576,000 Roku accounts hacked in second security incident in 2 months

The company said that this incident affected "a small fraction of Roku’s more than 80M active accounts."

Hannah Nightingale Washington DC

More than half a million Roku accounts were recently hacked in the second security incident in two months, the company announced on Friday.

The streaming device giant said in a statement that 576,000 accounts were part of the second incident.

The company said "Roku’s security monitoring systems detected an increase in unusual account activity" earlier this year, and after an investigation, "we determined that unauthorized actors had accessed about 15,000 Roku user accounts using login credentials (i.e. usernames and passwords) stolen from another source unrelated to Roku through a method known as 'credential stuffing.'"  

The company explained that "credential stuffing" is when hackers use stolen usernames and passwords from one platform, and attempt to log in elsewhere.

After the conclusion of the first investigation, the company notified customers in early March and continued monitoring account activity, through which a second incident was discovered.

"There is no indication that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident. Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials," the company wrote.

"In less than 400 cases, malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in these accounts, but they did not gain access to any sensitive information, including full credit card numbers or other full payment information."

The company has reset the passwords for all affected accounts, and has refunded or reversed charges for those accounts on which unauthorized payments were made. Two-factor authentication has also been enacted for all Roku accounts.

"We also want to reassure customers that these malicious actors were not able to access sensitive user information or full credit card information."

The company said that this incident affected "a small fraction of Roku’s more than 80M active accounts."

Sign in to comment


Powered by The Post Millennial CMS™ Comments

Join and support independent free thinkers!

We’re independent and can’t be cancelled. The establishment media is increasingly dedicated to divisive cancel culture, corporate wokeism, and political correctness, all while covering up corruption from the corridors of power. The need for fact-based journalism and thoughtful analysis has never been greater. When you support The Post Millennial, you support freedom of the press at a time when it's under direct attack. Join the ranks of independent, free thinkers by supporting us today for as little as $1.

Support The Post Millennial

Remind me next month

To find out what personal data we collect and how we use it, please visit our Privacy Policy

By signing up you agree to our Terms of Use and Privacy Policy
© 2024 The Post Millennial, Privacy Policy | Do Not Sell My Personal Information