Simply weeks after a safety hack uncovered greater than 15,000 Roku accounts, the corporate mentioned Friday {that a} second safety breach impacted greater than 576,000 accounts.
In a press release on its web site, the corporate mentioned it discovered no proof that it was the supply of the account credentials utilized in both of the assaults or that Roku’s programs have been compromised. As a substitute, the corporate mentioned, login credentials used within the hacks have been seemingly stolen from one other supply for which the affected customers could have used the identical username and password. The sort of cyberattack is called “credential stuffing.”
Roku mentioned in fewer than 400 circumstances, the “malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku {hardware} producing utilizing the cost retailer in these accounts, however they didn’t acquire entry to any delicate data, together with full bank card numbers or different full cost data.”
Jenny Kane / AP
The corporate mentioned it reset the passwords for all affected accounts and notified these prospects straight in regards to the incident. It’s refunding or reversing fees within the accounts that purchases made by unauthorized actors.
As well as, the corporate additionally enabled two-factor authentication for all Roku accounts, even those who haven’t been impacted by both safety incident They mentioned account holders must be conscious that the following time they log into the Roku account on-line, a verification hyperlink shall be despatched to the related e mail.
“Whereas the general variety of affected accounts represents a small fraction of Roku’s greater than 80 (million) lively accounts, we’re implementing a lot of controls and countermeasures to detect and deter future credential stuffing incidents,” the corporate mentioned.
Roku inspired customers to create a “robust, distinctive password” for his or her account and likewise suggested them to “stay vigilant,” being alert to any “suspicious communications showing to come back from Roku, equivalent to requests to replace your cost particulars, share your username or password, or click on on suspicious hyperlinks.”
“We sincerely remorse that these incidents occurred and any disruption they could have induced,” the corporate mentioned. “Your account safety is a high precedence, and we’re dedicated to defending your Roku account.”
That is the second Roku breach in latest months. In March, Roku mentioned hackers accessed greater than 15,000 consumer accounts.
