Roku Data Breach Exposes Over 576,000 User Accounts

Roku, a popular streaming device company, has disclosed another security breach that has affected over 576,000 user accounts. This marks the second data breach for Roku in 2024, following a previous incident in March that compromised the information of 15,000 users.

The company has attributed the breach to a technique known as credential stuffing, where hackers employ stolen login credentials from other compromised platforms to gain unauthorized access to user accounts. In this case, attackers utilized stolen credentials to access Roku accounts and make unauthorized purchases of streaming subscriptions and Roku devices.

Roku has confirmed that while hackers managed to utilize portions of 400 credit card numbers for unauthorized transactions, sensitive information such as full credit card numbers and user addresses remained secure.

To address the breach, Roku has reset the passwords of affected accounts and is reimbursing users for unauthorized purchases made using their stolen credentials. Additionally, the company has enabled two-factor authentication for all 80 million active Roku accounts, a measure intended to enhance account security.

The incident highlights the importance of using strong, unique passwords for all online accounts and enabling two-factor authentication whenever available. Users are also advised to remain vigilant and report any suspicious activity to Roku or their respective financial institutions.

Back to top button