Roku Uncovers Large Cyber Attack Impacting Over 500,000 Accounts

Roku Uncovers Large Cyber Attack Impacting Over 500,000 Accounts
We may receive commissions for purchases made through links on our website. We appreciate your support.

Streaming device maker Roku has revealed that a recent cyber attack was more extensive than initially reported. After disclosing a breach affecting 15,000 user accounts earlier this year, the company identified an additional 576,000 accounts that were compromised in a related incident.

While the attackers have not managed to steal any sensitive information like people’s credit card details, it's still worrying. Roku's boosting security, but it's a reminder to stay vigilant online and update security.

Here are more details about the attack and Roku’s response:

Unauthorized Purchases Made

Despite having over 80 million active accounts, Roku assured customers that the hackers did not gain access to full credit card numbers or other sensitive payment information. However, the company detected under 400 cases where the stolen account credentials were used to make unauthorized purchases of streaming subscriptions and Roku hardware.

While Roku's shares dipped around 2% following the news, the company has pledged to refund or reverse any charges resulting from the unauthorized access. The attack is believed to have leveraged "credential stuffing," a technique where hackers attempt to log into accounts using username and password combinations leaked from other data breaches.

To improve account security, Roku has enabled two-factor authentication for all user accounts, requiring an additional verification step beyond just a password. The company urged users to create unique, complex passwords for each online account to prevent such attacks in the future.

A Reminder of Online Security Importance

The incident serves as a reminder of the importance of online security and the risks associated with reusing login credentials across multiple platforms. As streaming services continue to gain popularity, companies must remain vigilant in protecting user data and accounts from unauthorized access.

As a user, we recommend that you avoid using the same password across multiple accounts. Always enable two-factor authentication (2FA) whenever possible.