After a cyber attack that resulted in the exposure of over 15,000 Roku accounts in the previous month, Roku announced on Friday that it has uncovered a second security breach, impacting an additional 576,000 user accounts.
Roku has taken immediate action by resetting the passwords for all the impacted accounts. They are also directly notifying the affected customers about the most recent incident. In less than 400 instances, unauthorized purchases of streaming service subscriptions and/or Roku hardware products were made by “malicious actors” using the payment method stored in these compromised accounts. Ensuring customer satisfaction, Roku is actively refunding or reversing charges for the accounts that were compromised and misused for illicit purchases.
Roku has recently announced that it has implemented two-factor authentication (2FA) for all Roku accounts, including those that were not affected by the recent incidents. This means that when users try to log in to their Roku account online, they will receive a verification link via email. Users will need to click on the link in the email in order to access their account. This added security measure aims to further protect users and their accounts.
Roku has confirmed that the hackers were unable to access any sensitive personal information, such as full credit card numbers or payment details.
Roku has stated that it has not discovered any evidence indicating that it was responsible for the account credentials used in the two attacks or that its systems were compromised. The company believes that the login credentials used in the hacks were most likely obtained from another source, such as other online accounts, where the affected users may have used the same username and password. This type of cyberattack is known as “credential stuffing.”
Roku acknowledges that the number of affected accounts is a small fraction compared to its vast user base of over 80 million active accounts. However, the company is taking proactive measures to address and prevent future credential stuffing incidents.
Roku has urged its users to create a password that is both strong and unique for their accounts. They recommend using a combination of at least eight characters, including numbers, symbols, and a mix of lowercase and uppercase letters. In addition, the company advises its customers to stay vigilant and be cautious of any suspicious communications that may appear to come from Roku. This includes requests to update payment details, share usernames or passwords, or click on suspicious links. To further assist users in keeping their accounts secure, Roku has provided an article on its customer support site titled “How to keep your Roku account secure.”
“We deeply apologize for the occurrence of these incidents and any inconvenience they may have caused,” the company expressed. “Ensuring the security of your account is of utmost importance to us, and we remain dedicated to safeguarding your Roku account.”
Read More:
- Lawmakers seek amendments to the SAFE-T Act to prevent criminals from ‘slipping through the cracks’
- Georgia’s citizenship verification process challenge dismissed by federal judge