It’s rare to see a data breach study observers call a “mixed bag.” Normally, reports on data breaches are grim, touting how each year was a record high for the number of data breach incidents and victims, so when one of those figures goes down, it’s as close to good news as you might get.

The Identity Theft Resource Center’s 2023 Data Breach Report is one such example. The ITRC found the number of data breaches increased 72% in 2023 compared to the previous record set in 2021. However, the amount of data breach victims fell 16% compared to 2022. 

Despite a skyrocketing number of incidents, the fact that the total data breach figures have gone down might be seen as good news, although some observers believe that what is actually happening is that cybercriminals are just getting more sophisticated. 

In this installment of the BlackCloak Thursday Threat Update, we’ll cover another data breach experienced by Roku, and Apple’s response to a targeted spyware campaign.


Roku’s Second Breach Affects 576K

What we know: Roku announced it experienced a data breach affecting around 576,000 users. Roku discovered this breach while it was investigating the incident it experienced earlier this year that only impacted 15,000 customers. Unauthorized individuals were able to breach Roku’s systems through a credential stuffing attack, and in some cases were able to make fraudulent transactions from those accounts.

Recommendations:  In its notice on the breach, Roku said it has reset all the passwords for affected individuals, and will enable multifactor authentication for all accounts, even for those who were not impacted by the incident. Roku laid out the steps for using MFA, and recommends all users keep an eye out for suspicious messages, and to log into their Roku accounts to see whether any charges have been made.


Apple Issues Notifications on Mercenary Spyware Attacks

What we know: A string of mercenary spyware attacks have targeted various Apple device users. The attacks do not appear to be financially motivated, but rather politically motivated. Those targeted by the spyware include journalists, activists, politicians and diplomats. The attack has been reported in at least 92 different nations around the world.

Recommendations: Apple has notified anyone affected by the spyware attacks. Apple has sent out notifications via an email and iMessage notification to the email and phone numbers associated with the user’s Apple ID, and by a Threat Notification at the top of the page after a user signs into their Apple ID on Apple’s website. Anyone who receives one of these notifications should follow the instructions Apple has listed. Additionally, all Apple device users should ensure their software is up-to-date, to enable MFA where they can and to avoid clicking on links and attachments from unknown senders.


Keep your accounts safe

Cybercriminals will try many different ways to compromise your accounts and steal your data. While some data breaches may be out of your control, there are steps you can take to protect your accounts right from your device.


Learn why you should enable multi-factor authentication on your accounts, and how you can mitigate account takeovers to protect yourself against identity theft.


Get a demo