Submitted 3 months ago by KingThrillgore@lemmy.ml to technology@lemmy.world
https://www.theverge.com/2024/3/12/24098398/roku-hackers-breach-credit-card-info
CALLED IT
The headline is misleading. Roku didn’t get hacked and leak accounts. There were ~15000 customers that had accounts accessed due to credential stuffing. Aka, they reused passwords on other sites that had leaks and hackers tried those credentials on their Roku accounts and got into them.
Yeah, but then both OP and The Verge wouldn’t have such a juicy headline for sick internet points and clicks.
It’s more accurate to say “~15,000 Roku users were hacked due to reused passwords”, and reusing passwords is one of the worst things you can do security-wise because if your password got leaked on one website (doesn’t even need to be the full password, just the hash would work), you are now entirely compromised everywhere you reuse that password.
That’s… very very different.
I don’t know if this qualifies as a proper hack. The attackers simply tried to reuse leaked credentials from other services to see if they worked on Roku.
It’s technically hacking according to the legal definition, but Roku isn’t at fault.
…they still forced everyone into arbitration over it
Just report this a clickbait and let the mods remove it. If Roku didnt get hacked, then that title has no reason to be here.
Good. Now burn to the ground and disappear from existence.
I’m a big proponent of self-hosting. I cancelled every streaming service years ago, and I host everything I want with Jellyfin and Navidrome. I’m very into certain genres of music, so I always make sure to buy merch or buy some albums on Bandcamp for the artists I really enjoy.
That being said, Roku does have its place. My older family members have lived their whole lives paying for shitty cable TV with 90% of the content something they have no interest in. Roku is a good alternative for them. It’s easy to set up, straightforward to use, and doesn’t cost much outside of the subscriptions for streaming services.
It’s been years since I’ve consumed any media that isn’t coming from my NAS, but the vast majority of people don’t have the knowledge or desire to set up a home media system. Mainstream smart-TV devices like Roku and streaming services like Netflix or Hulu certainly still have their place. They’re a shitty choice for people who enjoy tinkering with software and networking, but a good alternative for someone who just wants to watch TV but is fed up with the bullshit commercial-infested cesspool that is cable.
Also they’re a cheap TV you can install Plex and Jellyfin and the like to (I get that the cheapness comes from data theft and shit)
I buy Roku TVs because the other 50 inch panel I can get is $200 more and I plan to never use anything but the self-hosting, anyway
It’s also why my elderly relatives buy them and then ask me to set up my magic streaming box for them
This is the best summary I could come up with:
Roku has disclosed a breach that allowed hackers to gain access to 15,363 accounts and stored credit card information, as first reported by Bleeping Computer.
In a notice sent to customers, Roku says hackers obtained login information and tried to purchase streaming subscriptions in a “limited number” of instances.
Hackers likely obtained account information exposed in previous data breaches of third-party services, Roku says.
This kind of attack, called credential stuffing, involves hackers getting the emails and passwords exposed in data breaches and trying the combination on other services.
If the account had stored credit card info, hackers could also purchase subscriptions within Roku for services such as Netflix, Max, Paramount Plus, Hulu, Peacock, Disney Plus, and others.
Bleeping Computer also found that hackers are selling the stolen information for around 50 cents per account on a hacking marketplace.
The original article contains 247 words, the summary contains 139 words. Saved 44%. I’m a bot and I’m open source!
Needing a credit card just to use Roku has always been nonsense. I bought a gift card, spent all but $1 of it, and registered with that.
But I’ve since moved to Nvidia shield on the theater and onn on bedroom, office. Much better experience all around.
This, together with the recent "accept this new TOS that you'll never sue us or you can't access your TV" incident, makes me want to stay a good number of meters away from anything Roku.
I use privacy. Link current card so you can create merchant cards with restrictions. If it gets hacked just delete the card and create a new one. Also if you got charged once another charge from another merchant will not work. I can worry about 1 less thing in life, until privacy gets hacked…
I just got a $20 raspberry pi and sail the seven seas, streaming companies hate me.
welp, just changed my password to something ridiculous, good looking out.
You weren’t at risk unless you regularly re-use passwords.
Wasn’t their Roku account at risk?
Very misleading title
How in the hell do you find a 3 word title misleading?
Hackers didn’t hack roku. They “hacked” people who were dumb enough to reuse old, compromised passwords from other services. That is a very big difference from OPs title “roku got hacked”.
It is good for roku to disclose this, but the issue is that people reuse passwords.
God damn. Some people just want to argue and it doesn’t matter about what.
To provide perspective. Let’s pretend this title isn’t misleading (it is, but we’re playing Pretend), as of the fourth quarter of 2023, Roku reported a total of around 80 million active accounts worldwide. 15k accounts amount to 0.019% of active users.
If history is anything to go by, the initial report is often the tip of the iceberg.
Read the article. It’s not their fault.
Although what happened IS illegal.
qwertyqwertyqwerty@lemmy.one 3 months ago
Huh. It kind of puts that very recent mandatory arbitration agreement into question, doesn’t it?
pearsaltchocolatebar@discuss.online 3 months ago
Not really. This is just another case of people reusing passwords that have already been compromised from other leaks. Roku isn’t on the hook for this one.