breached Archives - Times Wonderful News

AT&T resets thousands of user passwords as it confirms breached data was its own after all

Mass reset

Surely enough, last month, a seller published the full database, affecting 73 million people – and TechCrunch analyzed the database, confirming its authenticity, and also establishing that it contained user passcodes, prompting a swift alert towards AT&T.

Passcodes are four-digit numbers that work as the second security layer, and are used to access user accounts. Even though they were encrypted, some researchers argued that it is something that can be worked around. Apparently, there is not enough randomness in the encrypted data, which means that in theory, a threat actor could guess the passcode.

It seems the threat is more than just theoretical, as AT&T initiated a mass-reset of the passcodes over the weekend.

“AT&T has launched a robust investigation supported by internal and external cybersecurity experts,” the company said in a statement published on Saturday. “Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.”

“AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” the statement said.

While the telco did confirm the breach, it says that it still doesn’t know where the data came from, whether it was directly from its servers, or from its vendors.

More from TechRadar Pro

Over 15,000 Roku accounts have been breached – here’s what you need to know

[ad_1]

15,363 Roku accounts were compromised last year as bad actors gained access to a lot of sensitive data on the platform. Evidence suggests they obtained credit card information and attempted to make purchases.

This news comes from a pair of filings Roku made on March 8 to the attorneys general’s offices for Maine and California. They both come with a notice explaining exactly what happened. The document is publicly available if you want to get the full details. But the gist of it is that the hackers bought customer usernames and passwords from a third-party source and then proceeded to enter Roku accounts. This process is known as a credential stuffing attack, according to tech news site BleepingComputer who initially discovered the two notices.

After gaining access, the bad actors changed the account’s login information, locking out the original owner. Roku states the hackers also tried to buy streaming subscriptions using stored credit cards. Because the details were altered, account holders would not have received order confirmation emails if the hackers bought something.

Keeping safe

“The Maine filing states the attacks occurred on December 28, 2023 and February 21, 2024.” In response, Roku quickly “secured the accounts from further unauthorized access”. They then required registered owners to reset their passwords while it investigated the fraudulent activity. Experts at the company successfully stopped “unauthorized subscriptions” and refunded all the charges made under a user’s name.

They confirmed other types of sensitive information like social security numbers were not a part of the attack. Currently, Roku’s security team is watching for any further “signs of suspicious activity.”

A Roku representative didn’t offer much new information when reached for comment. In an email, they explained the attacks again, how they took immediate steps and added the team is taking the “incident very seriously.”

Roku’s rep did give us a list of what users should do moving forward. First, they suggest resetting your password by visiting the My Roku website.

If you’re having trouble accessing your profile, they ask that you contact the company for help. An assistance phone number can be found on the notice document. Next, check if any extra subscriptions or unknown devices have been added. Those will most likely belong to a hacker. You can find them on your account’s dashboard.

We also recommend entering your credentials into HaveIBeenPwned to see if your data has been leaked online. Roku states the incident only affects a “very small percentage” of subscribers, but it couldn’t hurt to check.

Diving deeper

Going back to the BleepingComputer report, the publication dove deeper into the situation, uncovering an online retailer selling stolen login credentials. And get this: you can buy access to a Roku account for as low as 50 cents.

Each listing comes with a set of instructions detailing how to change account details “to make fraudulent purchases.” What’s worse is these bad actors seemingly gloat on Telegram, posting screenshots of things they’ve bought using stolen credentials.

It’s unknown how these logins made their way online. It’s possible the credentials were taken from an earlier breach and then posted on the dark marketplace, but that’s just our best guess. It’s a pretty scary situation all around. If you want to know how to beef up your digital security, check out TechRadar’s list of nine tips to protect your online life.

[ad_2]

Source Article Link