INDIANA— The company said on Friday that about 576,000 Roku accounts were compromised in a cyberattack, the streaming service’s second security breach this year.
Roku said in a blog post that hackers gained access to user accounts through stolen login credentials.
A security breach was discovered while Roku monitored account activity after a cyberattack earlier this year that affected 15,000 accounts.
In each instance, fraudsters used a cyberattack method known as credential stuffing: Hackers try login and password information leaked in one data breach on various users’ accounts, exploiting people who use the same credentials across different accounts. (Experts recommend people use different passwords for each online account.)
The company said in a statement that the credentials used to access Roku accounts were likely stolen from a data breach on a different site.
The company said, “There is no indication that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident.”
In fewer than 400 cases, hackers used Roku accounts to make purchases on streaming services and Roku products but did not gain access to sensitive financial information. Roku is reversing charges and refunding all affected accounts, the company said in a statement.
“These malicious actors were not able to access sensitive user information or full credit card information,” the company said.
The company said in a statement that user passwords have been automatically reset, and Roku will contact users affected by the security breach.
Roku, a streaming giant, hosts more than 80 million users. The company announced it is implementing two-factor authentication across all Roku accounts. The two-step security confirmation prompts users on a second device whenever an attempted login is detected.
“We sincerely regret that these incidents occurred and any disruption they may have caused. Your account security is a top priority, and we are committed to protecting your Roku account,” the company said in a statement.
The company’s stock is down nearly 3% since the security breach was announced.
Tips for securing your account
Users looking to protect their online accounts should create unique passwords that are at least eight characters long and comprise a mix of letters, symbols, and numbers.
Information: CNN