Roku data breach overview:
- Who: Roku announced it suffered a data breach that affected approximately 576,000 user accounts. The data breach is the second announced by Roku in less than a month.
- Why: Roku has attributed both data breaches to credential stuffing attacks as a result of compromised account credentials from other online sources.
- Where: The Roku data breach affects certain consumers nationwide.
Roku announced for the second time in less than a month that it has suffered a Roku data breach as a result of a credential stuffing attack.
The data breach, which Roku said affected approximately 576,000 user accounts, was revealed by the streaming TV service less than a month after it previously announced in March that about 15,000 user accounts had been accessed without authorization.
In a blog post published April 12, the compnay said it discovered this Roku data breach amid monitoring of account activity following the initial incident.
“We take your privacy and security seriously, and as part of our commitment to these values, we’d like to share information about our investigations into recent incidents that have impacted some of our user accounts,” the TV-streaming service said in its blog post.
Company says it is not the source of stolen account credentials used in Roku data breach
Roku has attributed both incidents to a credential stuffing attack and maintains neither itself nor its systems were the source of the compromised account credentials and that they likely came from a separate online account where the user had duplicate login credentials.
The company said it has found fewer than 400 cases of a malicious actor logging into one of the affected Roku accounts to make an unauthorized purchase of either a Roku hardware product or streaming service subscription using the stored payment method.
No sensitive information such as full credit card numbers or other full payment information was compromised during the incident, according to Roku, which said it has reset the passwords for all affected accounts.
The company said it is also refunding or reversing any unauthorized charges made using the stored payment information in the Roku account.
The threat actors behind the Roku data breach announced in March were reportedly selling compromised Roku accounts for as little as 50 cents, according to Bleeping Computer.
Have you been affected by a Roku data breach? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
124 thoughts onNew Roku data breach announced for second time in a month
Please add me
Add me please I have 4devices
Add me pls
add me please
Add me
add me I have multiple devices
Add me I have several devices
Add me
Add me I have several devices
add me