More than 15,000 Roku customers were hacked and used to fraudulently purchase hardware and streaming subscriptions. According to BleepingComputer, the attacker “sold the stolen accounts for as little as $0.50 per account, allowing buyers to make illegal purchases using stored credit cards.” is. From the report: Roku first disclosed the data breach on Friday, warning that 15,363 customer accounts had been hacked in a credential stuffing attack. A credential stuffing attack is when a threat actor collects credentials exposed in a data breach and attempts to use them to log into other sites, in this case her Roku.com. The company said that once an account was compromised, the attacker was able to change account information such as passwords, email addresses, and shipping addresses. This effectively locks the user out of his account and allows the threat actor to make purchases using his stored credit card information without the legitimate account holder ever receiving an order confirmation email.
“We believe the same username and password combination was likely used not only for a particular individual's Roku account, but also as a login for a third-party service,” the data breach notification says. It is listed. “As a result, an unauthorized attacker was able to obtain login information from a third-party source and use it to gain access to certain individual Roku accounts.” I changed the Roku login information for the individual Roku accounts I received. Roku said it secured affected accounts and enforced password resets upon detecting the incident. Additionally, Platform Security's team investigated any claims resulting from unauthorized purchases made by the hackers. We have taken steps to cancel the related subscriptions and refund the account holders.
Researchers told BleepingComputer last week that attackers have been using Roku's configuration for several months to carry out credential stuffing attacks, using specific URLs to rotate the list of proxy servers to create brute force attacks. It was said to have bypassed Force attack protection and capture. Accounts that are successfully hacked will be sold on the Stolen Accounts Marketplace for as little as 50 cents. There are 439 accounts for sale as shown below. The sellers of these accounts will provide information on how to change the information on the account to make unauthorized purchases. The person who bought the stolen account used his information to take over the account and used the saved credit card to buy cameras, remotes, soundbars, lights, strips, and streaming boxes. Masu. After making a purchase, he typically shares a screenshot of the edited order confirmation email on his Telegram channel associated with the stolen account marketplace.