Streaming giant Roku has disclosed a massive data breach that has compromised more than 576,000 user accounts, marking the second security incident for the company in just a month.
The Hollywood Reporter reports that Roku, a leading streaming video platform, has announced that it has uncovered a new data breach affecting a staggering 576,000 user accounts. The discovery of this security incident comes just a month after the company revealed that 15,000 accounts were compromised in a similar breach.
The Roku app on a television in Hastings-On-Hudson, New York, US, on Tuesday, July 25, 2023. Roku Inc. is scheduled to release earnings figures on July 27. Photographer: Tiffany Hagler-Geard/Bloomberg
According to a statement released by Roku, the company identified the latest breach while investigating the previous security incident in early March. “After concluding our investigation of this first incident, we notified affected customers in early March and continued to monitor account activity closely to protect our customers and their personal information,” the statement read. “Through this monitoring we identified a second incident, which impacted approximately 576,000 additional accounts.”
The company clarified that the attack was not a result of a direct hack into Roku’s system but rather a technique known as “credential stuffing.” This method involves hackers obtaining login data from other sources and using it to gain unauthorized access to accounts. Roku stated that in less than 400 cases, malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in the compromised accounts. However, the company assured that no sensitive information, such as full credit card numbers or other complete payment information, was accessed.
In response to the breach, Roku has reset the passwords for all affected accounts and notified the account owners about the incident. The company boasts more than 80 million active accounts, making this breach a significant concern for its users. As a proactive measure to enhance security, Roku has announced that it will be enabling two-factor authentication for all accounts.
Breitbart Tech suggests all Roku customers take the following steps regardless of if they are notified that their accounts may have been compromised:
- Immediately change the password on your Roku account, even if Roku changed it already. Make sure your password on this and other devices does not match your email password.
- Enable two-factor authentication using your smartphone or a third-party authenticator service.
- Consider removing credit cards stored with the service. It may make purchases slightly inconvenient, but it will prevent bad guys from ordering products using your account.
- Review other services you use and consider applying these steps to them as well.
Read more at the Hollywood Reporter here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.