Jump to content
  • Roku discovers second data breach affecting over half a million accounts


    Karlston

    • 492 views
    • 2 minutes
     Share


    • 492 views
    • 2 minutes

    Roku announced a new data breach affecting hundreds of thousands of accounts on its streaming platform. The company recently announced that it had found evidence of unauthorized access to 576,000 Roku user accounts. This is in addition to the 15,000 accounts compromised in an earlier incident last month.

     

    According to Roku, the attacks used a technique known as "credential stuffing," in which hackers use credentials obtained from other breaches to systematically try to access accounts on different services. The compromised credentials likely came from previous data breaches at unrelated sites where people reused passwords. In its advisory published today, Roku writes:

     

    After concluding our investigation of this first incident, we notified affected customers in early March and continued to monitor account activity closely to protect our customers and their personal information. Through this monitoring we identified a second incident, which impacted approximately 576,000 additional accounts.

    While Roku's systems were not directly hacked in this incident, malicious actors were able to exploit weak or stolen credentials to take over accounts via credential stuffing. In less than 400 cases, attackers made fraudulent purchases of streaming subscriptions and Roku hardware using payment methods stored in the compromised profiles.

     

    As a precaution, Roku has reset passwords for all affected accounts. The company is also refunding customers who incurred unauthorized charges.

     

    First, we have reset the passwords for all affected accounts and are notifying those customers directly about this incident. We also are refunding or reversing charges for the small number of accounts where we’ve determined that unauthorized actors made purchases of streaming service subscriptions or Roku hardware products using a payment method stored in these accounts. We also want to reassure customers that these malicious actors were not able to access sensitive user information or full credit card information.

    Roku has also enabled two-factor authentication (2FA) by default for all accounts, whether affected by the recent incidents or not. When users next attempt to log in to their Roku account, a verification link will be sent to the registered email addresses.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...