Roku says 576,000 accounts were hacked in latest breach

Wendy Lee April 12, 2024

Roku on Friday disclosed that 576,000

of its users had their

accounts

were

accessed by malicious actors.

In fewerless than 400 of the cases, Roku said the malicious actors made unauthorized purchases of streaming subscriptions and Roku hardware products, but did not gain access to full credit card information.

The San Jos technology company said that it discovered the problem after monitoring unusual account activity on its platform earlier this year that affected roughly 15,000 user accounts.

The 576,000 figure is in addition to the 15,000 accounts affected earlier this year.

Through its investigation, Roku said that the malicious actors stole the login credentials through a different source and applied a practice called “credential stuffing,” applying stolen usernames and passwords across multiple platforms to take advantage of people who use the same credentials across multiple services.

In fewer less than 400 of the cases, Roku said the malicious actors made unauthorized purchases of streaming subscriptions and Roku hardware products, but did not gain access to full credit card information.

“We concluded at the time that no data security compromise occurred within our systems, and that Roku was not the source of the account credentials used in these attacks,” Roku said in a statement.

The company said it is enabling two-factor authentification for all of its 80 million account holders.

Roku

reset

the

passwords for the affected accounts and reversed or refunded the unauthorized charges made by the malicious actors,

the firm said

.

“We also want to reassure customers that these malicious actors were not able to access sensitive user information or full credit card information,” Roku said.