Roku data breach overview:
- Who: Roku announced it suffered a data breach that affected approximately 576,000 user accounts. The data breach is the second announced by Roku in less than a month.
- Why: Roku has attributed both data breaches to credential stuffing attacks as a result of compromised account credentials from other online sources.
- Where: The Roku data breach affects certain consumers nationwide.
Roku announced for the second time in less than a month that it has suffered a Roku data breach as a result of a credential stuffing attack.
The data breach, which Roku said affected approximately 576,000 user accounts, was revealed by the streaming TV service less than a month after it previously announced in March that about 15,000 user accounts had been accessed without authorization.
In a blog post published April 12, the compnay said it discovered this Roku data breach amid monitoring of account activity following the initial incident.
“We take your privacy and security seriously, and as part of our commitment to these values, we’d like to share information about our investigations into recent incidents that have impacted some of our user accounts,” the TV-streaming service said in its blog post.
Company says it is not the source of stolen account credentials used in Roku data breach
Roku has attributed both incidents to a credential stuffing attack and maintains neither itself nor its systems were the source of the compromised account credentials and that they likely came from a separate online account where the user had duplicate login credentials.
The company said it has found fewer than 400 cases of a malicious actor logging into one of the affected Roku accounts to make an unauthorized purchase of either a Roku hardware product or streaming service subscription using the stored payment method.
No sensitive information such as full credit card numbers or other full payment information was compromised during the incident, according to Roku, which said it has reset the passwords for all affected accounts.
The company said it is also refunding or reversing any unauthorized charges made using the stored payment information in the Roku account.
The threat actors behind the Roku data breach announced in March were reportedly selling compromised Roku accounts for as little as 50 cents, according to Bleeping Computer.
Have you been affected by a Roku data breach? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
124 thoughts onNew Roku data breach announced for second time in a month
Sign me up
Please Add me to the lise
I enjoyed watching my Roku TV, but now I have to fear that my Data information was stolen. Why does everything a consumer thinks is a good thing will end up harming the consumer? I would love to join a Class action suite to stop companies from harming the customer in ways that it has.
I enjoyed watching my Roku TV, but now I have to fear that my Data information was stolen. Why does everything a consumer thinks is a good thing will end up harming the consumer? Please add me.
I enjoyed watching my Roku TV, but now I have to fear that my Data information was stolen. Why does everything a consumer thinks is a good thing will end up harming the consumer? Please add me to your list.
Why does everything a consumer thinks is a good thing will end up harming the consumer? Please add me to your list.
Yes. Sign me up
Sign me up
Please add me> I am so sick of these data breaches.
I am a roku customer
Sign me up and yes
I am a Roku costermer
My Roku has been saying they are having issues with different things nd not allowing me to do certain things