Roku warns of unauthorized access to hundreds of its customers' accounts
19/03/2024A Roku investigation, the company that manufactures media streaming devices running Roku software to access all kinds of streaming content, has revealed unauthorized access to hundreds of its users' accounts, "likely due to compromised login credentials obtained from third-party sources unrelated to Roku," they said. According to the company itself, these credentials were used to access Roku accounts, where changes were made, including attempts to purchase streaming subscriptions. However, in an official statement, Roku said that any sensitive personal data such as full payment account numbers could not be accessed. The affected accounts were secured and required password resets, as well as the cancellation of unauthorized subscriptions. Roku has announced that it will refund its users for all unauthorized charges. "What can I do if I can't access Roku? Roku has reset all passwords for accounts affected by these unauthorized accesses, so if we are holders of one of them, we may not be able to access it in the usual way. To regain access, we should go to my.roku.com and use the "Forgot your password?" option. Additionally, the company recommends reviewing subscriptions and devices linked to the Roku account from the Roku account Dashboard."
[ ... ]
Meta warns about the vulnerability in password recovery linked to the recycling of phone numbers
22/02/2024Meta, a leader in social media, has announced that it will not assume responsibility for personal account theft on Instagram and Facebook related to password recovery through the use of recycled phone numbers. The company argues that it lacks control over telecommunications providers and users involved in this practice. Phone number recycling: an overlooked risk in a recent statement Meta revealed its inability to manage personal account thefts that occur when phone numbers are recycled by telecommunications carriers. This common practice among mobile phone companies involves reassigning discarded numbers to new customers, making them owners of a number previously used by another user. In countries like Spain, carriers wait for a period of 30 days before reassigning a number, but the risk persists if users do not unlink the number from digital services or associated platforms, such as social networks and emails. The danger of not unlinking phone numbers from digital accounts When users deactivate a phone number, whether due to a change of carrier or any other reason, carriers must wait before reassigning the number. However, failure to unlink this number from digital services can result in unauthorized access to personal accounts. In many services, linking the phone number is allowed for actions such as resetting passwords. Users, upon receiving a verification code on their number, can complete the login without the need for email validation or a password. This process, though accepted, can lead to unintentional unauthorized access. Meta warns users about the importance of unlinking phone numbers from digital accounts when deactivating them, insisting on the need to update associated information to prevent account theft.
[ ... ]
Macro cyber-attack affects more than 350 companies worldwide
07/07/2021The number of companies that have suffered from the REvil macro cyberattack now exceeds 350 organizations worldwide from which the cybercriminals are demanding 70 million in bitcoins to provide them with a universal decryptor to restore their data. The attack was conducted through the update system of IT services software company Kaseya, which REvil exploited to spread and hide ransomware. The virus was leaked to TI Kaseya resellers and from there has reached all end customers using their software. The official data provided by TI Kaseya sets the number of affected companies at 350, although other sources such as the cybersecurity company ESET talk about more than 1,000, including some Spanish organizations, although no names have been disclosed. It has been made public that one of the companies most affected by the cyberattack has been the Swedish supermarket chain Coop, which has had to close its more than 800 points of sale for a few days due to the impossibility of using its cash registers or charging customers. Based on Sophos threat intelligence, REvil has been active in recent weeks and is currently the dominant ransomware gang involved in Sophos' defensively managed threat response cases. Prior to this latest attack, they were also responsible for the one suffered by meat company JBS, which forced the cancellation of all work shifts at the company's slaughterhouses in the US. JBS paid up to 11 million to restore normal operations. These macro cyber-attacks are in addition to other recent and highly significant ones, such as the one perpetrated by the hacker group DarkSide, which forced the preventive shutdown of the largest oil pipeline network in the United States, Colonial Pipeline, endangering the supply of fuel in a large part of the country, or the one suffered by the SEPE and the Ministry of Labor in Spain a few weeks ago.
[ ... ]