Roku’s Security Breach Exposes Over 15,000 Accounts to Unauthorized Transactions
Roku recently announced a security breach that affected over 15,000 customers, where attackers compromised accounts to conduct unauthorized transactions involving hardware purchases and streaming service subscriptions.
According to information obtained by BleepingComputer, cybercriminals are trading access to these compromised accounts for as low as $0.50 each. This access allows them to exploit stored payment details for illicit transactions.
Roku first made the breach public last Friday, identifying that 15,363 accounts were compromised via a credential-stuffing attack. This cyberattack involves using previously leaked login details to gain unauthorized access to accounts on different platforms, such as Roku’s website.
The breach allowed attackers to alter account details, such as passwords, email, and shipping addresses, effectively locking legitimate users out and facilitating unauthorized purchases without the users’ knowledge.
The company’s statement suggested that the compromised accounts might have shared login credentials with other services, making them vulnerable. Once inside, attackers could modify Roku account details and, in some instances, buy streaming subscriptions.
Upon detecting the breach, Roku took measures to secure the affected accounts, including mandatory password resets. The company’s security team also identified unauthorized charges, cancelled related subscriptions, and refunded the rightful account owners.
Impacted users are advised to reset their passwords via Roku’s website and review their accounts for suspicious
activity, connected devices, or subscriptions. Roku currently lacks a two-factor authentication feature, which could provide an additional layer of security against such attacks.
From Breach to Black Market
BleepingComputer has reported that several cybercriminals are employing tools like Open Bullet 2 and SilverBullet to carry out credential-stuffing attacks. These tools are designed to automate the process of trying to steal usernames
and passwords across various websites, including popular platforms like Netflix, Steam, Chick-fil-A, and Roku.
According to a cybersecurity expert, these attackers have explicitly targeted Roku for months using tailored configurations. These configurations help them circumvent traditional security measures such as brute force protection and CAPTCHA verifications by utilizing specific URLs and cycling through proxy servers.
Once the attackers gain access to an account, they list it for sale on platforms dedicated to trading stolen account credentials. The buyers of these compromised accounts often alter the account details to make unauthorized purchases of electronic items like cameras, remotes, soundbars, light strips, and streaming devices using the saved payment information.
It has also been observed that these individuals tend to boast about their illicit purchases by posting censored confirmation emails on Telegram channels linked to these illegal marketplaces.
Ragul Thangavel
With over nine years of diverse professional experience, Ragul has made significant contributions across various domains, including Media Operations, OTT Technologies, Video Production, Ecommerce, and Social Media.
Holding an Engineering degree, Ragul's career took an unconventional turn when he discovered his passion for writing, leading him to begin his journey as a content writer.
His career has been exclusively dedicated to the growth and development of startups, where he has played a pivotal role. His unique blend of technical knowledge and creative prowess has enabled him to drive innovation and success in every venture he has been a part of.