Roku account hack | What the Tech?
ALBUQUERQUE, N.M. (WHAT THE TECH?) — This isn’t the biggest breach in recent years, but it’s an important one to pay attention to, whether you have a Roku account or not.
The credentials, logins and passwords, were leaked and now they’re for sale on the Dark Web for $0.50 each. “Bleeping Computer” discovered an ad showing instructions for the buyer.
It shows how to log into the accounts they purchased. It also shows how to charge things to the credit card, and then change the Roku email and password.
This will prevent the legitimate owner from logging into their accounts and they may not notice anything’s happened until after they get their credit card bill.
Beyond that, this hack is called “credential stuffing”. When a hacker gains access to someone’s password and email address, they begin trying the same combination on other services. If you use the same password for multiple accounts, once it’s stolen, hackers can and will, login and lock you out of those other accounts.
Even if you don’t have a Roku, you should check to see if your passwords and email address have been leaked in a data breach by going to the website haveibeenpwned.com. Notice the spelling there.
Enter your email address to see which services have leaked it. And then, most importantly, check your passwords here. An old and simple password I used a long time ago has been seen 275 times.
If you find one that’s been compromised, change it everywhere it’s being used.
Roku users should log in to their Roku account and verify where they’re logged in. Then, see if there’s an unfamiliar location or device, log out everywhere and change their password.
For more “What the Tech?” stories, click here.