Roku Discloses Cyberattack, 576,000 Accounts Compromised

Roku, the popular streaming service has revealed that approximately 576,000 user accounts were compromised in a cyberattack, marking the second security breach for the platform this year.

According to a blog post by Roku, hackers gained unauthorized access to these accounts using stolen login credentials. The breach was detected during routine account monitoring following a previous cyberattack that impacted 15,000 accounts earlier this year.

The method employed by the hackers, known as credential stuffing, involved utilizing login and password combinations obtained from previous data breaches on other platforms. This underscores the importance of using unique passwords for each online account to mitigate such risks.

Roku clarified that there is no evidence suggesting that the compromised account credentials originated from a breach within Roku’s own systems. Moreover, fewer than 400 cases involved unauthorized purchases on streaming services and Roku products, with no access to sensitive financial information. Roku is in the process of reversing charges and providing refunds to affected users.

To enhance security measures, Roku announced the implementation of two-factor authentication across all accounts. This additional layer of security requires users to confirm login attempts via a secondary device.

In response to the breach, Roku emphasized its commitment to user account security and expressed regret for any inconvenience caused. The company has automatically reset user passwords and will contact affected users directly.

As a precautionary measure, Roku advises users to create unique, complex passwords, remain vigilant against phishing attempts, and review account activity regularly. Additionally, users are encouraged to reach out to customer support if they encounter any suspicious activity on their accounts.

Following the disclosure of the cyberattack, Roku’s stock experienced a decline of nearly 3%.