It’s been months. While investigating a previous incident in which 15,000 accounts were affected, the company learned that an additional 576,000 accounts were compromised.
In both incidents, Roku believes the attackers used a method called credential stuffing. “The login credentials used in these attacks were likely obtained from another source, such as another online account, and the affected users may have used the same credentials,” the company said.
Roku added that in fewer than 400 cases, attackers used victims’ Roku accounts to purchase streaming subscriptions and Roku devices using stored payment methods. However, the hackers did not obtain complete credit card numbers or other payment information.
The company has reset passwords on all affected accounts and notified affected users. The company has also enabled two-factor authentication for its more than 80 million active accounts. You will receive a verification email the next time you log in. You need to click the link in the email to access your account. Meanwhile, Roku said it would refund or reverse fees in cases where hackers purchased subscriptions or hardware.
While the impact of this latest vulnerability may not seem too large, it’s a good reminder that you should have a strong and unique password for each account. A makes it easier to have reliable login credentials because you only need to remember a master password or log in using biometrics.
This article contains affiliate links; if you click on such links and make a purchase, we may earn a commission.
