Roku reports second data breach, this time exposing over 500k users

Roku has reported that about 576,000 of its accounts have been compromised in a recent cyberattack, marking a significant security breach for the streaming service. This follows a previous incident earlier this year affecting 15,000 accounts.

The latest breach involves credential stuffing attack, where hackers use previously leaked usernames and passwords to access accounts on other platforms.

The breach was discovered while Roku was monitoring account activity to mitigate any further damage from the first incident. Roku claims that the hackers did not gain access to sensitive financial information, such as full credit card numbers but doesn't provide other details of what was accessed. Apparently in less than 400 cases, the unauthorized accesses led to fraudulent purchases of streaming services and Roku products, which the company has committed to refunding.

Roku has reset the passwords for all affected accounts and is enforcing two-factor authentication across all user accounts. Roku advises all users to update their accounts with strong, unique passwords and remain vigilant for any suspicious activity. Users are also encouraged to regularly check their account statements and settings to ensure no unauthorized changes have been made.