Roku, a streaming service provider, recently fell victim to a major cyberattack impacting over half a million user accounts. This incident marked the company’s second cybersecurity breach in the year 2024.
In April 2024, Roku identified a significant cyberattack that affected approximately 576,000 user accounts. This discovery was made during the company’s investigation into a previous security breach that impacted 15,000 accounts earlier in the year.
The compromised accounts represent a substantial portion of Roku’s total user base. With over 80 million active accounts, the latest attack affected nearly 0.72% of Roku’s users.
Despite the large number of affected accounts, Roku assured users that the hackers did not gain access to any sensitive information, such as full credit card numbers or other payment details.
Despite the assurance regarding sensitive data, Roku identified less than 400 instances where the compromised information was utilized for unauthorized purchases of streaming service subscriptions and hardware products. These unauthorized transactions were made using the payment methods stored in the affected accounts.
In response to the unauthorized purchases, Roku committed to refund or reverse charges for all identified cases. This gesture is part of Roku’s effort to manage the fallout of the attack and maintain customer trust.
The company attributed the unauthorized access to a phenomenon known as “credential stuffing.” This process involves attackers using the same credentials across different platforms.
In light of the breach, Roku has implemented two-factor authentication for all accounts to augment security controls and reduce the risk of similar breaches in the future.
Following the announcement of the breach, Roku’s shares took a hit, falling by more than 2%.
While full credit card numbers and payment details were not accessed during the attack, users are advised to change their account passwords and monitor their accounts for any suspicious activity.
Roku’s experience underscores the importance of robust cybersecurity measures for companies operating in the digital space. Organizations must prioritize security to protect user data and maintain customer trust.