While investigating a previous attack, Roku found itself experiencing a second cyberattack.
What happened?
Smart TV provider Roku revealed that it encountered a second cyberattack affecting approximately 576,000 additional accounts.
This incident was discovered while investigating a previous breach that impacted 15,000 user accounts earlier in the year. While the hackers did not manage to access sensitive information like full credit card numbers or payment details, fewer than 400 accounts experienced unauthorized purchases of streaming service subscriptions and hardware products using the payment methods stored in those accounts.
The backstory
Roku experienced a security breach affecting 15,363 accounts between December 28 and February 21, 2024, allowing unauthorized access to sensitive data, including credit card information. Hackers used a credential stuffing attack to alter login information and attempted to purchase streaming subscriptions using stored data, preventing account holders from receiving confirmation emails. In response to these security challenges, Roku announced the implementation of two-factor authentication for all accounts to enhance security measures.
The breach was revealed through filings Roku submitted to the attorneys general offices of Maine and California on March 8, 2024.
Go deeper: Roku: More than 15,000 accounts breached
In the know
Credential stuffing is a cyberattack tactic employed by hackers who use stolen usernames and passwords obtained from past data breaches to infiltrate online accounts across diverse platforms. Cyberattackers streamline the process by utilizing automated tools to input these stolen credentials into login interfaces, capitalizing on individuals' inclination to recycle passwords across multiple accounts. This approach benefits from the widespread practice of users employing identical login details for various services, making it easier for hackers to gain unauthorized access to their accounts.
Related: Common password attacks and how to avoid them
Why it matters
While still investigating a previous breach, a second one occurred. The longer it takes for cyberattacks to be resolved, the worse the "initial" attack will be because cybercriminals continue to have access to sensitive information.
The fact that over half a million additional accounts were impacted raises concerns about the security of user data and the potential for financial losses due to unauthorized purchases. While Roku reassured users that sensitive information like full credit card numbers was not compromised, the incident still emphasizes the effectiveness of robust security measures like multi-factor authentication to prevent unauthorized access to personal accounts.
FAQs
How can individuals protect themselves from cyber threats?
Individuals can protect themselves from cyber threats by using strong, unique passwords for each online account, enabling two-factor authentication (2FA), keeping software and systems updated with the latest security patches, being cautious of suspicious emails or messages, and using reputable antivirus and security software.
See also: 5 Steps to improve password security in healthcare
How can I identify a credential stuffing attack?
Identifying a credential stuffing attack requires vigilance and awareness of certain sign:
- Multiple failed login attempts
- Unusual account activity
- Login from unfamiliar locations or devices
- Increased traffic or server load
- Patterns of failed logins
Tshedimoso Makhene
