Over 15K Roku Accounts Hacked And Are Being Sold, What To Know

In a notice sent to customers, Roku said hackers obtained login information and tried to purchase streaming subscriptions. The breach allowed hackers to gain access to over 15,000 accounts and stored credit card information. Hackers likely obtained account information exposed in previous data breaches of third-party services, Roku said in a statement.

BleepingComputer reported that threat actors are selling the stolen accounts for as little as $0.50 per account, allowing purchasers to use stored credit cards to make illegal purchases. When Roku first disclosed the data breach, they warned that 15,363 customer accounts were hacked in a credential-stuffing attack.

According to The Verge, this kind of attack, called credential stuffing, involves hackers getting the emails and passwords exposed in data breaches and trying the combination on other services. Once they gained access to an account, Roku hackers changed the login information for some accounts, allowing them to gain full control.

Roku said that it secured the impacted accounts and forced a password reset upon detecting the incident.

Additionally, the platform's security team investigated any charges due to unauthorized purchases performed by the hackers and took steps to cancel the relevant subscriptions and refund the account holders.

Legitimate account holders who got hijacked must visit "my.roku.com" and click on 'Forgot password?' to get a reset link on their email.

After accessing the account, go to the Roku dashboard and review the activity, connected devices, and active subscriptions to ensure everything is legitimate.

Roku does not support two-factor authentication, which can prevent hackers.

Roku is a provider of digital media and streaming. They offer streaming sticks, boxes, home automation kits, sound bars, light strips, and TVs equipped with their own operating system. This system grants users access to popular services such as Netflix, Hulu, and Amazon Prime Video.

As part of its revenue model, Roku facilitates the direct purchase of streaming subscriptions via user accounts. This allows customers to conveniently manage all their streaming services from a single platform.

Yet, in the process of subscribing, Roku securely stores customers' credit card details within their online accounts for seamless future transactions.

Most people like to think they're pretty tech-savvy. However, Cobalt Labs, Inc., a platform for security and development, reported that 2,220 cyberattacks occur each day, which equates to 800,000 attacks per year. According to AAG, an IT services company, nearly 1 billion emails were exposed in a single year, affecting 1 in 5 internet users.

In January, there was a data breach that exposed billions of records online. Many outlets referred to this breach as the "Mother of All Breaches."  In a detailed report from CyberNews.com, the leak included websites like Dropbox, Linkedin, and X (formerly known as Twitter). They mentioned in their report that if users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts. They added, "Apart from that, users whose data has been included in supermassive MOAB may become victims of spear-phishing attacks or receive high levels of spam emails."

There are many ways to tell if you have been hacked, from redirected internet searches and unexpected installs to rogue mouse pointers. Some studies show that random pop-ups that quickly appear with links or advertisements can be a sign. Sometimes, one may see fraudulent antivirus warning messages, saying that your computer has been hacked from an antivirus "software" you have never actually installed. This can also be unwanted browser toolbars, emails sent from your email to your contacts, and passwords being declined among other telltale signs.

For many years, people have been told over and over again about the risk of hackers tapping into your technology. Even as technology advances and more and more security software and management techniques are created to prevent these hacks, scammers continue to find ways to break in.

There's only one sure way to avoid getting hacked. And that's to never go online. Unfortunately, many of us don't have that option. So, check out some of the top mistakes that can get you hacked below.

Many of us are still using the same password across many different accounts. While it's pretty common, it's not a good habit to have. If you're reusing passwords for multiple websites and accounts, a hacker could potentially use that password to log into those accounts. Nobody wants to have to remember a 16-digit password for every single one of their accounts, especially when getting locked out of a computer or platform at the most inconvenient time. But if a security breach were to happen, that's one less problem to worry about. Like, remembering which accounts are at risk of a threat.

Personal data exposure is really a thing. When you share personal information on social media, you expose yourself to the risk of identity theft and fraud. According to the New York Institute of Technology, Cybercriminals can use the information you share, such as your full name, date of birth, and location, to impersonate you or launch targeted attacks. Most people know that sharing sensitive information such as your car information, address, work history, or phone numbers can make you vulnerable. But some people forget that this information can also be identified through pictures and innocent as sharing your new car photo or your child's first day of school photo.

Hackers can use unsecured Wi-Fi connections to distribute malware. If you allow file-sharing across a network, the hacker can easily plant infected software on your computer. Free public Wi-Fi is available almost everywhere at places like restaurants, hotels, airports, bookstores, and even retail outlets. But public wi-fi comes with risks. "Hackers can also use an unsecured Wi-Fi connection to distribute malware. If you allow file-sharing across a network, the hacker can easily plant infected software on your computer," said Kaspersky, a tech company. Some people highly recommended looking into a VPN to encrypt internet traffic and keep your data hidden.

Clicking on a suspicious link or phishing link can sometimes set off a malware download that often contains malicious files. According to Aura, a credit monitoring platform, these links are capable of collecting information stored on your device. Hackers can steal credit card numbers, bank account numbers, usernames and passwords, and other personal information. If you’ve clicked on a phishing link, Cyber Tec Security suggest completely disconnecting from the internet.

The last thing many of us want to do is update our software. But there are many reasons why it's important to do so. Software updates not only fix and improve problems with your software it also helps you avoid hackers. According to the University of Idaho, software updates often include patches that fix vulnerabilities or bugs that hackers can exploit to access your system or data. "By installing the latest updates, you can reduce the risk of cyberattacks and protect your personal and business information," they said.

One of the most effective things you can do to protect your online accounts is turning on multi-factor, or two-factor, authentication for as many of your accounts as possible. This method often uses a piece of information such as a code generated by an app or sent to your phone alongside a password. Two-factor authentication adds an additional layer of security to the authentication process. According to Tech Target, using multi-factor authentication makes it harder for attackers to gain access to a person's devices or online accounts. Most companies have this in place for their employers but it's something you can use for personal emails too.