A post from TV streaming company Roku has warned users that 576,000 accounts were hacked in a credential stuffing attack. And apparently there was another incident that compromised 15,000 accounts in early March:
Earlier this year, Roku’s security monitoring systems detected an increase in unusual account activity. After a thorough investigation, we determined that unauthorized actors had accessed about 15,000 Roku user accounts using login credentials (i.e. usernames and passwords) stolen from another source unrelated to Roku through a method known as “credential stuffing.”
And:
After concluding our investigation of this first incident, we notified affected customers in early March and continued to monitor account activity closely to protect our customers and their personal information. Through this monitoring we identified a second incident, which impacted approximately 576,000 additional accounts.
Now none of that is good. But at least Roku is doing two things. First they are enabling two factor authentication which should mitigate this attack. And second is that they let affected users know and reset their passwords. The post has additional steps that you can take. So I would suggest that you have a look at that so that you can protect yourself further. My advice would be to change your Roku password to something complex and unique as having unique passwords for all your online services is the best way to protect yourself from a credential stuffing attack.
UPDATE: Experts with both Approov and Horizon3.ai offer their perspective on this:
Ted Miracco, CEO, Approov Mobile Security:
“While Roku’s efforts to implement two-factor authentication (2FA) and reset passwords for compromised accounts are commendable initial steps, they are woefully inadequate in the context of modern cybersecurity demands. The reliance on traditional security measures like 2FA and merely managing credentials exposes a fundamental misunderstanding of the current threat landscape, especially concerning API security.
“Today’s digital environment, where APIs serve as crucial gateways to vast amounts of sensitive user data, requires a much more robust defense strategy than what Roku has proposed. APIs, particularly those interfaced with mobile devices, are often the target of sophisticated bot attacks that cannot be thwarted by simple credential management or basic authentication protocols.
“A truly effective security posture demands the integration of advanced measures such as app attestation and token-based access controls. App attestation ensures that only legitimate, untampered versions of an application can interact with critical backend services, effectively neutralizing many potential threats at the source. Similarly, token-based access to APIs can provide a more secure and controlled method of managing interactions between devices and backend services, ensuring that each request is authenticated, authorized, traceable and short-lived.
“Roku’s response, while a step in the right direction, falls short of leveraging these advanced protective measures. It is imperative for Roku to enhance their security architecture beyond conventional methods to safeguard against the increasingly sophisticated and varied attack vectors of today’s cyber threats. Failure to do so could not only jeopardize user security but could also erode trust in Roku’s commitment to genuinely protecting its users.”
Stephen Gates, Principal Security SME, Horizon3.ai:
“As highlighted in our 2023 Year in Review, Proactive Cybersecurity Unleashed, credentials are still the number one issue we observe as the root cause of a data or account breach. Today’s attackers don’t typically use sophisticated hacking tools and techniques like zero-day exploits to gain access to a network or user account; they simply log in with legitimate user credentials they stole through phishing campaigns or some other breach where credentials were compromised. From something as simple as a stolen credential, attackers can easily achieve domain compromise, host compromise, sensitive data exposure, critical infrastructure compromise, or ransomware exposure.”
Like this:
Like Loading...
Related
This entry was posted on April 14, 2024 at 8:51 am and is filed under Commentary with tags Hacked, Roku. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Roku Has Apparently Been The Victim Of A Credential Stuffing Attack
A post from TV streaming company Roku has warned users that 576,000 accounts were hacked in a credential stuffing attack. And apparently there was another incident that compromised 15,000 accounts in early March:
Earlier this year, Roku’s security monitoring systems detected an increase in unusual account activity. After a thorough investigation, we determined that unauthorized actors had accessed about 15,000 Roku user accounts using login credentials (i.e. usernames and passwords) stolen from another source unrelated to Roku through a method known as “credential stuffing.”
And:
After concluding our investigation of this first incident, we notified affected customers in early March and continued to monitor account activity closely to protect our customers and their personal information. Through this monitoring we identified a second incident, which impacted approximately 576,000 additional accounts.
Now none of that is good. But at least Roku is doing two things. First they are enabling two factor authentication which should mitigate this attack. And second is that they let affected users know and reset their passwords. The post has additional steps that you can take. So I would suggest that you have a look at that so that you can protect yourself further. My advice would be to change your Roku password to something complex and unique as having unique passwords for all your online services is the best way to protect yourself from a credential stuffing attack.
UPDATE: Experts with both Approov and Horizon3.ai offer their perspective on this:
Ted Miracco, CEO, Approov Mobile Security:
“While Roku’s efforts to implement two-factor authentication (2FA) and reset passwords for compromised accounts are commendable initial steps, they are woefully inadequate in the context of modern cybersecurity demands. The reliance on traditional security measures like 2FA and merely managing credentials exposes a fundamental misunderstanding of the current threat landscape, especially concerning API security.
“Today’s digital environment, where APIs serve as crucial gateways to vast amounts of sensitive user data, requires a much more robust defense strategy than what Roku has proposed. APIs, particularly those interfaced with mobile devices, are often the target of sophisticated bot attacks that cannot be thwarted by simple credential management or basic authentication protocols.
“A truly effective security posture demands the integration of advanced measures such as app attestation and token-based access controls. App attestation ensures that only legitimate, untampered versions of an application can interact with critical backend services, effectively neutralizing many potential threats at the source. Similarly, token-based access to APIs can provide a more secure and controlled method of managing interactions between devices and backend services, ensuring that each request is authenticated, authorized, traceable and short-lived.
“Roku’s response, while a step in the right direction, falls short of leveraging these advanced protective measures. It is imperative for Roku to enhance their security architecture beyond conventional methods to safeguard against the increasingly sophisticated and varied attack vectors of today’s cyber threats. Failure to do so could not only jeopardize user security but could also erode trust in Roku’s commitment to genuinely protecting its users.”
Stephen Gates, Principal Security SME, Horizon3.ai:
“As highlighted in our 2023 Year in Review, Proactive Cybersecurity Unleashed, credentials are still the number one issue we observe as the root cause of a data or account breach. Today’s attackers don’t typically use sophisticated hacking tools and techniques like zero-day exploits to gain access to a network or user account; they simply log in with legitimate user credentials they stole through phishing campaigns or some other breach where credentials were compromised. From something as simple as a stolen credential, attackers can easily achieve domain compromise, host compromise, sensitive data exposure, critical infrastructure compromise, or ransomware exposure.”
Share this:
Like this:
Related
This entry was posted on April 14, 2024 at 8:51 am and is filed under Commentary with tags Hacked, Roku. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.