Roku announced that nearly 576,000 accounts were affected by a data breach, following an earlier incident impacting 15,000 users. The unauthorized access was due to "credential stuffing," where hackers used stolen login credentials from another source. While some accounts were used to make unauthorized purchases, no sensitive payment information was compromised. Roku has reset passwords, enabled two-factor authentication for all accounts, and is refunding affected customers. They advise users to review their account information, use strong unique passwords, and remain vigilant against identity theft and fraud.
Roku reported a second security breach affecting over 576,000 accounts, with login credentials likely stolen from another source. The company reset passwords for affected accounts, refunded unauthorized purchases, and enabled two-factor authentication for all accounts. While only a small fraction of its 80 million active accounts were affected, Roku is implementing measures to detect and deter future incidents. Users are advised to create strong, unique passwords and remain vigilant for suspicious communications. This is the second breach for Roku in recent months, following a hack that exposed over 15,000 user accounts in March.
Roku experienced its second cyberattack of the year, affecting 576,000 users through credential stuffing, with hackers gaining access to payment methods but not obtaining sensitive information. The company has reset passwords, will refund unauthorized purchases, and enabled two-factor authentication for all accounts to prevent future incidents. Users are advised to check for potential compromises and enhance login security measures.
Streaming giant Roku confirms that over 576,000 user accounts were hacked using credential stuffing, with fewer than 400 accounts used for fraudulent purchases. The company has refunded affected customers and rolled out two-factor authentication to prevent future attacks. No sensitive user information or full credit card details were accessed in the breaches.
Roku has discovered a new data breach affecting 576,000 accounts, following a previous breach impacting 15,000 accounts. The breach, attributed to "credential stuffing," did not expose sensitive information but led to unauthorized purchases. Roku has reset passwords for affected accounts, notified owners, and plans to implement two-factor authentication for all accounts to enhance security.
Roku experienced a second security breach affecting 576,000 user accounts, with fewer than 400 cases involving unauthorized purchases. The company reset passwords, enabled two-factor authentication for all accounts, and is refunding or reversing charges for compromised accounts. No sensitive personal information was accessed, and Roku believes the login credentials used in the attacks were stolen from other sources. Users are advised to create strong, unique passwords and remain vigilant for suspicious communications.
Hackers breached 15,363 Roku accounts, accessing login information and attempting to purchase streaming subscriptions using stored credit card details. The attack, known as credential stuffing, likely leveraged information from previous data breaches of third-party services. While sensitive information like social security numbers and full payment account numbers was not compromised, affected users are advised to reset their passwords and monitor their accounts for unauthorized activity. Roku is working to secure affected accounts and refund unauthorized purchases, while users are encouraged to check if their credentials have been exposed and update their passwords as a precaution.
Chinese smart TV boxes sold on popular online retailers and resale sites were found to be infected with malware called Triada in a campaign named BADBOX. Over 200 models were discovered to have pre-installed malware, with 80% of the tested units infected. The malware delivered over four billion invisible ads per day. In another cybersecurity incident, software firm Blackbaud has settled with attorneys general from all 50 US states for $49.5 million over its deficient data security practices and inadequate response to a ransomware attack in 2020. Additionally, the Qakbot malware operation appears to be persisting despite an international takedown, and genetics firm 23andMe suffered a credential stuffing attack resulting in the theft of personal information, including genetic ancestry results.
An 18-year-old Wisconsin man has been charged with six counts of conspiracy, fraud, and identity theft related to a credential stuffing attack on a fantasy sports and betting site that impacted approximately 60,000 accounts. The charges carry a maximum sentence of 20 years in prison. The indictment did not identify the betting site, but DraftKings later released a statement saying it worked with law enforcement in the investigation. The suspect was found to have programs typically used for credential stuffing attacks and computer files containing nearly 40 million username and password pairs.
An 18-year-old Wisconsin man, Joseph Garrison, has been charged with six counts of conspiracy, fraud, and identity theft related to a credential stuffing attack on a fantasy sports and betting site that impacted approximately 60,000 accounts. The charges carry a maximum sentence of 20 years in prison, if convicted. Garrison surrendered to authorities in New York and was found with programs typically used for credential stuffing attacks and computer files containing nearly 40 million username and password pairs. The indictment did not identify the betting site, but DraftKings later released a statement saying it worked with law enforcement in the investigation.
An 18-year-old Wisconsin man, Joseph Garrison, has been charged with six counts of conspiracy, fraud, and identity theft related to a credential stuffing attack on a fantasy sports and betting site that impacted approximately 60,000 accounts. The charges carry a maximum sentence of 20 years in prison, if convicted. DraftKings confirmed that it was the targeted site and worked with law enforcement in the investigation. FanDuel was also affected by a November cyberattack, but a spokesperson for the sportsbook said they were not materially impacted.
