Roku says it found another cyberattack on Friday that affected 576,000 users. This is the second breach to affect the company since March.
Roku says the attackers used the login information of account holders, a technique called credential stuffing, to gain access to the streaming service and the payment methods of some users. The hackers were then able to use partial credit card numbers from “about 400 cases” to make unauthorized purchases for subscriptions to streaming services and Roku devices. But the company said the hackers did not get sensitive information like full credit card numbers and addresses.
The hackers used a method called credential stuffing, in which malicious actors take stolen usernames and passwords and try these credentials on different services. Roku says it’s possible third-party sources provided the login information. Hackers used the same method in March when 15,000 Roku user accounts were compromised and obtained credit card information.
Roku says it has reset the passwords for affected accounts. It will refund or reverse charges for any purchases hackers made for the small number of users whose payment methods were used.
The company also enabled two-factor authentication for all 80 million active Roku accounts, even for users whose information was not part of the breach. It will send users a verification link to set their two-factor authentication. Requiring additional login steps, the company says, will help its security team “detect and deter future credential stuffing incidents.”
As always, even if your account was not affected by the hack, it never hurts to check Have I Been Pwned? and to enable more login security measures.