Roku has reported a security breach impacting 15,363 accounts, where hackers accessed stored credit card information and attempted to buy streaming subscriptions. The breach occurred through credential stuffing, using previously exposed login details from third-party data breaches. The attackers changed login credentials and, in cases where credit card details were saved, made unauthorized purchases on services like Netflix and Hulu. The stolen account information is being sold for about 50 cents per account on hacking forums. Roku has responded by securing the affected accounts, prompting password resets, and working to reverse unauthorized transactions. Users are advised to check for potential credential exposure on HaveIBeenPwned and consider updating their Roku passwords.
Read more at: www.theverge.com