News Heading - 1

Over 15K Roku Accounts Hacked in Credential Stuffing Attack

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

On March 8, Roku disclosed that 15,363 customer accounts were compromised in a data breach incident, said to have occurred over a period of three months starting December 28, 2023.

The popular streaming TV company in a breach notice filed with the Office of the Maine Attorney General revealed that the incident was first discovered on January 4, 2024. Using credentials exposed in third-party data breaches, the attackers used the hacked account details to commit fraudulent purchases.

‘’It appears likely that the same username and password combinations had been used as login information for such third-party services as well as certain individual Roku accounts’’, Roku’s data breach notification revealed .

‘’As a result, unauthorized actors were able to obtain login information from third-party sources and then use it to access certain individual Roku accounts.’’

On gaining access, the attackers not only changed the login details, like email IDs and passwords, but in a few instances also attempted to purchase streaming subscriptions and hardware.

The company was quick to assure the affected customers that despite the breach, the hackers were unable to access social security numbers, full payment account numbers, dates of birth, or other sensitive personal information.

Roku said that the impacted accounts were secured from ‘’further unauthorized access’’ by forced password resets. In addition to notifying law enforcement, its security team investigated account activity for any fraudulent transactions.

If found, steps were taken to cancel and refund any unauthorized subscriptions as well as charges.

Impacted customers were notified of the incident, and legitimate account holders were advised to visit ‘’my.roku.com’’ and click on the “Forgot password?” button to receive a password reset link.

Users were also advised to review their subscriptions and connected devices linked to their accounts.

This is not the first time that Roku has been targeted by threat actors. The growing popularity of the streaming device has made it an easy target for actors with nefarious intentions. And because of the methods used to interact with a Roku device and Roku’s services, there are a lot methods used by scmamers to con people, including device takeover, phishing emails, activation scams, and offering fake deals.

If your Roku account has been compromised, secure your account and fill out Roku’s scam report form immediately.

News Heading - 2

Ransomware Attack Paralyzes Duvel Brewery Operations

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

On March 5, Belgium’s Duvel Moortgat Brewery suffered a ransomware attack which adversely impacted its production facility, bringing it to a standstill.

“At 1:30 a.m. last night, the alarms went off in Duvel’s IT department because ransomware had been detected,” Duvel’s communications manager Ellen Aarts told the Belgian news publication Nieuwsblad .

“Therefore, production was immediately stopped. It is not yet known when it could restart. We hope to restart today or tomorrow,’’ Aarts continued.

Aarts reassured customers that distribution would not be affected and Duvel’s availability will not change.

“We have more than enough beer in stock to cover this production stop” Aarts said.

However, the press statement did not reveal if or any impact was suffered by the brand’s subsidiaries in Antwerp, Oudenaarde, and Achouffe.

At the time of writing, the attack has been claimed by the ransomware group Stormous. On March 7, a day after the attack, on its dark web page, the Belgian brewer was added to the gang’s list of victims.

Belgium-based Duvel Moortgat is also well-known for other popular beers like Vedett, Maredsous, and La Chouffe.

The pro-Russia Stormous group is believed to have begun operations as early as mid-2021. According to Trustwave SpiderLabs , the group claims to have attacked 700 US websites and 44 American companies, including Coca-Cola, Mattel, Epic Games, and Danaher.

The ransomware gang in its mission statement reveals the US, Ukraine, India, and other western nation governments and private organizations as its targets. However, in January 2024, the gang breached Indonesian state-owned railway company Kereta Api Indonesia (KAI) and published a sample of stolen data on the dark web.

In August 2023, Stormous formed a ransomware-as-a-service (RaaS) partnership with five other hacker groups, collectively known as “The Five Families”. Jointly the groups are known to deploy double extortion ransomware attacks on various business entities in multiple countries, including Cuba, India, Thailand, and China among others.