Roku has revealed a new security breach affecting 576,000 accounts.

Roku has announced that 576,000 accounts have been compromised in a new wave of credential stuffing attacks. The credential threats were stolen from third-party platforms.

“Credential stuffing is a type of attack where hackers use automation and lists of compromised usernames and passwords to bypass authentication and authorization mechanisms, with the goal of taking over accounts or exfiltrating data.”

In other words, attackers compile lists of compromised usernames and passwords and check them against desired logins until they find a working combination. They then log into these accounts to abuse access rights, either by siphoning off data or doing both.

Earlier this year, Roku detected unusual activity in accounts and found that unauthorized individuals had accessed approximately 15,000 user accounts using credentials obtained from another source through a "credential stuffing" attack.

As soon as the company completed its investigation into the first security incident, it notified the affected customers in early March. The company continued to monitor account activity and identified a second case affecting approximately 576,000 additional accounts.

“There is no evidence that Roku was the source of the credentials used in these attacks or that Roku's systems were compromised in any of the incidents.

Recommended News

Report on embedded finance in Greece 2024: the market will grow by 52.4%, reaching $780.1 million this year - investment opportunities until 2029.
26 October
6

Analysis of Brookfield Asset Management (NYSE:BAM) and KKR & Co. Inc. (NYSE:KKR)
26 October
12

UAE: How can an employee transition to a Golden Visa through real estate investments in Dubai? - News | Khaleej Times
26 October
4

20 cities on the East Coast where the upper class has grown the most in the last 5 years
26 October
9

Immigration: When "Tin" is Better than Gold - Lovina Makammerchi
26 October
7

Recommended real estate

Sale flat in Log 62 245,00 $

Bulgaria,Log

1 Bedroom

1 Bathroom

95 м²

It is more likely that the credentials used in these attacks were taken from another source, such as another online account where the affected users may have used the same credentials.”- states the press release published by the company.

“In fewer than 400 cases, attackers gained access to the system and made unauthorized purchases of subscriptions to streaming services and Roku products, using the saved payment method on these accounts, but they did not access any sensitive information, including full credit card numbers or other complete payment information.”

The company announced the implementation of measures to prevent future incidents, including resetting passwords for affected accounts. Roku also plans to refund unauthorized purchases and implement two-factor authentication (2FA) for all accounts. Roku aims to simplify this process and offers support for users in need of assistance.

The company has enabled two-factor authentication (2FA) by default for all customer accounts. The company recommends that customers use strong and unique passwords for their accounts and remain vigilant for any suspicious activity.