Roku Cyberattack Impacts Over 500,000 Accounts
Streaming service provider Roku has disclosed a new data breach incident, impacting nearly 576,000 accounts.
The company said this is the second incident it discovered this month. This discovery was made while investigating the March 2024 breach, where unauthorized actors used stolen login credentials to access 15,000 user accounts.
In both cases, the threat actors had utilized a form of automated cyberattack known as “credential stuffing.”. In this method, hackers use stolen login information from one platform and reuse the same login to gain unauthorized access across multiple sites and accounts.
“There is no indication that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident,” Roku said in a statement on April 12. The company attributed the attack to login credentials obtained from online accounts unrelated to it.
With an active user base of more than 80 million, Roku said that its security system was not impacted, though some user accounts were breached to make unauthorized purchases.
It said that it identified fewer than 400 cases where stolen information was used to make fraudulent purchases of Roku streaming services and hardware products using the payment data stored in the accounts.
However, it said that the threat actors did not gain access to any sensitive information, including credit card and other payment-related information.
The company, on its part, is implementing several measures to control and deter similar future incidents, including resetting the passwords of the affected accounts and enabling two-factor authentication (2FA) for all Roku accounts.
The company will also notify the impacted customers and refund and reverse charges for accounts where hackers had used stored payment information to make unauthorized purchases.
Advisories went out requesting password resets for all Roku accounts with strong, unique passwords. Roku says to contact the company’s customer support if requests to disclose credentials, update payment details, or click on suspicious links are received.
Leave a Comment
Cancel