top of page

Cybersecurity and Entertainment

Entertainment devices are vulnerable

by Charles Parker


When people aren’t working, they tend to migrate towards some form of entertainment. One

outlet for this recreation is the Roku. The device allows the user access multiple avenues of

entertainment. As part of the service, customers need to provide a credit card number and other

information.


Fortunately, this generally works very well for the customers. They login to their subscription and

start their evening of leisure. Unfortunately, recently Roku had a little issue with a compromise.

Roku sent a notice to 15,363 of their customers. They noted the compromise disclosed the

customer accounts and their credit card information. Roku found the adversaries secured login

information and attempted to purchase streaming subscriptions in a few instances. These could

have been for Netflix, Max, Paramount Plus, Hulu, Peacock, Disney Plus, and others.


The attack vector has not been detailed. It’s likely though the attackers used the general

credential stuffing attack. There have been so many breaches over the years, there’s an

expansive list of passwords for nearly every person. With the automated attacks, all of these

and common variations of the known passwords can be checked in quick order.


The adversaries did shift the rest of the attack by changing the login information for the account

once it was compromised. They also have been selling the stolen data. For this compromise,

the one positive was the Roku accounts didn’t collect the customer social security number.

This is another example of why people should have different passwords for the different

accounts. When the user has one or two passwords for everything, when these are

compromised, the other accounts are fair game to be attacked.


About the author-

Charles Parker II has been working in the info sec field for over a decade, in the banking,

 medical, automotive, and staffing industries. Charles has matriculated and attained the MBA,

 MSA, JD, LLM, and is in the final stage of the PhD in Information Assurance and Security

 (ABD) from Capella University. Mr. Parker’s areas of interest include cryptography, AV, and

 SCADA.

Comments

Featured Posts
Check back soon
Once posts are published, you’ll see them here.
Recent Posts
Archive
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
bottom of page