More than 15,000 accounts hacked in a security breach of a streaming service | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

The streaming service Roku has announced that a security breach allowed a group of hackers to access 15,363 user accounts and store credit card information.

Roku states in a notice sent to customers, which was echoed by Bleeping Computer, that hackers obtained login information and attempted to purchase streaming subscriptions in a “limited number” of cases.

According to Roku, it is most likely that hackers obtained this information from accounts exposed in previous hacks of other services. In this type of attack, known as “credential stuffing”, hackers obtain exposed emails and passwords from data breaches and test the same combination on other services.

Once they gained access to the accounts, the Roku hackers changed the login information of some of them, allowing them to take full control.

If the account had stored credit card information, the hackers could also purchase subscriptions within Roku for other services such as Netflix, Disney+, Max, Paramount Plus, Hulu, Peacock, and others. Bleeping Computer also discovered that the hackers are selling the stolen information for about 50 cents per account on a hacking marketplace.

The good news in all this is that Roku accounts did not reveal sensitive data, such as social security numbers, complete payment account numbers, or dates of birth. Roku claims to have “protected accounts from future unauthorized access” by asking affected users to reset their passwords. The service is also working to cancel and refund unauthorized purchases.

Even if this leak didn’t affect you, we recommend checking the website HaveIBeenPwned, where you can see if any of your email addresses have been compromised in recent hacks.

fbq(‘init’, ‘448368701978882’);
fbq(‘track’, ‘PageView’);


Click Here For The Original Story From This Source.


National Cyber Security