Home Roku Hit By Second Cyber Attack Inside Two Months, 576,000 Accounts Breached

Roku Hit By Second Cyber Attack Inside Two Months, 576,000 Accounts Breached

Krishi Chowdhary Journalist Author expertise
In our content, we occasionally include affiliate links. Should you click on these links, we may earn a commission, though this incurs no additional cost to you. Your use of this website signifies your acceptance of our terms and conditions as well as our privacy policy.
  • Roku on Friday announced that 576,000 accounts were impacted in a recent security breach
  • The breach was detected when the company was monitoring platform activity after its last breach a month ago that compromised 15,000 accounts
  • All affected users have been notified and Roku is taking necessary steps to prevent future attacks

Roku Hit By Second Cyber Attack Insider Two Months, 576,000 Accounts Breached

Popular streaming service Roku has fallen prey to a major cyberattack that has compromised around 576,000 Roku accounts. This is the second time the company has been hit by a security breach in 2024. The last attack took place in March and comprised over 15,000 accounts.

Roku currently has 80 million users in total. So, although the attack has affected only a small percentage of its user base, the absolute numbers are massive plus the frequency of the attacks is a matter of grave concern.

In a blog post, the company said that hackers gained access to user accounts through stolen credentials taken from a different source (not related to Roku) via credential stuffing.

There is no indication that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident.Roku
💡Credential stuffing is a type of automated cyberattack where a hacker takes the login credentials stolen from one platform and tries it on other platforms. So, users who have the same login credentials across all their online platforms are compromised in these attacks.

How Was the Second Attack Discovered & What Happened to Those Users?

After the first attack, Roku notified the affected users and continued to monitor activities in case something suspicious came up. That’s when it detected the second breach affecting 576,000 user accounts.

Out of these, only 400 accounts were used by the hackers to purchase Roku products such as Roku hardware and streaming subscriptions.

Roku devices

The company confirmed that the hack did not leak any sensitive or credit-card-related information. So, the only explanation for these purchases is that those users had their payment details saved in their accounts.

Nevertheless, all fraudulent purchases were refunded and the company apologized for this inconvenience.

On a side note, despite its quick response to the issue and its commitment to do better, Roku’s stocks slipped by 2% since the breach was revealed.

Read more: A US government consulting firm Greylock McKinnon Associates or GMA hit by data breach that compromises 341,650 social security numbers

What Is Roku Doing to Protect Its Users Now?

The first thing Roku did was automatically reset all user passwords to prevent further damage and notify those affected by the attack. The transparency it maintained and the swift actions that it took are commendable.

To prevent future attacks, Roku has decided to introduce two-factor authentication on all accounts—even those that were not compromised in the two attacks. So, now when you try to log into your Roku account, you’ll receive a verification link on your email and you’ll have to click on that to access your account.

Sure, it does complicate the login process a little, but, of course, your safety is the main priority here. The company has also assured that it tried to keep it as simple as possible.

Roku also posted some guidelines for its users to maintain airtight security on their part.

  • Creating a strong and unique password for your Roku account is the first step.
  • Users have also been asked to stay vigilant and watch out for unusual activities.
  • They must also keep checking their email in case Roku has an update about their account activity and charges.

Growing Instances of Security Breach in Streaming Services

In recent years, cyberattacks on streaming services have drastically increased.

🛑In February this year, a group of hackers backed by Iran called Cotton Sandstorm disrupted TV streaming services in the UAE and replaced the content with a deepfake video. The video consisted of a fake newsreader reading fabricated news updates from the ongoing war in Gaza.

🛑Another report from SiliconAngle revealed that hackers are targeting multiple streaming sites amidst the writer and actor strike in Hollywood.

🛑Users from Disney+ and Paramount Plus were getting fake emails impersonating the service providers. The emails said their subscription was renewing at a price higher than their usual price and if they wanted to cancel it, they needed to contact the number given in the email.

The said number was controlled by the hackers. So, if a target decided to call, the hacker would then persuade them into sharing more of their personal details.

What Can You Do to Stay Safe?

While companies are doing their best to mitigate cyber threats, it’s also up to the users to take precautions. For starters, whenever you get a shady email, it’s always best to cross-check the email ID. Companies usually have their official email IDs listed on their websites—if they don’t match, don’t respond!

Similarly, if you get a call from someone claiming to be a customer support agent—exactly what happened last month when Apple users were spammed with unwanted password reset requests—make sure the number matches the company’s official support lines. Once again, don’t continue the conversation if the numbers don’t match or if you suspect something’s off.

The Tech Report - Editorial ProcessOur Editorial Process

The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.

Question & Answers (0)

Have a question? Our panel of experts will answer your queries. Post your Question

Leave a Reply

Write a Review

Your email address will not be published. Required fields are marked *

Krishi Chowdhary Journalist

Krishi Chowdhary Journalist

Krishi is an eager Tech Journalist and content writer for both B2B and B2C, with a focus on making the process of purchasing software easier for businesses and enhancing their online presence and SEO.

Krishi has a special skill set in writing about technology news, creating educational content on customer relationship management (CRM) software, and recommending project management tools that can help small businesses increase their revenue.

Alongside his writing and blogging work, Krishi's other hobbies include studying the financial markets and cricket.

Latest News

Crypto News

Crypto Expert Predicts Dogecoin ETF is Next After SEC Ethereum ETF Approval

FCC to Introduce a New Law That Will Require Disclosures for AI Used in Political Ads

FCC to Introduce a New Law That Will Require Disclosures for AI Used in Political Ads

The Federal Communications Commission (FCC) announced that it’s planning to introduce a new set of rules that will require political ads to include disclaimers if they’ve been created with the...

350,000 Ethereum (ETH) Options with $3,200 Max Pain Point to Expire Today
Crypto News

350,000 Ethereum (ETH) Options with $3,200 Max Pain Point to Expire Today

Given Ethereum’s ongoing price trajectory, the approval of spot Ethereum ETFs in the US Yesterday, May 23, seems like a buy-the-rumor, sell-the-news scenario. With Ethereum down over 4%, approximately 350,000...

Japanese Investment Firm Sees Massive Jump After Embracing Bitcoin
Crypto News

Japanese Investment Firm Sees Massive Jump After Embracing Bitcoin

Detained Binance Executive Collapses During Money Laundering Trial in Nigeria
Crypto News

Detained Binance Executive Collapses During Money Laundering Trial in Nigeria

Bitcoin (BTC) Plummets After Testing $71,500 – Is it the End of the Bullish Ride?
Crypto News

Bitcoin (BTC) Plummets After Testing $71,500 – Is it the End of the Bullish Ride?

highest-paid college football coaches

Top 10 Highest Paid College Football Coaches in 2023-24