Roku Discovers 576,000 User Accounts Impacted by Cyberattack

Roku, the popular streaming service, has revealed that 576,000 user accounts were impacted by a recent cyberattack. This discovery came to light during an investigation into a previous data breach that affected around 15,000 users earlier this year.

The cyberattack involved threat actors using a technique called “credential stuffing” to steal login information such as usernames and passwords. This method involves using stolen credentials from one platform to gain unauthorized access to accounts on other platforms.

Roku clarified that their systems were not compromised in either incident and that the login credentials used in the attacks were likely obtained from another source where users had reused the same login information. While the security of their systems remained intact, some accounts were used to make fraudulent purchases.

In response to the cyberattacks, Roku has implemented two-factor authentication for all accounts, reset passwords for affected users, and is offering refunds or reversals for any damages incurred. The company also reassured users that no sensitive information, such as full credit card numbers, was accessed by the threat actors.

Antoine Vastel, vice president of research at DataDome, highlighted the dangers of using the same passwords for multiple accounts, making it easier for cybercriminals to gain unauthorized access. He emphasized the importance of securing online accounts to prevent identity theft and unauthorized transactions.

As cyber threats continue to evolve, it is crucial for users to prioritize their online security and take proactive measures to protect their personal information.