More than 15,000 Roku accounts were hacked and sold for 50 cents each

Roku has reported a cyberattack that impacted over 15,000 users. The compromised accounts were exploited for fraudulent purchases and subscriptions to streaming services. Moreover, media sources indicate that these hacked accounts are being sold in bulk on the darknet.

Roku is a producer of digital media players and focuses on streaming content, offering streaming sticks, set-top boxes, soundbars, and TVs powered by its specialized operating system. This allows users to access services such as Netflix, Hulu, and Amazon Prime Video.

Additionally, the company enables customers to purchase streaming subscriptions directly through their Roku account, allowing for centralized management of all services. When adding a subscription, Roku stores customers’ bank card information in the account for future purchases.

Roku representatives have now stated that 15,363 user accounts were compromised due to credential stuffing attacks. Following the breach, attackers could alter account information, including passwords, email addresses, and shipping addresses.

Credential stuffing typically refers to situations where usernames and passwords are stolen from one site and then used on another. Attackers have a pre-existing database of credentials (acquired from the darknet or independently gathered) and attempt to use this data to log in to various sites and services, impersonating their victims. In this case, the attacks targeted Roku accounts.

As a result, Roku users were locked out of their accounts, and hackers could make purchases using the victims’ saved bank card information. Legitimate account owners did not receive notification or order confirmation emails since the criminals had previously changed the email address.

Roku stated that after discovering the incident, they secured the affected accounts and enforced password resets. The platform’s security team conducted an investigation, and now the purchases made by the hackers will be canceled, with the owners of the compromised accounts receiving refunds.

According to Bleeping Computer, hackers have been conducting credential stuffing attacks on Roku accounts for several months, bypassing brute force protection and captchas using specific URLs and rotating proxy servers.

Successfully hacked accounts are then sold on the dark web for as little as 50 cents each. For example, the screenshot below shows the sale of 439 accounts at once.

More than 15,000 Roku accounts were hacked and sold for 50 cents each

Furthermore, the account seller provides instructions on how to alter account information to make fraudulent purchases. Those who acquire stolen accounts replace the data with their own and use the saved bank cards to buy cameras, remote controls, soundbars, streaming devices, and so on.

After making purchases, scammers often boast screenshots of order confirmation emails in Telegram channels.

More than 15,000 Roku accounts were hacked and sold for 50 cents each

It’s worth noting that Roku recently changed its dispute resolution policies, preventing users from proceeding until they accepted the new agreement. According to the new terms, users must first personally contact the company’s legal representatives (by phone or video conference) with any claims before filing lawsuits.

More than 15,000 Roku accounts were hacked and sold for 50 cents each

According to the publication, the new rules were partly related to credential stuffing attacks and financial fraud carried out through hacked Roku accounts. However, Roku informed Bleeping Computer that this information is not accurate.

0 / 5

Your page rank:

Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment