Roku Hit By Second Cyber Attack Inside Two Months, 576,000 Accounts Breached

• Roku on Friday announced that 576,000 accounts were impacted in a recent security breach
• The breach was detected when the company was monitoring platform activity after its last breach a month ago that compromised 15,000 accounts
• All affected users have been notified and Roku is taking necessary steps to prevent future attacks

Popular streaming service Roku has fallen prey to a major cyberattack that has compromised around 576,000 Roku accounts. This is the second time the company has been hit by a security breach in 2024. The last attack took place in March and comprised over 15,000 accounts.

Roku currently has 80 million users in total. So, although the attack has affected only a small percentage of its user base, the absolute numbers are massive plus the frequency of the attacks is a matter of grave concern.

In a blog post, the company said that hackers gained access to user accounts through stolen credentials taken from a different source (not related to Roku) via credential stuffing.

There is no indication that Roku was the source of the account credentials used in these attacks or that Roku's systems were compromised in either incident.RokuCredential stuffing is a type of automated cyberattack where a hacker takes the login credentials stolen from one platform and tries it on other platforms. So, users who have the same login credentials across all their online platforms are compromised in these attacks.How Was the Second Attack Discovered & What Happened to Those Users?

After the first attack, Roku notified the affected users and continued to monitor activities in case something suspicious came up. That's when it detected the second breach affecting 576,000 user accounts.

Out of these, only 400 accounts were used by the hackers to purchase Roku products such as Roku hardware and streaming subscriptions.

The company confirmed that the hack did not leak any sensitive or credit-card-related information. So, the only explanation for these purchases is that those users had their payment details saved in their accounts.

Nevertheless, all fraudulent purchases were refunded and the company apologized for this inconvenience.

On a side note, despite its quick response to the issue and its commitment to do better, Roku's stocks slipped by 2% since the breach was revealed.

Read more: A US government consulting firm Greylock McKinnon Associates or GMA hit by data breach that compromises 341,650 social security numbers

What Is Roku Doing to Protect Its Users Now?The first thing Roku did was automatically reset all user passwords to prevent further damage and notify those affected by the attack. The transparency it maintained and the swift actions that it took are commendable.

To prevent future attacks, Roku has decided to introduce two-factor authentication on all accounts-even those that were not compromised in the two attacks. So, now when you try to log into your Roku account, you'll receive a verification link on your email and you'll have to click on that to access your account.

Sure, it does complicate the login process a little, but, of course, your safety is the main priority here. The company has also assured that it tried to keep it as simple as possible.

Roku also posted some guidelines for its users to maintain airtight security on their part.

• Creating a strong and unique password for your Roku account is the first step.
• Users have also been asked to stay vigilant and watch out for unusual activities.
• They must also keep checking their email in case Roku has an update about their account activity and charges.

Growing Instances of Security Breach in Streaming Services

In recent years, cyberattacks on streaming services have drastically increased.

In February this year, a group of hackers backed by Iran called Cotton Sandstorm disrupted TV streaming services in the UAE and replaced the content with a deepfake video. The video consisted of a fake newsreader reading fabricated news updates from the ongoing war in Gaza.

Another report from SiliconAngle revealed that hackers are targeting multiple streaming sites amidst the writer and actor strike in Hollywood.

Users from Disney+ and Paramount Plus were getting fake emails impersonating the service providers. The emails said their subscription was renewing at a price higher than their usual price and if they wanted to cancel it, they needed to contact the number given in the email.

The said number was controlled by the hackers. So, if a target decided to call, the hacker would then persuade them into sharing more of their personal details.

What Can You Do to Stay Safe?

While companies are doing their best to mitigate cyber threats, it's also up to the users to take precautions. For starters, whenever you get a shady email, it's always best to cross-check the email ID. Companies usually have their official email IDs listed on their websites-if they don't match, don't respond!

Similarly, if you get a call from someone claiming to be a customer support agent-exactly what happened last month when Apple users were spammed with unwanted password reset requests-make sure the number matches the company's official support lines. Once again, don't continue the conversation if the numbers don't match or if you suspect something's off.

The post Roku Hit By Second Cyber Attack Inside Two Months, 576,000 Accounts Breached appeared first on The Tech Report.