Hackers have stolen data from at least 15,363 Roku users, including credit card information, passwords, and more. According to Roku officials, hackers used information from third-party sources to break into accounts. They then sold user data for just $0.50 per account, according to BleepingComputer.
This effectively lets anyone who wants to pay $0.50 use the credit card stored in the account. While Roku says they have secured affected accounts, you can still take steps to ensure your safety.
Roku stuffing attack
According to Roku, hackers obtained usernames and passwords from a third party. This is called a password-stuffing attack. Hackers will try to use those logins on several websites, hoping to get your personal information. Once they do break into your account, your credit card information, shipping address, email, and password are all susceptible.
Roku has secured accounts and forced password resets on affected accounts. The company also investigated for fraudulent charges, canceled subscriptions, and issued refunds to defrauded users.
MORE: HOW TO FIND OUT WHO’S SPYING ON YOU
Someone else is controlling my Roku
We often hear of people wondering how someone else nearby can get access to their Roku device. Channels may change unexpectedly, content can be cast onto the Roku, or the previously viewed shows may not be recognizable. If this happens, in addition to locking down your wireless home network and following advice in the next section, check your Roku settings for anything unusual. Here’s how.
- On the Roku remote, press the home button to go to the main screen.
- Select “Settings,” then System, find Screen Mirroring, and make sure “none” is selected for others having permission to stream content to your Roku.
- Next, do the same for Remotes by selecting Remotes & devices from the Settings menu. Unless you have permitted others, you should not see any other remote control devices connected except yours.
- Now check the Guest Mode by clicking Guest Mode from the Settings menu. Make sure no other people are shown – who may have access to your Roku in Guest Mode.
- Finally, from the Settings menu, select System, then Advanced System Settings. Click Control by mobile apps and make sure you see either “default” or “disabled” selected so that no one else is using a mobile app to control your Roku.
MORE: HOW TO PROTECT YOURSELF FROM STREAMING HACKS
Roku’s response to the hack
Roku announced the breach in a public memo sent to customers dated March 8th, citing various information on what happened and what the company is doing to combat the issue.
We are committed to maintaining the privacy and security of your Roku account and we are taking this incident very seriously. When we identified potentially impacted Roku accounts, we secured the accounts from further unauthorized access by requiring the registered account holder to reset the password, we investigated account activity to determine whether the unauthorized actors had incurred any charges, and we took steps to cancel unauthorized subscriptions and refund any unauthorized charges.
We did not delay notification as a result of a law enforcement investigation, and we are providing this letter to notify you about these issues, to provide information about how you can further protect yourself, and to let you know that we are continuing our investigation to identify any additional appropriate steps. Finally, our team continues to actively monitor for signs of suspicious activity, to ensure that all customer information and data is kept secure.
What to do if you’ve been hacked
If it has already happened and you’ve been hacked, then you should take immediate action to minimize the damage and secure your device. Here are some steps that you can follow:
Change your Roku passwords
If hackers have recorded your passwords, they could access your online accounts and steal your data or money. ON ANOTHER DEVICE (i.e., your laptop or desktop), you should change your passwords for all your important accounts, such as email, banking, social media, etc. You want to do this on another device so the hacker isn’t’ recording you setting up your new password on your hacked device. And you should also use strong and unique passwords that are hard to guess or crack. You can also use a password manager to generate and store your passwords securely.
Enable two-factor authentication: You’ll want to activate two-factor authentication for an extra layer of security.
Monitor your accounts and transactions
You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or the authorities as soon as possible. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.
Use identity theft protection
Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using Identity Guard includes identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
Special for CyberGuy Readers: Save up to 52% with my top recommendation is Identity Guard.
See my tips and best picks on how to protect yourself from identity theft.
Contact your bank and credit card companies
If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should contact your bank and credit card companies and inform them of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges, and issue new cards for you.
Alert your contacts
If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.
MORE: HACKERS USE PIRATED SOFTWARE TO HIJACK MAC, ANDROID AND WINDOWS DEVICES
Kurt’s key takeaways
Who knew hackers could snag your info for less than a cup of coffee? The good news is Roku took action and locked things down. Plus, we now have a game plan to keep our accounts extra secure. Remember, the key is making it as tough as possible for hackers. Strong passwords, two-factor authentication – that kind of stuff. And keeping an eye on your accounts for anything fishy. If you think you’ve been hacked, don’t panic. Just follow the steps we discussed—changing passwords, checking accounts, and contacting your bank.
Do you think streaming services have a responsibility to do more to protect user data? Why or why not? Let us know in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
1 comment