Roku has over 15,000 accounts hacked and sold on the dark web

Roku repors a data breach that compromised over 15,000 customer accounts. Roku is a company that specializes in digital media players for streaming entertainment to consumer's TVs.

The breach was the result of a credential stuffing attack, where threat actors use credentials from previous data breaches to access accounts on other platforms.

In this case, the attackers targeted Roku.com, succeeding in changing account details such as passwords, email addresses, and shipping addresses, thus locking out legitimate users. This enabled them to make unauthorized purchases using the stored credit card information without the account holders being notified.

The stolen accounts were also being sold for as low as $0.50 each on the dark web, allowing buyers to make illegal purchases of hardware and streaming subscriptions using the stored credit card details.

Roku responded by securing the affected accounts and enforcing a password reset. They also investigated any unauthorized charges, cancelling relevant subscriptions and issuing refunds where necessary. However, Roku does not currently support two-factor authentication, a feature that could prevent account hijacks even if credentials are compromised.