Over 15,000 Hacked Roku Accounts Sold for 50 Cents Apiece

Bill Toulas, writing for BleepingComputer:

Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. However, BleepingComputer has learned there is more to this attack, with threat actors selling the stolen accounts for as little as $0.50 per account, allowing purchasers to use stored credit cards to make illegal purchases. [...]

The company says that once an account was breached, it allowed threat actors to change the information on the account, including passwords, email addresses, and shipping addresses. This effectively locked a user out of the account, allowing the threat actors to make purchases using stored credit card information without the legitimate account holder receiving order confirmation emails.

More good news for Roku users, including the fact that Roku first discovered the hack in early January, and waited until now to notify affected users.

Wednesday, 13 March 2024