Roku reports cyber breach impacting 576,000 accounts

Compromised data was used to make unauthorised purchases in fewer than 400 cases

Roku reports cyber breach impacting 576,000 accounts

Image:
Roku reports cyber breach impacting 576,000 accounts

Roku, a leading streaming service provider, has warned 576,000 of its users that their accounts have been compromised in a cyber breach discovered during an ongoing investigation into a previous intrusion from March.

Rather than directly compromising Roku's network through a security flaw, the hackers employed a "credential-stuffing" attack, the company said.

This technique involves hackers using previously leaked usernames and passwords to gain unauthorised access to user accounts, particularly when users use the same credentials across multiple platforms.

Roku said there is no evidence indicating it was the source of the account credentials used in these attacks, and that neither of Roku's systems were compromised in either incident.

Despite the scale of the breach, the company assured its users that the hackers did not manage to access any sensitive data such as full credit card numbers or other payment details. However, the company did acknowledge that in fewer than 400 cases, the compromised data was used to make unauthorised purchases of hardware products and streaming service subscriptions.

The purchases were made using the payment methods stored in the affected accounts.

In response to the breach, Roku says it has taken steps to address the situation. The company has committed to refunding or reversing charges for the accounts where unauthorised purchases were made as a result of the attack.

As a precautionary measure, the company has reset the passwords for the affected accounts and is rolling out two-factor authentication across all user accounts to enhance security measures.

According to BleepingComputer, threat actors are employing credential stuffing technique using tools like Open Bullet 2 or SilverBullet to breach Roku accounts. These hacked accounts are subsequently sold for as little as $0.50 in illegal online marketplaces.

The sellers also provide instructions on how to use the stolen accounts for unauthorised purchases.

Roku, which boasts more than 80 million active accounts, has advised its users to create unique and strong passwords for their accounts and to enable two-factor authentication as an additional layer of security.

Cybersecurity experts have often warned against the dangers of using the same credentials across different platforms, emphasising the importance of using unique passwords for each online account to minimise the risk of unauthorised access.

Roku provides a variety of streaming devices, home automation kits, sound bars, and various other products powered by its specialised operating system, allowing users to access services such as Netflix, Amazon Prime Video, and Hulu.

To generate revenue, Roku permits customers to buy streaming subscriptions directly via their Roku account, consolidating all their streaming services into one account. Upon adding a subscription, Roku securely stores customers' credit card details in their online accounts to simplify future purchases.

Last month, Roku disclosed another data breach impacting more than 15,000 customers, amid reports that compromised accounts were being sold for as little as $0.50 each.

At that time, Roku said it had secured the affected accounts and initiated a password reset as soon as the breach was detected.