About 576,000 Roku accounts were compromised in a cyberattack, according to the company's announcement on Friday. This marks the second security breach for the streaming service this year.
In a blog post, Roku explained that hackers were able to access user accounts by using stolen login credentials. The security breach was detected as Roku monitored account activity following a previous cyberattack that impacted 15,000 accounts earlier in the year.
Fraudsters in multiple cases utilized a cyberattack technique called credential stuffing. This involves hackers trying leaked login and password information from one data breach on various users' accounts. They target individuals who use the same credentials across multiple accounts. (Experts advise using different passwords for each online account.)
Roku accounts were accessed using credentials likely obtained from a separate data breach, according to a statement from the company.
Roku stated that they have found no evidence suggesting that Roku was responsible for the account credentials used in the attacks, or that their systems were breached in any way.
In less than 400 instances, hackers were able to use Roku accounts to make purchases on streaming services and Roku products. Fortunately, they did not manage to access any sensitive financial information. Roku reassured customers that they are reversing charges and providing refunds to all affected accounts, according to a statement released by the company.
Roku stated that the malicious actors were unable to access any sensitive user information or full credit card details.
Furthermore, the company has automatically reset user passwords and will be reaching out to users impacted by the security breach.
Roku, a popular streaming platform with over 80 million users, is rolling out two-factor authentication for all accounts. This new security feature will require users to confirm their identity on a second device when logging in.
In a recent statement, Roku expressed regret for any inconvenience caused by security incidents and emphasized their dedication to protecting user accounts. They assured users that account security is a top priority and they are committed to safeguarding Roku accounts.
The company’s stock is down nearly 3% since the security breach was announced.
Tips for securing your account
To protect your online accounts, it's important to create strong passwords that are unique and contain a combination of letters, symbols, and numbers. Aim for at least eight characters in length.
Stay alert for internet scams, phishing emails, and any suspicious requests for your login or financial information. Be cautious and double-check before sharing sensitive data online.
Roku users should contact customer support when in doubt and periodically log in to accounts to review purchases and subscriptions, the company said in a statement.
Editor's P/S:
The recent cyberattack on Roku, compromising over half a million accounts, raises concerns about the security of streaming services and the vulnerabilities of personal data. The use of stolen login credentials highlights the importance of using strong and unique passwords for each online account. While Roku assures users that sensitive financial information remains protected, the incident emphasizes the need for enhanced security measures.
To mitigate risks, Roku is implementing two-factor authentication, which adds an extra layer of protection by requiring users to verify their identity on a second device. Additionally, users should be vigilant about suspicious emails, avoid sharing personal information online, and regularly review account activity to detect any unauthorized purchases or subscriptions. These measures can help minimize the impact of future cyberattacks and protect online accounts.