1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Roku confirms second major cyberattack over 500,000 accounts tho

    From TechnologyDaily@1337:1/100 to All on Mon Apr 15 12:30:04 2024
    Roku confirms second major cyberattack over 500,000 accounts thought to be
    at risk

    Date:
    Mon, 15 Apr 2024 12:17:47 +0000

    Description:
    Roku resets user passwords and sets up mandatory MFA, but some customers were charged for extra services.

    FULL STORY ======================================================================

    Top TV streaming service Roku has confirmed suffering a second major cyberattack, with this one affecting more than half a million users.

    Late last week, Roku said that unnamed threat actors engaged in a second wave of credential stuffing attack, during which they managed to compromise
    576,000 accounts.

    In the first wave, roughly 15,000 accounts were breached. Compromised Gitlab

    After concluding our investigation of this first incident, we notified affected customers in early March and continued to monitor account activity closely to protect our customers and their personal information. Through this monitoring we identified a second incident, which impacted approximately 576,000 additional accounts, the company said in a breach notification.

    "There is no indication that Roku was the source of the account credentials used in these attacks or that Rokus systems were compromised in either incident.

    Accessing accounts this way is always dangerous, as threat actors can obtain
    a vast database of valuable, personally identifiable information.

    However, in this incident, they did more than that, apparently: "In less than 400 cases, malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in these accounts, but they did not gain access to any
    sensitive information, including full credit card numbers or other full payment information."

    Credential stuffing is a type of attack in which hackers first obtain login credentials elsewhere (for example, on a dark web forum), and then try them
    on different services to see if they work. They often do, since many people use the same username/password combination across multiple services.

    Roku said its servers were not the source of the data leak, and to tackle the issue, it reset the passwords for everyone involved, and set up mandatory multi-factor authentication (MFA). Even those accounts that were not compromised in this attack are now forced to use MFA.

    Via BleepingComputer More from TechRadar Pro Decathlon employee data leaked online following breach Here's a list of the best firewalls around today
    These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/roku-confirms-second-major-cyberattack- over-500000-accounts-thought-to-be-at-risk


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)