Streaming Giant Roku Confirms Second Security Incident
Streaming giant Roku has confirmed a second security incident in as many months. Hackers were able to compromise more than half a million Roku user accounts, the company announced on Friday.
In a statement, Roku revealed that about 576,000 user accounts were accessed using a technique known as credential stuffing. This method involves malicious hackers using usernames and passwords stolen from other data breaches and reusing them on other sites.
“In fewer than 400 account breaches, the malicious hackers made fraudulent purchases of Roku hardware and streaming subscriptions using the payment data stored in those users’ accounts,” Roku stated.
The company also assured that it has refunded customers affected by the account intrusions. Out of its 80 million customers, only a small fraction were impacted by the incident.
Roku clarified that the malicious hackers were not able to access sensitive user information or full credit card information. This means that users’ personal data and financial information were not compromised in the attack.
The company said it discovered the second incident while it was notifying some 15,000 Roku users that their accounts were compromised in an earlier credential stuffing attack. As a result of these security incidents, Roku has implemented two-factor authentication to ensure the safety and security of its users.
Two-factor authentication prevents credential stuffing attacks by adding an additional layer of security to online accounts. This security measure prompts users to enter a time-sensitive code along with their username and password, making it difficult for malicious hackers to gain access to an account even with a stolen password.