A hack compromised around 576,000 Roku accounts, the firm announced on Friday, marking the streaming service’s second security breach this year.
According to a blog post by Roku, hackers obtained access to customer accounts using stolen login credentials. The security flaw was detected while Roku was monitoring user behavior following a cyberattack on 15,000 accounts earlier this year.
The attackers employed a technique known as “credential stuffing” to gain access to several accounts using login information obtained during a previous data breach. Such individuals frequently use the same password for multiple online platforms, which hackers then exploit.
What Roku is claiming?
Roku claims it has reset the passwords for the impacted accounts. It will reimburse or reverse any charges incurred by hackers for the limited number of users who used their payment methods.
The company also introduced two-factor authentication for all 80 million active Roku accounts, even those whose information was not compromised in the attack. It will offer users a verification link to enable two-factor authentication. According to the corporation, adding additional login stages will assist its security staff in “detecting and deterring future credential stuffing incidents.”
As always, even if the hack did not affect your account, it never hurts to check Have I Been Pwned? and to implement additional login security measures.
The company’s shares has dropped roughly 3% since the security issue was disclosed.