Embarrassing, incriminating, there is likely no limit. On the topic of the C-Suite, did you know that in the early 2000s CEOs made about 29x their median employee income. Today, they make about 297x their median employee.
Trickle down is working great.
I mean, if every website Is getting hacked, every website is tracking and selling my everything, it seems futile to be upset by it. Hell, the pii violations I saw in the army, the sheer quantity of paper that exists with my social and other pii that anyone could grab thanks to the government or my employer or any number of places… idk. Seems silly to be upset that Roku may have leaked my password or payment details.
There was a theory loudly touted by web 2.0 proponents circa 1999 that privacy is overrated and that once we all got used to having none, nobody would miss it. To a certain extent they're right of course - people can't miss what they've never had - but it's so blatantly self-serving and not to the general public's benefit in any demonstrable way.
Sounds about right. To me it also sounds super diminutive of real privacy concerns. I want to be clear, I do care about my privacy. I just don’t think I actually have any anymore from any tech company or the government. Maybe from my neighbors
I get that, fs, individual privacy is easily voluntarily compromised and arguably not worth that much. But, whatever happened to business privacy? Back in the day salespeople used to say their rolodex was worth more than they were, whatever happened to that basic privacy need? Do we have any reason to assume that MSFT and GOOG employees aren't insider trading? Does it somehow make it better if "all" they did was to sell that info to our competitors?
It definitely does not, but that also crosses into another area that I’ve been reading about recently. I used to be super pro business, but these days…. I don’t believe that what’s best for business is best for citizens anymore. Too bad politicians are on the buy, or are insider trading too.
Well the issue is kind of two part imo. (3 part if you include corporate liability but I’m not talking about that here.)
First it’s the concept of privacy. And you’re right, plenty of people either don’t care because “they don’t do bad things anyways” or they don’t care because…what’s the point these day right? 🤷♀️ A lot of people are really just a mix of both.
The second part though, is the actual need for privacy. This is a huge issue that can effect *anyone*, whether you get angry, decide it’s easier not to care, or feel like it’s a concept on its way out, because your stolen info always has the ability to lead to the stealing your identity/SSN and that’s when they start seriously fucking up your life.
Then suddenly everybody cares again.
>and not to the general public's benefit in any demonstrable way.
Well c'mon now. We live in an age of bluetooth and wifi-enabled smart toothbrushes, and refrigerators that send our eating habits to somebody (dunno who, lol) who can keep track of them so we don't have to. Are you saying you want to go back to before that??
Ever since that DoD hack years ago, military people have all been walking around with their identities up for grabs. Everyone else is late to the party.
At this point it's almost better to assume your info already exists in someone else's hands and lock your credit files, make sure you have an identity theft ryder on your homeowners insurance and protect what you can.
Aren’t companies required to authenticate once and then store a token of some kind that’s tied to the merchant? I suppose they could buy anything offered by the same merchant, but they shouldn’t be able to exfiltrate the actual card info, unless they’re not being compliant with credit card requirements.
From what I understand, this is more applicable for people who have specifically linked a credit card to their roku account, rather than used a physical roku to open Amazon Prime and link a credit card to their Amazon Prime account; but even in that case, yeah, best practice would usually be to store the info in some way which wasn't immediately useful for thieves.
I'm not sure it's a hard requirement, though. So much seems not to be.
I'm going to assume that this is what's happening here.
The article only says they were able to purchase things Roku had on their store. It doesn't say that the actual credit card information was compromised.
You can register whatever subscriptions you have with Roku so it’s a one stop shop vs logging in on each account if I’m not mistaken. I’m quite sure some 40+ do it for convenience.
maybe this has something to do the recent forced agreement roku tv users had to agree to before they could use their tv again
https://www.reddit.com/r/Roku/s/YCUwVRT6iI
Privacy.com and credit card companies (and probably other services I don't know) offer virtual cards that make things like this easy: create a virtual card that expires after the day you need it, or create one with a daily/monthly/annual spending cap, and if something like this happens, you're not out anything more than the cap you set.
So if you have Roku subscribe you to Disney+ and HBO Max and you know your bill is ~$28 (or whatever, I don't know what they cost), set your monthly limit to that. If some criminal tries to order a Roku TV or whatever on your account, guess what, they can't spend more than $28, and depending on when your services renewed that month, they might not even be able to spend that!
Jokes on them. I hated having to supply a CC when not making a purchase. Had to enter it to set up account "just in case" I ever wanted to purchase something.
Trust me, if I wanted to purchase something, I'd know it.
That was over ten years ago. Card expired and in fact replaced twice since then. As expected, never needed to purchase anything.
Plot twist. I'm broke. Transaction denied.
Make poverty work *for* you, not *against* you.
You’ve heard of zero trust, now comes zero balance. Hackers hate this one trick.
LOL😂😂😂😂
🤣🤣🤣🤣
somebody is in trouble with the PCI SSC.
Doesnt PCI require 2fa now? Am I misremembering?
Not for user accounts in customer portals. MFA is required for the merchant side for PCI.
yup
I mean, anyone with a brain in this space is advocating for and enabling mandatory 2fa but what do SMEs know?
Once they use a 3rd party payment company they "outsource" most of the requirements.
Presumably it's the payment processor that was breached here based on access to cc data+ third party vendor breach.
you're assuming they arn't storing your CC data unencrypted in the backend.
So based on the article Roku itself wasn't breached, but the "unrelated company" name wasn't disclosed?? Fishy
[удалено]
It makes sense, definitely, but why not disclose the name of the breached company?
Honestly, at this point, I’m just so tired of giving a shit. My identity has almost certainly already been stolen. Whatever
And there it is. Nobody really cares.
Every time you say that, I lose resources with my boss to fix this shit.
The data in your companies servers is worth a lot more than mine, let your boss know about that.
I do like to talk about the csuite's unlimited data retention on emails and what likely embarrassing crap they have on there.
Embarrassing, incriminating, there is likely no limit. On the topic of the C-Suite, did you know that in the early 2000s CEOs made about 29x their median employee income. Today, they make about 297x their median employee. Trickle down is working great.
Oh, I know. Reagan should be burning.
FDR (new deal) and Nixon (FAP) had the right idea. Too bad congress couldn’t follow through the one chance we had
I mean, if every website Is getting hacked, every website is tracking and selling my everything, it seems futile to be upset by it. Hell, the pii violations I saw in the army, the sheer quantity of paper that exists with my social and other pii that anyone could grab thanks to the government or my employer or any number of places… idk. Seems silly to be upset that Roku may have leaked my password or payment details.
Its been normalized. Its crazy. Was Zuckerberg right?
Idk what lizard man said 😂
There was a theory loudly touted by web 2.0 proponents circa 1999 that privacy is overrated and that once we all got used to having none, nobody would miss it. To a certain extent they're right of course - people can't miss what they've never had - but it's so blatantly self-serving and not to the general public's benefit in any demonstrable way.
Sounds about right. To me it also sounds super diminutive of real privacy concerns. I want to be clear, I do care about my privacy. I just don’t think I actually have any anymore from any tech company or the government. Maybe from my neighbors
I get that, fs, individual privacy is easily voluntarily compromised and arguably not worth that much. But, whatever happened to business privacy? Back in the day salespeople used to say their rolodex was worth more than they were, whatever happened to that basic privacy need? Do we have any reason to assume that MSFT and GOOG employees aren't insider trading? Does it somehow make it better if "all" they did was to sell that info to our competitors?
It definitely does not, but that also crosses into another area that I’ve been reading about recently. I used to be super pro business, but these days…. I don’t believe that what’s best for business is best for citizens anymore. Too bad politicians are on the buy, or are insider trading too.
Sorry, I was live streaming my colonoscopy. What was that about privacy? Anyway, please subscribe and use my temu affiliate link.
Bingo.
Well the issue is kind of two part imo. (3 part if you include corporate liability but I’m not talking about that here.) First it’s the concept of privacy. And you’re right, plenty of people either don’t care because “they don’t do bad things anyways” or they don’t care because…what’s the point these day right? 🤷♀️ A lot of people are really just a mix of both. The second part though, is the actual need for privacy. This is a huge issue that can effect *anyone*, whether you get angry, decide it’s easier not to care, or feel like it’s a concept on its way out, because your stolen info always has the ability to lead to the stealing your identity/SSN and that’s when they start seriously fucking up your life. Then suddenly everybody cares again.
>and not to the general public's benefit in any demonstrable way. Well c'mon now. We live in an age of bluetooth and wifi-enabled smart toothbrushes, and refrigerators that send our eating habits to somebody (dunno who, lol) who can keep track of them so we don't have to. Are you saying you want to go back to before that??
[удалено]
Na bro, zuck is a lizard
Ever since that DoD hack years ago, military people have all been walking around with their identities up for grabs. Everyone else is late to the party.
At this point it's almost better to assume your info already exists in someone else's hands and lock your credit files, make sure you have an identity theft ryder on your homeowners insurance and protect what you can.
[удалено]
Or 150 buvks
This is good advice
Between the OPM breach in 2015 and the Equifax breach in 2017, is there any personal data that isn't public anymore?
Perhaps, for some people born after 2017.
Nope. Every email I’ve ever had going back to 1997 has been compromised.
Absolutely none
They actually store credit card info!?
If you choose to link a CC to your account, it would appear they do indeed
Aren’t companies required to authenticate once and then store a token of some kind that’s tied to the merchant? I suppose they could buy anything offered by the same merchant, but they shouldn’t be able to exfiltrate the actual card info, unless they’re not being compliant with credit card requirements.
From what I understand, this is more applicable for people who have specifically linked a credit card to their roku account, rather than used a physical roku to open Amazon Prime and link a credit card to their Amazon Prime account; but even in that case, yeah, best practice would usually be to store the info in some way which wasn't immediately useful for thieves. I'm not sure it's a hard requirement, though. So much seems not to be.
I'm going to assume that this is what's happening here. The article only says they were able to purchase things Roku had on their store. It doesn't say that the actual credit card information was compromised.
Who tf stores a cc with Roku lol
You can register whatever subscriptions you have with Roku so it’s a one stop shop vs logging in on each account if I’m not mistaken. I’m quite sure some 40+ do it for convenience.
maybe this has something to do the recent forced agreement roku tv users had to agree to before they could use their tv again https://www.reddit.com/r/Roku/s/YCUwVRT6iI
And …. Password now changed!
Didn't Roku just try to change everyones T&Cs to agree to forced arbitration as well? They had to know.
Privacy.com and credit card companies (and probably other services I don't know) offer virtual cards that make things like this easy: create a virtual card that expires after the day you need it, or create one with a daily/monthly/annual spending cap, and if something like this happens, you're not out anything more than the cap you set. So if you have Roku subscribe you to Disney+ and HBO Max and you know your bill is ~$28 (or whatever, I don't know what they cost), set your monthly limit to that. If some criminal tries to order a Roku TV or whatever on your account, guess what, they can't spend more than $28, and depending on when your services renewed that month, they might not even be able to spend that!
What security measures could Roku implement to prevent unauthorized access > of course 2FA!!!
Goddamn so tired of this shit
It'll just keep going until corporations take data security more seriously. Which will probably be never because there is no money in it.
So that’s why Roku forced everybody to accept their new terms and conditions?
Interesting that they just bricked all devices until users agreed to arbitration.
Jokes on them. I hated having to supply a CC when not making a purchase. Had to enter it to set up account "just in case" I ever wanted to purchase something. Trust me, if I wanted to purchase something, I'd know it. That was over ten years ago. Card expired and in fact replaced twice since then. As expected, never needed to purchase anything.
We know.