CALLED IT

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    1
    ·
    8 months ago

    This is the best summary I could come up with:


    Roku has disclosed a breach that allowed hackers to gain access to 15,363 accounts and stored credit card information, as first reported by Bleeping Computer.

    In a notice sent to customers, Roku says hackers obtained login information and tried to purchase streaming subscriptions in a “limited number” of instances.

    Hackers likely obtained account information exposed in previous data breaches of third-party services, Roku says.

    This kind of attack, called credential stuffing, involves hackers getting the emails and passwords exposed in data breaches and trying the combination on other services.

    If the account had stored credit card info, hackers could also purchase subscriptions within Roku for services such as Netflix, Max, Paramount Plus, Hulu, Peacock, Disney Plus, and others.

    Bleeping Computer also found that hackers are selling the stolen information for around 50 cents per account on a hacking marketplace.


    The original article contains 247 words, the summary contains 139 words. Saved 44%. I’m a bot and I’m open source!

  • skysurfer@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 months ago

    The headline is misleading. Roku didn’t get hacked and leak accounts. There were ~15000 customers that had accounts accessed due to credential stuffing. Aka, they reused passwords on other sites that had leaks and hackers tried those credentials on their Roku accounts and got into them.

    • Poggervania@kbin.social
      link
      fedilink
      arrow-up
      0
      ·
      8 months ago

      Yeah, but then both OP and The Verge wouldn’t have such a juicy headline for sick internet points and clicks.

      It’s more accurate to say “~15,000 Roku users were hacked due to reused passwords”, and reusing passwords is one of the worst things you can do security-wise because if your password got leaked on one website (doesn’t even need to be the full password, just the hash would work), you are now entirely compromised everywhere you reuse that password.

      • catloaf@lemm.ee
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        8 months ago

        Assuming the hashes aren’t salted. Salting has been standard for years if not decades at this point.

        But of course that won’t stop people from rejecting mature libraries and rolling their own insecure implementations.