Roku suffers a data breach again
Share this:
Roku customers have been affected by a second data breach. The streaming brand disclosed a breach affecting 576,000 user accounts, which follows another recently unearthed incident involving 15,000 accounts.
In response to the new breach, Roku has enabled two-factor authentication for all Roku accounts, and it’s notifying affected users and has already reset their passwords.
In both breaches, login credentials used in the attacks likely came from outside sources, such as a web account where a user employed the same credentials. But there is no indication that its systems were compromised.
A small number of customers were affected by unauthorized transactions, however. In and around 400 cases, malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in these accounts, but they did not gain access to any sensitive information, including full credit card numbers or other full payment information.” The company is reversing or refunding the unauthorized charges.
Roku has more than 80 million active accounts and provides streaming media players, smart TVs, and a streaming platform that lets customers access apps such as Netflix and Disney Plus.
As part of the new two-factor authentication, users must click a verification link sent to their email the next time they try to log in to their Roku account. The company is urging users to use strong, unique passwords and to look out for suspicious communications that claim to be from Roku.
Key facts on first Breach
Earlier last month, Roku disclosed a security breach after uncovering the suspicious activity, suggesting some accounts were accessed by hackers. The company estimates 15,363 accounts were accessed by hackers, who attempted to purchase streaming subscriptions in a limited number of incidents.
Roku indicated it secured the accounts by asking affected customers to reset their passwords. Though the hack didn’t compromise sensitive information, like payment account numbers or Social Security numbers, hackers reportedly sold stolen account information through an online marketplace.
