Tag Archive for: accounts

Unjected Data Breach: Security Lapse Exposes Thousands of User Accounts

/in


Unjected, the controversial anti-vaccine dating platform, faces another bout of scrutiny as a recent security breach exposes the private data of over 35,000 users. 

The latest security problem, discovered by security researcher GeopJr, tackles alarming vulnerabilities within the platform’s infrastructure. It could compromise user privacy and safety.

Unjected Hit by a Glitch

Unjected Data Breach: Security Lapse Exposes Thousands of User Accounts

(Photo : Mufid Majnun from Unsplash) 

Unjected, a popular website that promotes anti-vaccine campaigns is now under attack by a glitch. The latest security issue exposes confidential information of some users.


GeopJr’s investigation reveals critical flaws in Unjected’s security measures, allowing unauthorized access to sensitive user information. The breach exposes personal details, including full names, birthdates, email addresses, and location data of thousands of users. Moreover, authentication issues enable malicious actors to manipulate user profiles and access private messages exchanged on the platform.

Related Article: Issue-Plagued AirPower Charges Apple Watch For the First Time: Is this an Upgraded Prototype?

History of Security Concerns

This isn’t the first time Unjected has faced security-related controversies. In July 2022, GeopJr uncovered an open administrator dashboard, granting unauthorized access to crucial site functionalities. Despite attempts to rectify the issue, subsequent glitches and outages persisted, raising concerns among users regarding data protection.

Persistent Security Lapses

Despite being alerted to the security vulnerabilities by GeopJr and the Daily Dot, Unjected has failed to address the issues adequately. Efforts to patch the leak inadvertently exacerbated the situation, introducing additional vulnerabilities, including unauthorized account deactivation.

User Concerns and Insecurity

The breach has left users apprehensive about their privacy and safety on the platform. Direct messages reveal widespread distrust and unease among users regarding Unjected’s security practices. Concerns range from potential government surveillance to fears of hacking and data exploitation.

Response and Lack of Transparency

Blackbaud Must Improve its Poor Security, Data Retention Practices to Avoid Future Breaches, Says FTC

(Photo :…

Source…

Thousands Of Roku Accounts Were Compromised By Hackers

/in


Roku City used to be a safe and welcoming place filled with picturesque purple sunsets and nostalgia-fueled movie references. Now it’s just a glorified commercial. But this is how most cities evolve, so we shouldn’t be surprised. What is surprising is that the company is not very good at discouraging hackers from taking a quick vacation to Roku City, where they subsequently compromised nearly 15,000 accounts. Gotham sure looks like the preferred fictional city right about now.

The Hollywood Reporter revealed that 15,363 Roku accounts were compromised between December 28, 2023 and February 21, 2024. Filings in California and Maine indicate that hackers obtained login data from another source to try and purchase streaming subscriptions.

A company spokesperson told The Hollywood Reporter:

Roku’s security team recently detected suspicious activity that indicated a limited number of Roku accounts were accessed by unauthorized actors using login credentials obtained from third-party sources (e.g., through data breaches of third-party services that are not related to Roku). In response, we took immediate steps to secure these accounts and are notifying affected customers. Roku is committed to maintaining our customers’ privacy and security, and we take this incident very seriously.

Bleeping Computer also reported that the stolen accounts were being sold for as little as $0.50 per account.

While it sounds scary, the company assured customers that the hackers did not gain access to “social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification.” It seems like they really just wanted to log in to Hulu and see what Shogun is all about.

(Via The Hollywood Reporter)

Source…

Roku Suffers Data Breach, Hackers Sell Credentials of Hundreds of 15,000 Stolen Accounts

/in


Streaming platform Roku officially discloses hackers have successfully breached its systems to steal more than 15,000 customer accounts containing sensitive information. Hundreds of the accounts are reportedly being sold online as the breach has given hackers access to the owner’s stored credit card information to make illegal purchases.

With over 80 million active users, the firm reportedly disclosed the hack on Friday in documents it filed with the attorneys general of Maine and California. Fifteen thousand three hundred sixty-three accounts were compromised between December 28, 2023, and February 21, 2024, according to the papers.

The documents show that hackers gained access to the accounts by obtaining login credentials from other sources, instead of getting into Roku’s system. Using a hacking technique called a credential stuffing assault, threat actors gather credentials that have been made public in past data breaches and then try to use them to access other websites.  

DNA Testing Companies Adopt Two-Factor Authentication in Response to 23andMe Data Breach

(Photo : THOMAS SAMSON/AFP via Getty Images)
An agent of the operational center of the French National Cybersecurity Agency (ANSSI) checks datas on a computer in Paris on November 24, 2022.

According to the firm, once an account was compromised, threat actors were able to alter all of the user’s data, including passwords, email addresses, and shipping addresses.

Roku clarified, however, that the unauthorized actors who gained access to the impacted Roku accounts did not have dates of birth, social security numbers, complete payment account numbers, or any other kind of sensitive personal information that needed to be disclosed.  

This essentially locked the user out of the account, enabling threat actors to utilize the saved credit card information to make transactions without sending order confirmation emails to the actual account holder.

According to BleepingComputer, several threat actors are employing the Open Bullet 2 or SilverBullet cracking tools to carry out credential-stuffing assaults. With the help of these apps, hackers can import custom configuration files made specifically to carry out credential-stuffing attacks against particular…

Source…

Hackers Are Selling Off Stolen Roku Accounts With Credit Card Details For 50 Cents Each

/in


roku compromised accounts sold online

Account credentials and personal data are hot commodities online, which often going up for sale at low prices so shady characters can move thousands of accounts quickly. This is reportedly what has happened to just over 15,000 Roku customers who had their accounts compromised due to credential stuffing attacks that occurred from December 28th, 2023, to February 21st, 2024. Thankfully, these attacks were detected and eventually halted, but not before threat actors made off with some valid information, allowing malicious data buyers to access the compromised accounts.

On January 4th this year, Roku detected and observed suspicious activity, indicating that some accounts may have been accessed without authorization. This triggered an investigation into the compromise, which found that threat actors were seemingly leveraging third-party sourced breach data and spraying those credentials against Roku to see what would work in a credential-stuffing attack. Of all the accounts attempted, 15,363 people had used the same email and password with Roku and whatever other platform was breached to gain the credentials.

The data breach notice explains that “after gaining access, [threat actors] then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions.” Subsequently, Roku has moved to re-secure the compromised accounts and is stopping any unauthorized purchases or subscriptions made on the account. However, it would seem that Roku’s security team may not have caught some of these accounts, as Bleeping Computer reports that some are still available to purchase online for as low as $0.50 per account.

As such, the breach notice recommends that Roku users review all subscriptions on, and devices linked to, their accounts. Further, using a strong and unique password for accounts is good to prevent this sort of thing from happening elsewhere. If you believe you were compromised, it is also good security hygiene to monitor your credit accounts and other information just in case your identity is stolen or compromised.

(Hero Image Source: Roku)

Source…