Roku Identifies Cyber Security Attack Impacting 576,000 Accounts

Streaming service provider Roku said it has identified a cyber security attack that impacted about 576,000 accounts.
Roku cyber security issue
The cyber security incident is the second for Roku. Earlier this year, Roku had disclosed unauthorized access of 15,000 user accounts.

Roku does not reveal the name of its technology partner responsible for blocking cyber security incidents. The latest incident shows that Roku is unable to ensure privacy to its 80 million plus customers.

Roku is the leading TV streaming platform in the U.S. and Mexico in terms of hours streamed, according to Hypothesis Group, Dec 2023. Roku is also the #1 selling TV operating system in the U.S., Canada, and Mexico in Q4, according to Circana, Retail Tracking Service, Unit Sales, Oct-Dec 2023 combined.

The initial breach was identified when Roku’s security monitoring systems detected unusual account activity. Investigation revealed that unauthorized actors had accessed around 15,000 Roku user accounts using stolen login credentials obtained through a method known as “credential stuffing.” This technique involves using stolen usernames and passwords from one platform to gain access to accounts on another. Roku clarified that the compromised credentials were not sourced from their systems but from elsewhere.

Following this discovery, Roku notified affected users of the streaming platform and assured them that no data security breach occurred within their systems. However, they continued to monitor account activity closely. Subsequently, a second incident affecting approximately 576,000 additional accounts was identified.

Roku emphasized that there is no indication their systems were compromised in either incident. The company suggested that login credentials used in the attacks were likely obtained from another source, such as another online account, where users may have reused the same credentials.

Although the cyber attackers managed to log into less than 400 accounts and made unauthorized purchases, Roku assured customers that sensitive information such as full credit card numbers was not accessed.

In response to these incidents, Roku has taken several measures to enhance security. This includes resetting passwords for affected accounts, implementing two-factor authentication for all accounts, and refunding or reversing unauthorized charges. The company also encouraged users to create strong, unique passwords and remain vigilant against suspicious communications.

Roku has expressed regret over the incidents and reaffirmed their commitment to protecting user accounts. They advised users to stay informed and take proactive steps to safeguard their accounts.

InfotechLead.com News Desk

Related News

Latest News

Latest News