Roku hit with second major breach of 2024, this time affecting 576,000 users

Share via:


Roku says it found another cyberattack on Friday that affected 576,000 users. This is the second breach to affect the company since March.

Roku says the attackers used the login information of account holders, a technique called credential stuffing, to gain access to the streaming service and the payment methods of some users. The hackers were then able to use partial credit card numbers from “about 400 cases” to make unauthorized purchases for subscriptions to streaming services and Roku devices. But the company said the hackers did not get sensitive information like full credit card numbers and addresses. 

The hackers used a method called credential stuffing, in which malicious actors take stolen usernames and passwords and try these credentials on different services. Roku says it’s possible third-party sources provided the login information. Hackers used the same method in March when 15,000 Roku user accounts were compromised and obtained credit card information. 

Roku says it has reset the passwords for affected accounts. It will refund or reverse charges for any purchases hackers made for the small number of users whose payment methods were used.

The company also enabled two-factor authentication for all 80 million active Roku accounts, even for users whose information was not part of the breach. It will send users a verification link to set their two-factor authentication. Requiring additional login steps, the company says, will help its security team “detect and deter future credential stuffing incidents.” 

As always, even if your account was not affected by the hack, it never hurts to check Have I Been Pwned? and to enable more login security measures.  



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Roku hit with second major breach of 2024, this time affecting 576,000 users


Roku says it found another cyberattack on Friday that affected 576,000 users. This is the second breach to affect the company since March.

Roku says the attackers used the login information of account holders, a technique called credential stuffing, to gain access to the streaming service and the payment methods of some users. The hackers were then able to use partial credit card numbers from “about 400 cases” to make unauthorized purchases for subscriptions to streaming services and Roku devices. But the company said the hackers did not get sensitive information like full credit card numbers and addresses. 

The hackers used a method called credential stuffing, in which malicious actors take stolen usernames and passwords and try these credentials on different services. Roku says it’s possible third-party sources provided the login information. Hackers used the same method in March when 15,000 Roku user accounts were compromised and obtained credit card information. 

Roku says it has reset the passwords for affected accounts. It will refund or reverse charges for any purchases hackers made for the small number of users whose payment methods were used.

The company also enabled two-factor authentication for all 80 million active Roku accounts, even for users whose information was not part of the breach. It will send users a verification link to set their two-factor authentication. Requiring additional login steps, the company says, will help its security team “detect and deter future credential stuffing incidents.” 

As always, even if your account was not affected by the hack, it never hurts to check Have I Been Pwned? and to enable more login security measures.  



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

D2C Insider hoists the D2C Flag in Mumbai for...

D2C Insider, a leading platform for direct-to-consumer (D2C) brands,...

New UK crypto regulations will include stablecoins and staking...

The U.K. is set to create an all-encompassing...

IIT Bombay’s Incubator To Float INR 100 Cr Tech-Focused...

SUMMARY The fund aims to invest in 1,000 startups...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!