Roku has warned users about a second cyberattack that left 576,000 accounts in the hands of criminals. The devastating data breach was uncovered while Roku was investigating an earlier attack.
The latter was confirmed just 30 days ago and saw roughly 15,000 user accounts accessed by hackers, with some 400 cases where saved payment details were used to buy streaming service subscriptions and hardware products. In these cases, Roku said it would refund or reverse charges for accounts where it has determined unauthorised purchases were made as part of the pair of cyberattacks.
Roku has over 80 million active accounts on its streaming platform globally. It has reassured the vast majority of the 576,000 users caught up in the latest hack that criminals had not managed to access sensitive information, like full credit card numbers or other payment details.
The streaming firm has enabled two-factor authentication for all the accounts to beef up security controls. That means even if hackers have access to your username and password, two-factor authentication will prevent them from logging into your account with an additional verification — usually a unique code sent via SMS or email.
Between the two attacks, a total of 591,363 Roku accounts have been compromised by credential stuffing.
The latter refers to a scam when cybercriminals collect credentials exposed in recent data breaches and then use these leaked email addresses and password combos to attempt to log in to other websites and online services. In this case, hackers attempted to access Roku.com.
Credential stuffing is the reason that security experts warn you to never use the same password for multiple accounts. If one of these services suffers a breach, hackers could access dozens of others.
Once hackers have gained access to your account, they’re able to change critical information — like passwords, email addresses, and shipping addresses. This can be used to lock-out account owners.
The streaming brand is encouraging all Roku account owners to...
- Review the subscriptions and the devices linked to your Roku account. You can access that information from your Roku account dashboard
- Always use a strong unique password for each of your online accounts
- Remain vigilant against incidents of identity theft and fraud by monitoring your account activity, account statements, credit reports, and other online account information for suspicious activity and to report any suspicious activity promptly to your account provider or other applicable institutions
