Roku, a smart TV platform and streaming device in the United States, has reported a data breach impacting 576,000 accounts. This is the second reported incident following a similar issue in March, which impacted 15,000 accounts initially. Upon further investigation, the impact was found to be greater than initially reported.
Roku discovered that attackers used a method known as credential stuffing, where leaked login credentials from other sources were tested on Roku accounts. It is important to note that these data did not originate from Roku. The breach resulted in 400 accounts being able to make purchases on the platform but not access sensitive personal information or credit card numbers.
Roku has stated that the affected accounts represent a small portion of the over 80 million accounts on the platform. As a response, they have taken immediate action by resetting passwords for the impacted accounts and notifying users. For those accounts with unauthorized content purchases, refunds have been issued. Additionally, Roku has implemented a two-factor authentication (2FA) login process, which all users must set up for future logins.
TLDR: Roku experienced a data breach affecting 576,000 accounts, with attackers using credential stuffing to gain access. Despite the breach, only a small fraction of the total accounts were impacted, and Roku has taken steps to secure affected accounts and enhance security measures.
Leave a Comment