CALLED IT
This is the best summary I could come up with:
Roku has disclosed a breach that allowed hackers to gain access to 15,363 accounts and stored credit card information, as first reported by Bleeping Computer.
In a notice sent to customers, Roku says hackers obtained login information and tried to purchase streaming subscriptions in a “limited number” of instances.
Hackers likely obtained account information exposed in previous data breaches of third-party services, Roku says.
This kind of attack, called credential stuffing, involves hackers getting the emails and passwords exposed in data breaches and trying the combination on other services.
If the account had stored credit card info, hackers could also purchase subscriptions within Roku for services such as Netflix, Max, Paramount Plus, Hulu, Peacock, Disney Plus, and others.
Bleeping Computer also found that hackers are selling the stolen information for around 50 cents per account on a hacking marketplace.
The original article contains 247 words, the summary contains 139 words. Saved 44%. I’m a bot and I’m open source!
The headline is misleading. Roku didn’t get hacked and leak accounts. There were ~15000 customers that had accounts accessed due to credential stuffing. Aka, they reused passwords on other sites that had leaks and hackers tried those credentials on their Roku accounts and got into them.
Yeah, but then both OP and The Verge wouldn’t have such a juicy headline for sick internet points and clicks.
It’s more accurate to say “~15,000 Roku users were hacked due to reused passwords”, and reusing passwords is one of the worst things you can do security-wise because if your password got leaked on one website (doesn’t even need to be the full password, just the hash would work), you are now entirely compromised everywhere you reuse that password.
Assuming the hashes aren’t salted. Salting has been standard for years if not decades at this point.
But of course that won’t stop people from rejecting mature libraries and rolling their own insecure implementations.
welp, just changed my password to something ridiculous, good looking out.
You weren’t at risk unless you regularly re-use passwords.
Wasn’t their Roku account at risk?
Only if they reused passwords. Roku didn’t get hacked.
Bad actors used credentials leaked in other hacks to gain access to accounts that use the same password everywhere.
I understand that. So can I assume Roku forced everyone to change their password then?