Roku Discloses 576,000 Account Hacks in Credential Stuffing Attacks

by | Apr 15, 2024 | News

Post Views: 542

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Reading Time: 3 Minutes

Roku has issued a warning after discovering that approximately 576,000 user accounts were compromised in a series of credential stuffing attacks, marking a significant escalation following a similar incident disclosed earlier in March.

The streaming platform revealed that threat actors exploited login information stolen from other online platforms to gain unauthorized access to a large number of active Roku accounts. Credential stuffing attacks involve automated tools attempting to log in using stolen user/password pairs, particularly effective when users reuse credentials across multiple platforms.

“After concluding our investigation of [the] first incident, we continued to monitor account activity closely and identified a second incident, which impacted approximately 576,000 additional accounts,” Roku stated on Friday.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Roku emphasized that the compromised credentials were not sourced from its systems, and there’s no evidence of a direct compromise of Roku’s infrastructure in either incident.

Of the affected accounts, fewer than 400 experienced unauthorized purchases of streaming subscriptions and Roku hardware products using stored payment methods. However, no sensitive payment information, such as full credit card numbers, was accessed by the attackers.

Threat actors leveraging credential stuffing attacks often use tools like Open Bullet 2 or SilverBullet to compromise accounts, which are then sold on illicit marketplaces for minimal costs, alongside guidance on making fraudulent purchases.

Stolen Roku accounts sold for as little as $0.50 (BleepingComputer)

Roku response

In response to the breach, Roku has reset passwords for all impacted accounts, initiated direct notifications to affected customers, and will refund unauthorized charges on affected accounts.

Trending: 10 Misconceptions about Hacking

Additionally, Roku has implemented two-factor authentication (2FA) and enabled it by default for all customer accounts, regardless of whether they were impacted by the recent attacks.

Roku advises users to create strong, unique passwords for their accounts and remain vigilant against phishing attempts or suspicious requests for login credentials.

This breach comes on the heels of a previous incident in March, where over 15,000 Roku accounts were compromised, underscoring the importance of robust security measures for the platform’s more than 80 million active users.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link