Roku: More than 15,000 accounts breached

Hackers bought Roku account details for 50 cents each and used these details to lock out the original account owners.

What happened 

On December 28, 2023, and February 21, 2024, Roku faced a security breach affecting 15,363 accounts, leading to unauthorized access to sensitive data. Credit card information was among the compromised data, with evidence indicating purchase attempts. The breach was revealed through filings Roku submitted to the attorneys general offices of Maine and California on March 8. The filing documents disclose that hackers acquired customer credentials from a third-party source and employed a credential stuffing attack to breach Roku accounts. Once inside, the perpetrators altered the login information, effectively locking out the original owners. They also attempted to purchase streaming subscriptions using the stored credit card information. Account holders would not have received confirmation emails for these transactions due to the altered details. 

See also: HIPAA Compliant Email: The Definitive Guide

Going deeper 

BleepingComputer uncovered that Roku does not support two-factor authentication, which is a method used to prevent unauthorized access. This is likely how the hackers could lock out Roku’s account users from their accounts after they had been breached. 

According to a researcher who spoke with BleepingComputer, threat actors have been utilizing Roku config (configuration files) to carry out credential stuffing attacks over the past several months. They have bypassed brute force attack protection and captchas by employing specific URLs while constantly rotating through an array of proxy servers. 

Accounts successfully hacked are being sold on black markets for as little as 50 cents. 

What was said?

According to TechRadar, Roku quickly “secured the accounts from further unauthorized access.” After discovering fraudulent activity, Roku required registered owners to reset their passwords. Roku experts successfully stopped unauthorized subscriptions and refunded all charges made under a user's name.

Roku confirmed that no other sensitive information, like social security numbers, was affected by the breach. They also assured TechRadar, and its users, that their security team are monitoring the platform for any “signs of suspicious activity.”

In the know

Credential stuffing is a cyber attack method where hackers use stolen usernames and passwords, typically acquired from previous data breaches, and attempt to access multiple online accounts on different platforms. They automate the process by using software to input the stolen credentials into login pages, exploiting the tendency of people to reuse passwords across various accounts. This method relies on the assumption that many users use the same login credentials for multiple services, making it easier for hackers to gain unauthorized access to accounts. 

Related: Common password attacks and how to avoid them

Why it matters

The cyberattack on Roku might have been a result of inadequate cybersecurity measures. Had the platform supported security measures like 2FA, account users would have likely not been hacked due to the added layer of security that 2FA offers. 

FAQs

What is the significance of cybersecurity measures?

Cybersecurity measures are essential for protecting against data breaches and other cyber threats. They involve implementing robust security protocols, encryption, access controls, regular software updates, employee training, and monitoring systems to detect and respond to suspicious activities.

How can individuals protect themselves from data breaches?

Individuals can take steps to safeguard their personal information by using strong, unique passwords for each account, enabling two-factor authentication, being cautious of suspicious emails or messages, keeping software and devices up to date, and regularly monitoring financial accounts for any unusual activity.

See also: NIST finalizes HIPAA Security Rule guidance amidst rising breach stats

What role does compliance play in cybersecurity?

Compliance with regulations and industry standards such as GDPR, HIPAA, PCI DSS, and others is crucial for ensuring data protection and cybersecurity. Compliance frameworks provide guidelines and requirements for organizations to follow to mitigate risks and protect sensitive data.