Roku says 576,000 consumer accounts hacked after second safety incident

Streaming large Roku has confirmed a second safety incident in as many months, with hackers this time capable of compromise greater than half one million Roku consumer accounts.

In a statement Friday, the corporate stated about 576,000 consumer accounts had been accessed utilizing a method often known as credential stuffing, the place malicious hackers use usernames and passwords stolen from different knowledge breaches and reuse the logins on different websites.

Roku stated in fewer than 400 account breaches, the malicious hackers made fraudulent purchases of Roku {hardware} and streaming subscriptions utilizing the fee knowledge saved in these customers’ accounts. Roku stated it refunded prospects affected by the account intrusions.

The corporate, which has 80 million prospects, stated the malicious hackers “weren’t capable of entry delicate consumer data or full bank card data.”

Roku stated it found the second incident whereas it was notifying some 15,000 Roku customers that their accounts had been compromised in an earlier credential stuffing assault.

Following the safety incidents, Roku stated it rolled out two-factor authentication to customers. Two-factor authentication prevents credential stuffing assaults by including a further layer of safety to on-line accounts. By prompting a consumer to enter a time-sensitive code together with their username and password, malicious hackers can’t break right into a consumer’s account with only a stolen password.