Cybercriminals have targeted Roku in a recent credential stuffing attack, resulting in the compromise of over 15,000 customer accounts. Malicious actors obtained login credentials from third-party sources through data breaches unrelated to Roku and used them to access individual Roku accounts. While they were able to change login information and make unauthorized purchases, they did not gain access to sensitive information such as social security numbers or complete payment account numbers.
Roku has responded by identifying and protecting the affected accounts, requiring users to reset their passwords to prevent further unauthorized access. They also checked account activity to ensure no financial charges were incurred by cybercriminals. Roku canceled any unauthorized subscriptions and refunded all charges made by the attackers.
Credential stuffing attacks use stolen credentials to access multiple accounts simultaneously. Cybercriminals often target services where users reuse login information. In this case, attackers used tools like Open Bullet 2 or SilverBullet for the attack and sold stolen credentials on secondary markets.
Roku has advised affected users to reset their passwords through the “my.roku.com” website and recommended using unique and secure passwords for online accounts. They also encouraged users to review their subscriptions and linked devices regularly to monitor account activity. By staying vigilant for possible identity theft or fraud, users can detect and report any suspicious activity to their account provider.
In conclusion, Roku apologized for the incident and assured users that they are continuing to investigate the attack to ensure customer data security. They advised users to monitor their accounts and bank receipts for any unusual activity and to report any concerns promptly. Roku remains committed to protecting user information and preventing further attacks on their platform.
