cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Second Roku cyber incident affects almost 600k

For the second time this year, streaming service Roku has suffered a security incident, with hackers having been observed gaining access to thousands more customer accounts.

user icon Daniel Croft
Mon, 15 Apr 2024
Second Roku cyber incident affects almost 600k
expand image

The company announced in a blog post on Friday (12 April) that during its investigation into the first breach, which affected 15,000 Roku user accounts, it identified a second security incident that affected 576,000 accounts.

Just like the first incident, the threat actors utilised credential stuffing to gain access to these accounts.

For those unaware, a credential stuffing attack is when hackers automate the entry of usernames and passwords into login pages in an effort to gain access. These credentials are often stolen in prior cyber attacks or purchased from other threat actors.


Roku reaffirms that just like the first incident, it does not believe that it was the source of these credentials but that a data breach on a different site granted the hackers access to customer details, which it then attempted to use on Roku.

“There is no indication that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident,” the company said.

Just as with the last breach, by gaining access to user accounts, threat actors were able to change account information such as passwords, email addresses, and shipping addresses.

This locks the users out of their accounts and, in a small number of cases, resulted in the threat actors making subscription purchases with the stored credit card details.

“In less than 400 cases, malicious actors logged in and made unauthorised purchases of streaming service subscriptions and Roku hardware products using the payment method stored in these accounts, but they did not gain access to any sensitive information, including full credit card numbers or other full payment information,” said Roku in its blog post.

Responding to the incident, Roku said it has forced password resets for all affected accounts and is sending out breach notifications to those affected. It is also “refunding or reversing” charges for the accounts where purchases have been made. Two-factor authentication has been enabled on all Roku accounts as well.

Roku reiterates that the number of people affected is just a “small fraction” of its over 80 million active accounts. Despite this, the fact that this is a repeat occurrence in such a short time frame is majorly concerning and raises questions about whether Roku is responding to these incidents appropriately and thoroughly enough.

“In closing, we sincerely regret that these incidents occurred and any disruption they may have caused. Your account security is a top priority, and we are committed to protecting your Roku account,” it said.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.