Smart TV operating system Roku was the victim of a low-level hacking incident in which hundreds of thousands of accounts were accessed. Some users were making purchases on their own accounts.
After 15,000 Roku accounts were compromised in March 2024, the attack was discovered by the company in April 2024, with an additional 576,000 accounts said to have been affected.
According to , a cyberattack known as “credential stuffing” was used. varietythe online thief attempts to log into another online account, in this case Roku, using login credentials obtained from other hacks.
Roku reportedly claimed that its network was not the original source of users’ login credentials.
As for what the “malicious attacker” had access to, Roku said the hacker was able to use the account to make unauthorized purchases of streaming service subscriptions and Roku hardware products. The company says this was done in fewer than 400 cases, representing about 0.07% of the accounts that were compromised.
These accounts have been refunded or their charges reversed.
Additionally, Roku said the hackers did not gain access to sensitive personal information such as full credit card numbers or other payment information. It is unclear how the criminals were able to access the account and make purchases without viewing the non-sensitive data.
In response, Roku reset passwords for all affected accounts and enabled two-factor authentication for all Roku account logins.
“Although the total number of accounts affected is a small fraction of Roku’s more than 80 million active accounts, we have many controls and measures in place to detect and prevent future credential stuffing incidents. ,” the company reported in Variety magazine.
”[W]We sincerely regret that such an incident occurred and any confusion it may have caused. … [Y]The security of our accounts is our top priority and we are committed to protecting your Roku accounts,” Roku added.
Other data breaches
In a not-so-fun April Fool’s Day report, AT&T reported that the personal information of as many as 73 million current and former customers was posted on the dark web. The data breach reportedly also included users’ social security numbers.
“Based on our preliminary analysis, this data set appears to date from before 2019 and impacts approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders,” AT&T said. did.
Meanwhile, DNA mapping company 23andMe has denied fault for a massive data security breach from 2023 and shifted the blame to users who “recycled” their passwords, according to a letter obtained by the company. tech crunch.
The security breach affected 6.9 million 23andMe accounts, nearly half of the company’s users, and sparked dozens of lawsuits.
The hack was also carried out through credential stuffing that opened access to 14,000 user accounts, allowing the hackers to access the data of millions of 23andMe users who opted in to the website’s DNA Relatives feature.
The company’s letter claims that “users have inadvertently reused or failed to update passwords following past security incidents, which are unrelated to 23andMe.”
like blaze news? Avoid censorship and sign up for our newsletter to get articles like this delivered straight to your inbox.? Please register here!
