Roku, the popular streaming service provider, stated on Friday that they witnessed their second cyberattack this year.
In early 2024, the first cyberattack breached the accounts of over 15,000 users, which is more likely to be called credential stuffing. It is a malicious technique in which hackers log through the credentials leaked during the previous data breach. And, these same credentials will be used on different platforms.
“There is no indication that Roku was the source of the account credentials used in the attacks or that Roku’s systems were compromised in either incident,” says Roku. This proves that these account credentials were stolen from a separate data breach that doesn’t involve Roku.
As Music for the ears of Roku users, the company also explained that the fraudsters didn’t gain the gateway of sensitive information like payment details and credit card numbers. Even with 80 million active accounts, this cyberattack downs Roku’s shares by about 2% more than usual.
Furthermore, the Roku company also gave clarity that only less than 400 cases of the information were used for unauthorized purchases. That involves the streaming service subscriptions and hardware products using the existing payment accounts. Roku also confirmed these payment charges will be refunded and reversed for all of the accounts that have undergone unauthorized purchases.
Roku sincerely apologized for the matter saying, “We sincerely regret that these incidents occurred and any disruption they may have caused. Your account security is a top priority, and we are committed to protecting your Roku account”
And to save your skin, Roku has reset the passwords of the hacked account automatically. Besides that, two-factor authentication is also introduced in which your account will undergo a verification step prior to any login attempt on a secondary device.
