CNN
—
About 576,000 Roku accounts had been compromised in a cyberattack, the corporate stated on Friday, the second safety breach for the streaming service this yr.
Hackers gained entry to consumer accounts by means of stolen login credentials, Roku said in a blog post. The safety breach was found whereas Roku monitored account exercise after a cyberattack affected 15,000 accounts earlier this yr.
In every occasion, fraudsters used a cyberattack methodology often known as credential stuffing: Hackers strive login and password info leaked in a single information breach on quite a lot of customers’ accounts, exploiting individuals who use the identical credentials throughout completely different accounts. (Consultants advocate individuals use completely different passwords for every of their on-line accounts.)
Credentials used to entry Roku accounts had been seemingly from a knowledge breach on a special website, the corporate stated in a press release.
“There isn’t any indication that Roku was the supply of the account credentials utilized in these assaults or that Roku’s programs had been compromised in both incident,” the corporate stated.
In fewer than 400 instances, hackers used Roku accounts to make purchases on streaming providers and Roku merchandise however didn’t achieve entry to delicate monetary info. Roku is reversing fees and refunding all affected accounts, the corporate stated in a press release.
“These malicious actors weren’t capable of entry delicate consumer info or full bank card info,” the corporate stated.
Consumer passwords have been routinely reset, and customers affected by the safety breach might be contacted by Roku, the corporate stated in a press release.
Roku, a streaming big, hosts greater than 80 million customers. The corporate introduced it’s implementing two-factor authentication throughout all Roku accounts. The 2-step safety affirmation prompts customers on a second system every time there’s an tried log in.
“We sincerely remorse that these incidents occurred and any disruption they might have brought on. Your account safety is a prime precedence, and we’re dedicated to defending your Roku account,” the corporate stated in a press release.
The corporate’s inventory is down almost 3% because the safety breach was introduced.
Customers trying to shield their on-line accounts ought to create distinctive passwords that comprise a mixture of letters, symbols and numbers not less than eight characters lengthy.
Concentrate on web scams, phishing emails and suspicious requests for login or monetary info.
Roku customers ought to contact buyer assist when unsure and periodically log in to accounts to overview purchases and subscriptions, the corporate stated in a press release.