Roku says 576,000 user accounts hacked after second security incident | TechCrunch
(techcrunch.com)
from flop_leash_973@lemmy.world to technology@lemmy.world on 12 Apr 2024 19:38
https://lemmy.world/post/14217928
from flop_leash_973@lemmy.world to technology@lemmy.world on 12 Apr 2024 19:38
https://lemmy.world/post/14217928
Jesus, again already?
threaded - newest
This is the best summary I could come up with:
Streaming giant Roku has confirmed a second security incident in as many months, with hackers this time able to compromise more than half a million Roku user accounts.
In a statement Friday, the company said about 576,000 user accounts were accessed using a technique known as credential stuffing, where malicious hackers use usernames and passwords stolen from other data breaches and reuse the logins on other sites.
Roku said in fewer than 400 account breaches, the malicious hackers made fraudulent purchases of Roku hardware and streaming subscriptions using the payment data stored in those users’ accounts.
Roku said it refunded customers affected by the account intrusions.
Following the security incidents, Roku said it rolled out two-factor authentication to users.
Two-factor authentication prevents credential stuffing attacks by adding an additional layer of security to online accounts.
The original article contains 213 words, the summary contains 135 words. Saved 37%. I’m a bot and I’m open source!
At this point, why even consider getting a Roku?
Note, I rarely, if ever, use a TV anymore, so smart TVs have never appealed to me. But Roku seems to be very anti consumer (between the forced arbitration and their ad policy), so I don’t understand why someone looking to get a smart TV would actually want a Roku over an alternative.
Maybe I’m just poorly informed, but it just seems like almost anything else should be a better option?
I have used Rokus for a while. I have a stick, and a TV that came with it installed.
Pros: It’s cheap, and it works. Their interface isn’t perfect, but it’s good enough. It’s supposed to serve ads, but thanks to my pihole it’s just a blank rectangle taking up part of the screen. The app is serviceable. My wife and I can simultaneously stream the audio to our phones, and both listen with headphones, which means we can enjoy a movie even when the kids are asleep.
When I chose the platform originally, the other options were Google, Amazon, and Apple, and at the time they were still fighting over licensing each app and proprietary software. I also had a KODI HTPC at the time, and it’s still running 15 years later as a Plex media server. The Roku had a faster response time and easier navigation. Roku has a Plex app so I can still stream all the movies I have.
Cons: The stick is showing its age, and the new terms of service are just scary enough to put me on notice that I might need a new streaming device
If they ever show an advertisement or a commercial before or over top of something I’m watching, that will be the day I switch. Today, I would probably go with an nvidia shield, or maybe even a game console since they all run streaming apps now. But any system has the potential for enshittification.
For the TVs where Roku/FireOS/others I’m forgetting are the primarily operating system, they subsidize the cost of the TV making it much cheaper compared to others, especially for the size. Of course, this lower price point comes at the cost of privacy and intrusion of advertising.
You literally can’t buy a non-smart TV anymore
.
Those ar ehonestly not priced as bad as I thought for them not being able to sell your data.
Interesting. My local retailers offer no such thing, but maybe I should start going out of my way to get a dumb one.
I bought a couple Sceptre TVs six years ago, been great.
.
Those are LCDs at OLED prices. It's almost double what an equivalent smart TV is.
Because they are not getting any money off selling your data.
I got the cheapest 4k 55 inchers. I paid like $300 for it. My only complaint was the speakers, but a sound bar fixed that for me.
True, but you can (for now) buy a smart TV and never hook it up to the Internet/use the smart functions.
I have a little Linux micropc hanging off my “smart” LG TV - the TV is effectively a 52" monitor.
You literally can. They are called signage TVs.
Or just buying a regular TV and not connecting it to the internet. Signage TVs are specialized and will cost a lot more for a lot less.
Because nobody buys them? I have a reasonably nice 1080p60 dumb TV, and when I decide I want to upgrade, I’ll be looking at 4k (or maybe 8k) signage displays. Being part of an app ecosystem at this point is a design defect on a TV, and the superior product costs more, so fewer people buy it.
I also suspect the usable life of a smart TV is a lot lower, to the point that paying twice as much for a signage TV may not equate to twice the price in the long run. Fewer parts outside the panel that can slow down or fail entirely
Because they’re a specialty product sold to businesses not mass produced products sold to budget-minded consumers.
I also doubt they’re technologically superior as they’re just designed to display a static McDonalds menu for 18 hours a day, not play Dune in HDR at a massive bitrate. I’m no fan of tracking or similar corporate bullshit surrounding advertising but you’re making a lot of (almost entirely) assumptions here about these signage displays. You’ll likely be paying more than 2x the price of a comparable model considering these are likely equivalent to Black Friday TVs.
The prices are not bad on signage TVs and they sure as hell are not similar to Black Friday TVs. Black Friday TVs are known to have garbage parts. Companies are not going to put up with TVs that die quickly.
Then you will have to deal with their shitty, laggy UI. Signage TVs are not more expensive from what I have seen. They often have less features though like only 60 Hz and fewer inputs (mine only has two).
Are those signage tv have similar tech as normal tv? e.g. oled screen, low latency mode, etc?
Can’t find one with an OLED screen and I doubt there are any since that would likely lead to burn in. I can’t see a use case for low latency (assuming for gaming) on a signage TV so likely no. But for watching content, they work fine.
You could get an OLED monitor like the Gigabyte FO48U or the Asus PG42UQ and use it as a TV if you really wanted.
IIRC I’ve read the Roku TVs at least can be set up in an offline mode. Some of the other brands I’ve heard get obnoxious when not allowed to connect.
I use VLC and an HDMI cable…fuck services from any company. They are all untrust worthy and don’t give a damn about you or their product provided you see ads and they sell your information.
Remember that forced arbitration clause that was in the news last month?
What’s that?
Guess I’ll pick this moment to remind people that this forced arbitration thing is a scare tactic and is not legally binding. You can still sue (assuming you have the funds or a lawyer willing to work pro bono).
We all fucking knew it!!!
That’s why these mother fuckers forced that agreement a month ago
Honestly though, a bunch of other businesses and services started pulling that arbitration shit recently too.
Really? Which ones? So I can keep away from their shit too
Discord is another, goes into effect on the 15th
Good thing they didn’t let me in because they think my phone number is fake.
Strange, I’ve never given them a phone number
They want one now. Explicitly a mobile phone number, with a dropown for country calling code.
Man I can’t remember off hand. I know LG has been doing that shit.
I got an email in the last week from either PayPal or Comcast with regards to arbitration. I threw it away.
Edit Found it, it was Hulu
All signs point to Yes.
It wasn’t forced. You could opt out.
By sending a physical mail to their office, if what I’ve heard on smashing security is correct.
Correct. Are you unfamiliar with stamps and paper? Sure it’s dumb and unfair that they force such a thing, but it takes 10 mins instead of 10 seconds. They’re not requiring hand delivery.
Actually, I kinda am. I’ve only sent paper mail maybe once or twice in my life. I mean, it’s not so hard of course but still.
Agreed. Is exactly how I felt doing it. It’s not so hard, but still.
Oh, so you actually sent one? I don’t have a Roku device (I don’t think they are sold where I live). What did you write them? Did you get some kind of response? Have they made the pop-up go away, and can you use your device like normal?
I sent a letter with the info they asked for. No response. The popup was a one time thing for some people. I never even saw it, but I did get an email with the new tos (which is why I sent them the letter)
Device works fine. This never impacted anyone’s actual device in any way.
Bias Disclaimer: I’m a Roku fanboy.
Not just physical mail. The letter had to have the serial numbers of all devices associated with your account.
Sure, let me go digging behind my TV with all of my free time so that I can give you information you already have, dicks.
The agreement that was a pop-up you could only accept?
My dog answered that before I got a look at it. Is that legally binding?
Sure that argument is fine and all, but you could also just mail them a letter.
Both approaches are moot because you and I don’t have the money or time to fight a huge enterprise or to
bridelobby government officials.TBF the report says this was done using credential stuffing, so it wasn’t really Roku’s fault.
Aw, right when everyone was starting to like you guys so much, too. Bummer!
I’ll put $10 on whatever org hacked them did it because theyre trying to put ads in HDMI lol.
You either die the hero, or live long enough to become the villain. Roku is definitely in full villain stage.
Insert you were the chosen one.gif
feels like you can’t even exist anymore without all your data getting leaked by someone who aggressively must consume as much of it as possible.
Hulu you can say, “well at least I can pirate and avoid giving my info up.” But what can you do against things like when Equifax was hacked?
There needs to be real privacy reform and real data privacy laws in the USA. bullshit ass second-tier country
Agreed the credit agency breaches are especially fucked since you don’t even have a say or not in participating.
Then they make you PAY to freeze your account. It’s fucking racket.
Right after they made you sign a thing saying you can’t sue them lol
In which kind of country would that even be legal/enforceable lmao