Your browser is not Javascript enable or you have turn it off. We recommend you to activate for better security reasonOver 15000 Roku TV accounts hacked, sold - FlatpanelsHD

Over 15000 Roku TV accounts hacked, sold

19 Mar 2024 | Rasmus Larsen |

Roku users are urged to check their accounts for unauthorized access or purchases, as the company has disclosed a data breach impacting over 15,000 accounts.

Roku disclosed the data breach on Friday, March 11, stating that 15,363 accounts were hacked in a credential stuffing attack, where reused email addresses and password credentials from another leak were used to access Roku accounts.

However, the Roku accounts were not only breached but also sold for as little as $0.50 per account, according to a report by BleepingComputer.

- "A researcher told BleepingComputer last week that the threat actors have been using a Roku config to perform credential stuffing attacks for months, bypassing brute force attack protections and captchas by using specific URLs and rotating through lists of proxy servers," reported BleepingComputer. "Successfully hacked accounts are then sold on stolen account marketplaces for as little as 50 cents.

Weak Roku security

While attempts at credential stuffing attacks are common, Roku's weak security measures have reportedly made it possible to access accounts and use the credit card on file to purchase media or hardware such as Roku cameras, remotes, soundbars, or streaming boxes. According to BleepingComputer, Roku does not support two-factor authentication either. Roku is the leading TV platform in the US ahead of Amazon's FireTV, Samsung's Tizen, and Android TV. Weak security in Smart TVs is problematic as credit cards and personal data are on file. Some Smart TVs are also connected to smart home devices such as cameras. Apparently, the company's new 'Dispute Resolution Terms' that block the Roku device until a user agrees not to sue the company are in part related to the ongoing credential stuffing attacks, according to a source. Roku said that it has reset the password of affected accounts and in some cases refunded customers for fraudulent purchases. Affected customers must visit the Roku website and click 'forgot password'. - Source: Roku disclosure, BleepingComputer

Sign up for FlatpanelsHD's newsletter

The latest news, in-depth articles, reviews, and exclusives in your inbox.

Latest news

15 Apr 2024 | Rasmus Larsen |
LG webOS vulnerabilities
11 Apr 2024 | Rasmus Larsen |
Camerons 4K releases
10 Apr 2024 | Yoeri Geutskens |
Roku OS 13
10 Apr 2024 | Rasmus Larsen |
TCL monitors
10 Apr 2024 | Rasmus Larsen |
TCL C855
09 Apr 2024 | Rasmus Larsen |
Mortal combat retro
08 Apr 2024 | Rasmus Larsen |
Roku TV
08 Apr 2024 | Rasmus Larsen |