roku said in a statement.
BleepingComputer reported that threat actors are selling the stolen accounts for as little as $0.50 per account, allowing purchasers to use stored credit cards to make illegal purchases. When Roku first disclosed the data breach, they warned that 15,363 customer accounts were hacked in a credential-stuffing attack.
According to The Verge, this kind of attack, called credential stuffing, involves hackers getting the emails and passwords exposed in data breaches and trying the combination on other services. Once they gained access to an account, Roku hackers changed the login information for some accounts, allowing them to gain full control.
Roku’s Solution
Roku said that it secured the impacted accounts and forced a password reset upon detecting the incident.
Additionally, the platform’s security team investigated any charges due to unauthorized purchases performed by the hackers and took steps to cancel the relevant subscriptions and refund the account holders.
Legitimate account holders who got hijacked must visit “my.roku.com” and click on ‘Forgot password?’ to get a reset link on their email.
After accessing the account, go to the Roku dashboard and review the activity, connected devices, and active subscriptions to ensure everything is legitimate.
Roku does not support two-factor authentication, which can prevent hackers.
Roku is a provider of digital media and streaming. They offer streaming sticks, boxes, home automation kits, sound bars, light strips, and TVs equipped with their own operating system. This system grants users access to popular services such as Netflix, Hulu, and Amazon Prime Video.
As part of its revenue model, Roku facilitates the direct purchase of streaming subscriptions via user accounts. This allows customers to conveniently manage all their streaming services from a single platform.
Yet, in the process of subscribing, Roku securely stores customers’ credit card details within their online accounts for seamless future transactions.
Top Mistakes That Can Get You Hacked
Most people like to think they’re pretty tech-savvy. However, Cobalt Labs, Inc., a platform for security and development, reported that 2,220 cyberattacks occur each day, which equates to 800,000 attacks per year. According to AAG, an IT services company, nearly 1 billion emails were exposed in a single year, affecting 1 in 5 internet users.
In January, there was a data breach that exposed billions of records online. Many outlets referred to this breach as the “Mother of All Breaches.” In a detailed report from CyberNews.com, the leak included websites like Dropbox, Linkedin, and X (formerly known as Twitter). They mentioned in their report that if users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts. They added, “Apart from that, users whose data has been included in supermassive MOAB may become victims of spear-phishing attacks or receive high levels of spam emails.”
Red Flags of Hacking
There are many ways to tell if you have been hacked, from redirected internet searches and unexpected installs to rogue mouse pointers. Some studies show that random pop-ups that quickly appear with links or advertisements can be a sign. Sometimes, one may see fraudulent antivirus warning messages, saying that your computer has been hacked from an antivirus “software” you have never actually installed. This can also be unwanted browser toolbars, emails sent from your email to your contacts, and passwords being declined among other telltale signs.
Avoid Getting Hacked
For many years, people have been told over and over again about the risk of hackers tapping into your technology. Even as technology advances and more and more security software and management techniques are created to prevent these hacks, scammers continue to find ways to break in.
There’s only one sure way to avoid getting hacked. And that’s to never go online. Unfortunately, many of us don’t have that option. So, check out some of the top mistakes that can get you hacked below.
Kayla is the midday host on Detroit’s 105.1 The Bounce. She started her career in radio back in 2016 as an intern at another Detroit station and worked her way here. She's made stops in Knoxville, TN, Omaha, Ne and other places before returning to Detroit. She’s done almost everything in radio from promotions to web, creating content on social media, you name it.
She’s a true Michigander, born and raised. So, you can catch her camping or vacationing up north to exploring the downtown Detroit or maybe even catching a sports game. During her free time, Kayla enjoys watching movies, roller-skating, crafting, and music festivals. She and her husband together dip into many of the great things Michigan has to offer. Together they also like to travel.
A few hobbies of hers include wine and beer tastings, crafting, hiking, roller skating, movies, home improvement projects, gardening, and festivals. She’s always looking to take on more local events happening in the community.
She loves connecting with the community. When writing, Kayla covers topics including lifestyle, pop culture, trending stories, hacks, and urban culture.