Just a few weeks after a security hack exposed more than 15,000 Roku accountsthe company announced Friday that a second security breach had affected more than 576,000 accounts.
In a statement posted on its website, the company said it found no evidence that it was the source of the account credentials used in either attack or that Roku’s systems were compromise. Instead, the company said, the login credentials used in the hacks were likely stolen from another source where affected users may have used the same username and password. This type of cyberattack is known as “credential stuffing.”
Roku said that in fewer than 400 cases, “malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku-producing hardware using the payment store in these accounts, but they did not had access to any sensitive information, including full credit card numbers. or other complete payment information.”
Jenny Kane/AP
The company said it reset passwords for all affected accounts and notified those customers directly of the incident. This involves refunding or waiving charges on accounts for purchases made by unauthorized actors.
Additionally, the company has also enabled two-factor authentication for all Roku accounts, even those that were not affected by either security incident. They said that account holders should be aware that the next time they log into the Roku account online, a verification link will be displayed. be sent to the associated email.
“While the total number of affected accounts represents a small fraction of Roku’s more than 80 (million) active accounts, we are implementing a number of controls and countermeasures to detect and deter future data jam incidents. “credentials,” the company said.
Roku encouraged users to create a “strong, unique password” for their account and also advised them to “stay vigilant,” being alert for any “suspicious communications appearing to come from Roku, such as update requests of your payment information, sharing your username”. or your password, or click on suspicious links.”
“We sincerely regret that these incidents occurred and the disruption they may have caused,” the company said. “The security of your account is a top priority and we are committed to protecting your Roku account.”
This is Roku’s second breach in recent months. In March, Roku said hackers accessed more than 15,000 user accounts.
Grub5
