Roku hit with second major breach of 2024, this time affecting 576,000 users

Share via:


Roku says it found another cyberattack on Friday that affected 576,000 users. This is the second breach to affect the company since March.

Roku says the attackers used the login information of account holders, a technique called credential stuffing, to gain access to the streaming service and the payment methods of some users. The hackers were then able to use partial credit card numbers from “about 400 cases” to make unauthorized purchases for subscriptions to streaming services and Roku devices. But the company said the hackers did not get sensitive information like full credit card numbers and addresses. 

The hackers used a method called credential stuffing, in which malicious actors take stolen usernames and passwords and try these credentials on different services. Roku says it’s possible third-party sources provided the login information. Hackers used the same method in March when 15,000 Roku user accounts were compromised and obtained credit card information. 

Roku says it has reset the passwords for affected accounts. It will refund or reverse charges for any purchases hackers made for the small number of users whose payment methods were used.

The company also enabled two-factor authentication for all 80 million active Roku accounts, even for users whose information was not part of the breach. It will send users a verification link to set their two-factor authentication. Requiring additional login steps, the company says, will help its security team “detect and deter future credential stuffing incidents.” 

As always, even if your account was not affected by the hack, it never hurts to check Have I Been Pwned? and to enable more login security measures.  



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Roku hit with second major breach of 2024, this time affecting 576,000 users


Roku says it found another cyberattack on Friday that affected 576,000 users. This is the second breach to affect the company since March.

Roku says the attackers used the login information of account holders, a technique called credential stuffing, to gain access to the streaming service and the payment methods of some users. The hackers were then able to use partial credit card numbers from “about 400 cases” to make unauthorized purchases for subscriptions to streaming services and Roku devices. But the company said the hackers did not get sensitive information like full credit card numbers and addresses. 

The hackers used a method called credential stuffing, in which malicious actors take stolen usernames and passwords and try these credentials on different services. Roku says it’s possible third-party sources provided the login information. Hackers used the same method in March when 15,000 Roku user accounts were compromised and obtained credit card information. 

Roku says it has reset the passwords for affected accounts. It will refund or reverse charges for any purchases hackers made for the small number of users whose payment methods were used.

The company also enabled two-factor authentication for all 80 million active Roku accounts, even for users whose information was not part of the breach. It will send users a verification link to set their two-factor authentication. Requiring additional login steps, the company says, will help its security team “detect and deter future credential stuffing incidents.” 

As always, even if your account was not affected by the hack, it never hurts to check Have I Been Pwned? and to enable more login security measures.  



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Trump says he wants to keep TikTok around ‘for...

With a US TikTok ban scheduled to take...

The biggest flops and fizzles in 2024 transportation, from...

Autonomous vehicle technology and electrification startups were once...

Indian edtech unicorn Vedantu cuts losses by 58%

It was supported by a 21% increase in...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!