Roku security breach: Over half a million user accounts impacted
In a shocking revelation from Roku, more than 591,000 user accounts have been compromised through credential stuffing attacks, leveraging login details stolen from other platforms. This startling security breach, first detected earlier this year, marks a significant threat as malicious actors accessed 15,000 accounts initially and a staggering 576,000 more in a subsequent incident.
Roku’s investigations have clarified that these unauthorized accesses were orchestrated using credentials obtained from external sources, not from within Roku’s own systems. Surprisingly, no direct compromise of Roku’s systems was identified. Nevertheless, in a handful of cases—less than 400—the attackers made unauthorized purchases of streaming services and Roku hardware using the stored payment methods of the affected accounts. Fortunately, they did not gain access to sensitive payment information like full credit card numbers.
1Password thwarts hacking attempt linked to Okta security breach
Today, 1Password shared some news about a hacking attempt that happened in late September 2023. The company saw some suspicious activity on a software tool they use called Okta, which helps manage apps for their employees. This strange activity was later found to be connected to a known security issue with Okta’s support system.
On September 29, someone from 1Password’s tech team got a surprising email that helped them find this weird activity in their Okta software. They traced this activity back to a suspicious computer address. Someone unauthorized had got into the Okta software with high-level access. This situation looked a lot like known hacking attempts where bad actors get into high-level accounts to mess with security settings and pretend to be users within the company being targeted.