CALLED IT

  • skysurfer@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    9 months ago

    The headline is misleading. Roku didn’t get hacked and leak accounts. There were ~15000 customers that had accounts accessed due to credential stuffing. Aka, they reused passwords on other sites that had leaks and hackers tried those credentials on their Roku accounts and got into them.

    • Poggervania@kbin.social
      link
      fedilink
      arrow-up
      0
      ·
      9 months ago

      Yeah, but then both OP and The Verge wouldn’t have such a juicy headline for sick internet points and clicks.

      It’s more accurate to say “~15,000 Roku users were hacked due to reused passwords”, and reusing passwords is one of the worst things you can do security-wise because if your password got leaked on one website (doesn’t even need to be the full password, just the hash would work), you are now entirely compromised everywhere you reuse that password.

      • catloaf@lemm.ee
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        9 months ago

        Assuming the hashes aren’t salted. Salting has been standard for years if not decades at this point.

        But of course that won’t stop people from rejecting mature libraries and rolling their own insecure implementations.