Second Roku cyber incident affects almost 600,000 people
For the second time this year, streaming service Roku has suffered a security incident, with hackers seen gaining access to thousands more customer accounts.
The company announced in a blog post on Friday (April 12) that during its investigation into the first breach, which affected 15,000 Roku user accounts, it identified a second security incident that affected 576,000 accounts.
As in the first incident, threat actors used credential stuffing to gain access to these accounts.
For those who don’t know, a credential stuffing attack occurs when hackers automate the entry of usernames and passwords on login pages in an effort to gain access. These credentials are often stolen in previous cyber attacks or purchased from other threat actors.
Roku reaffirms that, as in the first incident, it does not believe it was the source of these credentials, but rather that a data breach on a different site gave the hackers access to customer details, which they then attempted to use in Roku.
“There is no indication that Roku was the source of the account credentials used in these attacks or that Roku systems were compromised in any of the incidents,” the company said.
Similar to the last breach, by gaining access to user accounts, threat actors were able to change account information such as passwords, email addresses, and shipping addresses.
This locks users out of their accounts, and in a small number of cases, threat actors made subscription purchases using stored credit card data.
“In fewer than 400 cases, malicious actors logged in and made unauthorized purchases of subscriptions to streaming services and Roku hardware products using the payment method stored in these accounts, but did not gain access to any sensitive information, including phone numbers. complete credit card or other. complete payment information,” Roku said in its blog post.
In response to the incident, Roku said it had forced password resets for all affected accounts and was sending breach notifications to those affected. It is also about “refunding or reversing” charges from accounts where purchases have been made. Two-factor authentication has also been enabled on all Roku accounts.
Roku reiterates that the number of people affected is only a “small fraction” of its more than 80 million active accounts. Despite this, the fact that this is happening again in such a short period of time is very concerning and raises questions about whether Roku is responding to these incidents appropriately and thoroughly.
“In closing, we sincerely regret that these incidents occurred and any disruption they may have caused. “The security of your account is a top priority and we are committed to protecting your Roku account,” it said.