Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Streaming Platform. Show all posts

Roku Data Breach: Over 15,000 Accounts Compromised; Data Sold for Pennies

 

A data breach impacting more than 15,000 consumers was revealed by streaming giant Roku. The attackers employed stolen login credentials to gain unauthorised access and make fraudulent purchases. 

Roku notified customers of the breach last Friday, stating that hackers used a technique known as "credential stuffing" to infiltrate 15,363 accounts. Credential stuffing is the use of exposed usernames and passwords from other data breaches to attempt to enter into accounts on other services. These attacks started in December 2023 and persisted until late February 2024, as per the company. 

Bleeping Computer was the first to reveal the hack, pointing out that attackers used automated tools to undertake credential-stuffing assaults on Roku. The hackers were able to bypass security protections using techniques such as specific URLs and rotating proxy servers. 

In this case, hackers probably gained login credentials from previous hacks of other websites and attempted to use them on Roku accounts. If successful, they could change the account information and take complete control, locking users out of their own accounts. 

The publication also uncovered that stolen accounts are being sold for as few as 50 cents each on hacking marketplaces. Purchasers can then employ the stored credit card information on these accounts to purchase Roku gear, such as streaming devices, soundbars, and light strips. 

Roku stated that hackers used stolen credentials to acquire streaming subscriptions such as Netflix, Hulu, and Disney Plus in some instances. The company claims to have safeguarded the impacted accounts and required password resets. Furthermore, Roku's security team has discovered and cancelled unauthorised purchases, resulting in refunds for affected users. 

Fortunately, the data breach did not compromise critical information such as social security numbers or full credit card information. So hackers should be unable to perform fraudulent transactions outside of the Roku ecosystem. However, it is recommended that you update your Roku password as a precaution. 

Even if you were not affected, this is a wake-up call that stresses the significance of proper password hygiene. Most importantly, change your passwords every few months and avoid using the same password across multiple accounts whenever possible.

Netflix Password-Sharing Crackdown will Roll Out Worldwide Early Next Year

 

After the fall in subscriber base in the first two quarters of this year, popular streaming platform Netflix will now charge an extra fee from users for sharing their passwords starting early next year. 

After allowing customers to transfer their profiles to new accounts, the streamer says it will start letting users create sub-accounts in line with its plans to “monetize account sharing” more widely. 

The streaming giant confirmed it will roll out the $6.99 / month ad-supported tier, called Basic, on November 3rd in the US, Australia, Brazil, Canada, France, Germany, Italy, Japan, Korea, Mexico, Spain, and the UK. However, the company did not reveal how much subscribers will be charged for sharing their passwords with other users in India. 

Before implementing the password-sharing fee system, Netflix tested the scheme in Chile, Costa Rica, and Peru for about six months. This test established an account's primary residence as the "home" for the membership. 

If the service spotted streaming at any additional households for more than two weeks, it asked the user to set up a new account and pay for additional "homes". The company estimates more than 100 million people are currently using another household’s account worldwide. 

Subscription loss

Earlier this year in July, Netflix reported losing subscribers for the first time in over 10 years, with the firm’s subscriber count dipping by another 1.3 million in the US and Canada and 1 million worldwide last quarter. 

The company witnessed the highest growth when the pandemic hit in 2020 and people, stuck at home with limited option entertainment, flocked to monster hits like Squid game, and The Crown. It also pushed nearly all of Hollywood's significant media firms including Disney Plus, HBO Max, Peacock, Paramount Plus, and Apple TV Plus to pour billions of dollars into their streaming operations. 

But as the situation normalized, Netflix struggled to attract new subscribers and maintain the loyalty of existing members, especially as there were multiple streaming options and also the rising cost of living led to people cutting back. Now, feeling the heat of intensifying competition to hold onto the subscribers' attention, Netflix is pursuing strategies it had dismissed for years.

Amazon-owned Twitch Says Source Code Disclosed in Data Breach

 

Twitch, which is owned by Amazon.com Inc (AMZN.O), announced on Friday that last week's data breach at the live streaming e-sports platform includes documents from its source code. 

The streaming platform said in a statement that the users' passwords, login credentials, complete credit card numbers, or bank data were not accessed or disclosed in the breach. The platform, which is used by video gamers to communicate with users while live streaming content, attributed the breach to an issue in server configuration modification. 

During server maintenance, modifications to the server's configuration are made. A flawed configuration can allow unauthorized access to the data stored on the servers. 

Twitch said it was "confident" the incident affected only a small number of users and that it was contacting those who had been directly impacted. The platform has more than 30 million average daily visitors. 

Video Games Chronicle had reported that about 125 gigabytes of data was leaked in the breach.  Data includes details on Twitch's highest-paid video game streamers since 2019 such as a $9.6 million payout to the voice actors of the popular game "Dungeons & Dragons" and $8.4 million to Canadian streamer xQcOW. 

About the breach

On October 6, Twitch confirmed that it has suffered a major data breach and that a hacker accessed the company’s servers due to a misconfiguration change. 

A Twitch spokesperson stated on Twitter, “We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available.” 

The leaked Twitch data reportedly includes: 
  • The entirety of Twitch’s source code with commit history “going back to its early beginnings” 
  • Creator payout reports from 2019 
  • Mobile, desktop, and console Twitch clients 
  • Proprietary SDKs and internal AWS services used by Twitch 
  • “Every other property that Twitch owns” including IGDB and CurseForge 
  • An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios 
  • Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers) 
It is advised that Twitch users use two-factor authentication, which implies that even if the password is hacked, the user will still need to use the phone to confirm the identity via SMS or an authenticator app.