Following an investigation into unusual activity regarding login attempts using personal information from third-party data breaches, Roku said it has found over half a million additional accounts impacted by this problem.
In March 2023, Roku said hackers managed to access the accounts of 15,363 US residents following credential-stuffing activity that lasted a few months.
Basically, attackers used credentials from other data breaches and tried them on Roku. Since around 30 to 40 percent of users tend to use the same password on multiple accounts, compromising Roku accounts wasn’t difficult.
When the company investigated the initial problem, it found some 576,000 additional accounts were caught in this attack.
“There is no indication that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident,” said the company. “Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials.”
The problem is not necessarily that other people accessed the account, although this is a serious issue. It turns out that criminals, in around 400 cases, logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware using the payment method stored in these accounts. The good news is they had no access to credential card information.
Of course, Roku has reset all passwords for the affected accounts and notified the customers. More importantly, the company has enabled two-factor authentication (2FA) for all Roku accounts, even for those the recent incidents didn’t affect.
Use Bitdefender Digital Identity Protection to considerably improve your digital privacy and take action immediately after a breach. Key features include:
tags
Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.
View all postsDecember 24, 2024
December 19, 2024
November 14, 2024