Share this article on:
For the second time this year, streaming service Roku has suffered a security incident, with hackers having been observed gaining access to thousands more customer accounts.
The company announced in a blog post on Friday (12 April) that during its investigation into the first breach, which affected 15,000 Roku user accounts, it identified a second security incident that affected 576,000 accounts.
Just like the first incident, the threat actors utilised credential stuffing to gain access to these accounts.
For those unaware, a credential stuffing attack is when hackers automate the entry of usernames and passwords into login pages in an effort to gain access. These credentials are often stolen in prior cyber attacks or purchased from other threat actors.
Roku reaffirms that just like the first incident, it does not believe that it was the source of these credentials but that a data breach on a different site granted the hackers access to customer details, which it then attempted to use on Roku.
“There is no indication that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident,” the company said.
Just as with the last breach, by gaining access to user accounts, threat actors were able to change account information such as passwords, email addresses, and shipping addresses.
This locks the users out of their accounts and, in a small number of cases, resulted in the threat actors making subscription purchases with the stored credit card details.
“In less than 400 cases, malicious actors logged in and made unauthorised purchases of streaming service subscriptions and Roku hardware products using the payment method stored in these accounts, but they did not gain access to any sensitive information, including full credit card numbers or other full payment information,” said Roku in its blog post.
Responding to the incident, Roku said it has forced password resets for all affected accounts and is sending out breach notifications to those affected. It is also “refunding or reversing” charges for the accounts where purchases have been made. Two-factor authentication has been enabled on all Roku accounts as well.
Roku reiterates that the number of people affected is just a “small fraction” of its over 80 million active accounts. Despite this, the fact that this is a repeat occurrence in such a short time frame is majorly concerning and raises questions about whether Roku is responding to these incidents appropriately and thoroughly enough.
“In closing, we sincerely regret that these incidents occurred and any disruption they may have caused. Your account security is a top priority, and we are committed to protecting your Roku account,” it said.