Is your Roku safe? Massive data breach exposes thousands of accounts
Hackers have stolen data from at least 15,363 Roku users, including credit card information, passwords and more.
According to Roku officials, hackers used information from third-party sources to break into accounts. They then sold user data for just $0.50 per account, according to BleepingComputer.
This effectively lets anyone who wants to pay 50 cents use the credit card stored in the account.
While Roku says they have secured affected accounts, you can still take steps to ensure your safety.
According to Roku, hackers obtained usernames and passwords from a third party. This is called a password stuffing attack. Hackers will try to use those logins on several websites, hoping to get your personal information. Once they do break into your account, your credit card information, shipping address, email, and password are all susceptible.
FRENCH GOVERNMENT HIT WITH 'UNPRECEDENTED' WAVE OF CYBERATTACKS
Roku has secured accounts and forced password resets on affected accounts. The company also investigated for fraudulent charges, canceled subscriptions and issued refunds to defrauded users.
MORE: HOW TO FIND OUT WHO'S SPYING ON YOU
We often hear of people wondering how someone else nearby can get access to their Roku device. Channels may change unexpectedly, content can be cast onto the Roku or the previously viewed shows may not be recognizable. If this happens, in addition to locking down your wireless home network and following advice in the next section, check your Roku settings for anything unusual. Here’s how.
MORE: HOW TO PROTECT YOURSELF FROM STREAMING HACKS
Roku announced the breach in a public memo sent to customers dated March 8, citing various information on what happened and what the company is doing to combat the issue:
"We are committed to maintaining the privacy and security of your Roku account and we are taking this incident very seriously. When we identified potentially impacted Roku accounts, we secured the accounts from further unauthorized access by requiring the registered account holder to reset the password, we investigated account activity to determine whether the unauthorized actors had incurred any charges, and we took steps to cancel unauthorized subscriptions and refund any unauthorized charges.
"We did not delay notification as a result of a law enforcement investigation, and we are providing this letter to notify you about these issues, to provide information about how you can further protect yourself, and to let you know that we are continuing our investigation to identify any additional appropriate steps. Finally, our team continues to actively monitor for signs of suspicious activity, to ensure that all customer information and data is kept secure."
If it has already happened and you’ve been hacked, then you should take immediate action to minimize the damage and secure your device. Here are some steps that you can follow.
If hackers have recorded your passwords, they could access your online accounts and steal your data or money. ON ANOTHER DEVICE (i.e., your laptop or desktop), you should change your passwords for all your important accounts, such as email, banking, social media, etc. You want to do this on another device, so the hacker isn’t recording you setting up your new password on your hacked device. And you should also use strong and unique passwords that are hard to guess or crack. You can also use a password manager to generate and store your passwords securely.
Enable two-factor authentication: You'll want to activate two-factor authentication for an extra layer of security.
You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or the authorities as soon as possible. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.
GET FOX BUSINESS ON THE GO BY CLICKING HERE
Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number and email address and alert you if it is being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.
If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should contact your bank and credit card companies and inform them of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges and issue new cards for you.
If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.
MORE: HACKERS USE PIRATED SOFTWARE TO HIJACK MAC, ANDROID AND WINDOWS DEVICES
Who knew hackers could snag your info for less than a cup of coffee? The good news is Roku took action and locked things down. Plus, we now have a game plan to keep our accounts extra secure. Remember, the key is making it as tough as possible for hackers. Strong passwords, two-factor authentication — that kind of stuff. And keeping an eye on your accounts for anything fishy. If you think you've been hacked, don't panic. Just follow the steps we discussed — changing passwords, checking accounts and contacting your bank.
Do you think streaming services have a responsibility to do more to protect user data? Why or why not? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you'd like us to cover.
Answers to the most-asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.