Roku Hit By Another Security Breach, This Time 576,000 Accounts Were Compromised
Roku says it's now going to try this 'two-factor authentication' thing all the kids are talking about
Roku said that after investigating a security breach that was reported in early March, it detected a second, larger intrusion that involved around 576,000 accounts.
The streaming company released a statement on the matter Friday.
Once again, the security breach involved "credential stuffing," whereby hackers who have already stolen user names and passwords knock on the door of Roku accounts, hoping users abide by the bad habit of using the same credentials for multiple services.
"There is no indication that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident," Roku said in its Friday statement. "Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials. In less than 400 cases, malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in these accounts, but they did not gain access to any sensitive information, including full credit card numbers or other full payment information."
In addition to resetting passwords for affected users, Roku said it will now adopt two-factor authentication.
NEXT TV NEWSLETTER
The smarter way to stay on top of the streaming and OTT industry. Sign up below.
Daniel Frankel is the managing editor of Next TV, an internet publishing vertical focused on the business of video streaming. A Los Angeles-based writer and editor who has covered the media and technology industries for more than two decades, Daniel has worked on staff for publications including E! Online, Electronic Media, Mediaweek, Variety, paidContent and GigaOm. You can start living a healthier life with greater wealth and prosperity by following Daniel on Twitter today!