Roku warns of unauthorized access to hundreds of its customers' accounts
19/03/2024A Roku investigation, the company that manufactures media streaming devices running Roku software to access all kinds of streaming content, has revealed unauthorized access to hundreds of its users' accounts, "likely due to compromised login credentials obtained from third-party sources unrelated to Roku," they said. According to the company itself, these credentials were used to access Roku accounts, where changes were made, including attempts to purchase streaming subscriptions. However, in an official statement, Roku said that any sensitive personal data such as full payment account numbers could not be accessed. The affected accounts were secured and required password resets, as well as the cancellation of unauthorized subscriptions. Roku has announced that it will refund its users for all unauthorized charges. "What can I do if I can't access Roku? Roku has reset all passwords for accounts affected by these unauthorized accesses, so if we are holders of one of them, we may not be able to access it in the usual way. To regain access, we should go to my.roku.com and use the "Forgot your password?" option. Additionally, the company recommends reviewing subscriptions and devices linked to the Roku account from the Roku account Dashboard."
[ ... ]
Meta warns about the vulnerability in password recovery linked to the recycling of phone numbers
22/02/2024Meta, a leader in social media, has announced that it will not assume responsibility for personal account theft on Instagram and Facebook related to password recovery through the use of recycled phone numbers. The company argues that it lacks control over telecommunications providers and users involved in this practice. Phone number recycling: an overlooked risk in a recent statement Meta revealed its inability to manage personal account thefts that occur when phone numbers are recycled by telecommunications carriers. This common practice among mobile phone companies involves reassigning discarded numbers to new customers, making them owners of a number previously used by another user. In countries like Spain, carriers wait for a period of 30 days before reassigning a number, but the risk persists if users do not unlink the number from digital services or associated platforms, such as social networks and emails. The danger of not unlinking phone numbers from digital accounts When users deactivate a phone number, whether due to a change of carrier or any other reason, carriers must wait before reassigning the number. However, failure to unlink this number from digital services can result in unauthorized access to personal accounts. In many services, linking the phone number is allowed for actions such as resetting passwords. Users, upon receiving a verification code on their number, can complete the login without the need for email validation or a password. This process, though accepted, can lead to unintentional unauthorized access. Meta warns users about the importance of unlinking phone numbers from digital accounts when deactivating them, insisting on the need to update associated information to prevent account theft.
[ ... ]
Detected a Trojan that emulates the WhatsApp account and fraudulently manages subscriptions to payment sites
17/10/2022Kaspersky researchers has reported that YoWhatsApp advertised on Snaptube and Vidmate, two of the most popular download platforms at the moment, is actually a Trojan capable to issuing paid subscriptions and stealing WhatsApp accounts. YoWhatsApp would act as a mod of the original messaging program, offering new functions that the official service does not allow, such as wallpapers, personalized fonts for chats and password-protected access to conversations, .... As Kaspersky researchers have explained, when a user installs YoWhatsApp on a device, it’s forced to log in to they real application account, and in this moment, Triada Trojan is activated, downloaded and executed on the terminal. Once this is done, the Trojan is capable of accessing the user's real WhatsApp account credentials, steal all the data, having already detected unauthorized subscriptions to paid subscriptions. Kaspersky recommends to install, only, Apps from official stores and reliable sources and they have insisted on the need to check always the permissions granted to each application. Installing an antivirus is another recommended measure.
[ ... ]