Estimated reading time: 2 minutes
Remember the Roku user information leak that we reported on a few weeks ago? The security incident left more than 15,000 Roku accounts compromised.
That was, however, only the beginning.
According to Roku, a subsequent breach affected an additional 576,000 users.
The company concluded 2023 with 80 million active user accounts, so 576,000 breached accounts is roughly 0.72 percent of its total user base.
“There is no indication that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident. Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials,” wrote Roku in a blog post.
This is the same as the initial attack that breached roughly 15,000 accounts.
Roku says that out of 576,000, in less than 400 cases, fraud actors were able to log in to user accounts and make unauthorized purchases of streaming service subscriptions and Roku hardware products. The company, however, assures that no sensitive personal data, such as full credit card details, were accessed during the hacks.
The company has also reset the password of affected users and has notified them. “We also are refunding or reversing charges for the small number of accounts where we’ve determined that unauthorized actors made purchases of streaming service subscriptions or Roku hardware products using a payment method stored in these accounts,” wrote the company.
Roku has also enabled two-factor authentication for all, even the users that weren’t affected. The next time you try to log in to your Roku account, you’ll receive a 2FA code on your connected email.
You can learn more about the breach here.
About The Author
Discover more from Artificial Race!
Subscribe to get the latest posts sent to your email.