Hackers probably obtained account data uncovered in earlier information breaches of third-party companies, Roku says. This sort of assault, known as credential stuffing, entails hackers getting the emails and passwords uncovered in information breaches and making an attempt the mixture on different companies. As soon as they gained entry to an account, Roku hackers modified the login data for some accounts, permitting them to realize full management.
If the account had saved bank card information, hackers may additionally buy subscriptions inside Roku for companies equivalent to Netflix, Max, Paramount Plus, Hulu, Peacock, Disney Plus, and others. Bleeping Pc additionally discovered that hackers are promoting the stolen data for round 50 cents per account on a hacking market.
One saving grace is that the Roku accounts didn’t reveal social safety numbers, full fee account numbers, or dates of delivery. Roku says it has since “secured the accounts from additional unauthorized entry” by asking affected customers to reset their passwords. It’s additionally working to cancel and refund unauthorized purchases. Even if you happen to weren’t affected by this information breach, it nonetheless may be price checking HaveIBeenPwned to see if any of your credentials have been uncovered lately. It additionally couldn’t harm to vary your Roku password.
