If you have a Roku account, you might want to check your credit card statement, as the streaming service was reportedly breached, with accounts being used to make purchases.
The online world has become inundated with security breaches over the last few years, with everything from user data to financial information being compromised. The culprit is typically lax security on the part of big corporations, resulting in customers being at risk.
This appears to be the case for Roku, with a security breach leading to some serious consequences for its many users.
Roku Accounts Hacked in Breach
According to a security breach notice from Roku, the company was breached at the beginning of the year, giving hackers access to more than 15,000 user credentials. Even worse, the credentials were then sold to third-party services for as little as $0.50 per account.
The hackers in question then used a credential stuffing attack to gain access to accounts, where they were privvy to passwords, email addresses, and shipping addresses. Fortunately, they didn’t get everything.
“However, access to the affected Roku accounts did not provide the unauthorized actors with access to social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification.” – Roku breach notification
Still, access to the accounts allowed hackers to make purchases on the account with stored credit card information, which resulted in fraudulent charges being found on account holder statements.
What Is a Credential Stuffing Attack?
A credential stuffing attack is a kind of cyber-attack that typically follows a security breach that sought to steal user credentials from a particular service. It describes the practice of using the stolen credentials to spam the service in question to gain access to accounts.
It’s a bit more complicated than just a person inputting stolen information, though. In most cases, the process is automated, with a bot being fed the stolen user information and having it try to login in with it as often as possible.
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.
More frustrating is the fact that, because credential stuffing attacks use legitimate user information to access accounts, there aren’t a lot of indicators that the account has been hacked, leading to even more lost data and money.
Check out our online safety guide for more information about hacks
How to Protect Yourself Online
Security breaches like this are frustrating, because there isn’t a lot that individual users can do to protect themselves. This breach is largely the fault of Roku, and it allowed hackers to access thousands of user records, which were then used to steal financial information and make purchases. Even worse, Roku doesn’t allow for two-factor authentication, so you wouldn’t have been able to secure your account any further to keep this from happening.
However, you can take steps to be safer online, even if it won’t save you every time. Password managers are a good place to start, allowing you to store all your credentials in an encrypted vault. They aren’t infallible, of course, but they can help you shore up your online security with complex, unique passwords across your dozens, if not hundreds, of accounts.
The reality is, though, that additional security measures like two-factor authentication are the best way to keep these kinds of attacks at bay. Subsequently, our recommendation for avoiding hacks in the future is to avoid services that don’t allow you to enable the advanced security measure. Otherwise, you’re at the whim of companies like Roku who clearly don’t value your online privacy enough to offer proper security protocols.
