More than 15,000 Roku accounts affected by credential stuffing cyberattack

Roku has warned of a recent credential stuffing attack in which cybercriminals They managed to access more than 15,000 customer accounts to fraudulently purchase services and products using stored credit card information and then sell these accounts so that other buyers can make other fraudulent purchases.

The TV streaming platform has stressed that they take the privacy and security of their customers “very seriously” and, as part of their commitment to protecting user information, they have warned about a cybersecurity incident that has affected to multiple customer accounts.

READ ALSO: Honor Magic6 Lite: we tested the mid-range smartphone that has more than one reason to stand out | REVIEW

Recently, the Roku team detected suspicious activity indicating that certain customer accounts may have been compromised by malicious actors and, after conducting an investigation, they have confirmed that 15,363 accounts have been affected with unauthorized access in which cybercriminals attempted to purchase streaming service subscriptions.

As the company explained in an information document sent to its clients, after detecting the suspicious activity, they carried out an investigation to determine the scope of the attack, identify the accounts that had been affected and locate the personal information that may have been compromised.

Thus, the investigation detailed that unauthorized agents had obtained login credentials – usernames and passwords – from third-party sources, that is, through data breaches from services that were not related to Roku.

Afterwards, cybercriminals tried using these stolen login credentials to try to access Roku accounts. As a result, they found that some customers had used the same username and password combinations as logins for these third-party services, as well as for individual Roku accounts.

In this way, malicious actors were able to access more than 15,000 individual Roku accounts and, once inside, change the login information to prevent the account holder from accessing the service.

Even, as indicated by the company, “in a limited number of cases” cybercriminals used stored credit card information to purchase subscriptions to streaming services to which Roku offers access, such as Netflix or Amazon Prime Video, from the account of the affected users.

READ ALSO: The humanoid robot Figure 01 can now have conversations with humans thanks to OpenAI AI | VIDEO

Despite gaining access to users’ accounts, Roku has emphasized that malicious actors did not have access to sensitive information such as social security numbers, full payment account numbers, dates of birth or other information. staff.

Likewise, it has also stressed that, once the affected accounts were identified, they were protected from unauthorized access by asking the account holder to reset the password. Likewise, account activity was also checked to ensure that the cybercriminals had not incurred any financial charges.

Roku detected the account leak through credential theft. (ROKU/)

Following this line, Roku has stated that it canceled any possible subscriptions that were not authorized and refunded all financial charges in case the cybercriminals had made a purchase.

Account Disclosure

These types of attacks are known as credential stuffing, a modus operandi in which malicious actors use a set of stolen credentials to attempt to access multiple accounts at once. This is a method used by cybercriminals because users commonly repeat credentials in different services.

READ ALSO: TikTok, the social network that became the bone of contention between the United States and China

Following this line, as Bleeping Computer has learned, cybercriminals have used the Open Bullet 2 or SilverBullet tools to carry out these credential stuffing attacks.

Likewise, after obtaining access to these accounts, the same media has indicated that the unauthorized actors also began to disclose the users’ stolen access credentials, selling them to buyers for $0.50 per account, in secondary online markets and Telegram.

With the sale of these accounts, information on how to use it and make fraudulent purchases is included. Thus, buyers of these accounts used the stored credit cards to purchase other types of ‘hardware’ products to which Roku also offers access, such as cameras, sound bars or light strips.

How to protect your Roku account

For those users with affected accounts, Roku has indicated that they must visit the website ‘my.roku.com’ and click on ‘Forgot your password?’, after which they will receive a log-in link in their email.

READ ALSO: AMD: “When a new technology appears, Peru is one of the main countries to incorporate it”

In order to increase the protection of streaming service accounts, Roku has encouraged users to use a unique, secure password for each of the online services and accounts they use.

Likewise, it is also recommended that users review the subscriptions and devices linked to the Roku account, so that they take into account where the session is open and what services are available.

Finally, Roku has highlighted the importance of staying alert for potential incidents of identity theft and fraud. To do this, he advises periodically monitoring account activity, as well as keeping an eye on bank receipts, to detect any suspicious activity. This way, if any out-of-place movement is detected, users can contact the account provider or the company.

With all this, Roku has shared that it regrets this event and has apologized for any inconvenience caused to users. In addition, he has stated that they continue to carry out an investigation to determine if additional measures are necessary. Likewise, they also continue to look for signs of suspicious activity to prevent this attack from happening again, as well as to keep customer data safe.

Source: Elcomercio