If you're using your pet's name as a password for all your online accounts: stop immediately.
The recent privacy incident involving Roku reminds you that you should always use unique passwords for all your accounts — services like Roku, for example, may seem less secure than your online banking app.
On Friday, Roku notified customers that some accounts were affected by the data breach.
According to BleepingComputer, more than 15,000 Roku customer accounts were compromised. A Roku spokesperson declined to tell Business Insider the exact number of accounts affected.
Roku is committed to the privacy and security of its customers and takes this incident very seriously, the company said in a statement shared with Business Insider, adding that Roku immediately secured customer accounts.
According to the company, hackers can obtain Roku customers' username and password combinations for other non-Roku websites and then use those same credentials to access that person's Roku account.
The company added that after gaining access to Roku accounts, the hackers changed customers' credentials and blocked them from accessing their accounts. In some cases, hackers attempted to purchase a streaming subscription from a person's account.
This type of hack is called an authentication attack and is not Roku's fault. Instead, the hack was made possible in part by customers using the same passwords for multiple of their own accounts.
When filling out credentials, hackers use the same credentials from one online account to log into another. These username and password combinations are usually obtained through phishing attacks or data breaches. Sometimes they sell your login information to other hackers who can steal your information or use it to make purchases.
In the Roku attack, hackers sold Roku accounts for 50 cents each, BleepingComputer reports.
That sounds scary, but the good news is that there are things you can do to protect yourself from falling victim to these types of attacks.
The first thing you can do is be wary of phishing scams.
For example, never click on links you receive via email or text message, even if they appear to be from a reputable company. Phishers often send messages from email addresses that look almost exactly like real business addresses and redirect you to a fake website that looks exactly like the real one. Always use the search engine to go directly to the company website.
And perhaps most importantly, always use unique, hard-to-guess passwords for all your accounts.
You don't even have to remember everything. The best way to keep passwords safe is to use a password manager, which can often generate strong, unique passwords for each account. Some services are paid, such as LastPass, while others are free, such as Bitwarden and Apple's iCloud KeyChain.
0 Comments