Unlimited Digital Access - Start Today for 50% Off - Offer Expires 4/30/24

Roku data breach grows: Nearly 600K users compromised, company says.

By

Nearly 600,000 Roku users are the victims of a data breach, streamer Roku said.

This breach comes after the company reported a smaller breach affecting 15,000 customers last month, it said.

“After concluding our investigation of this first incident, we notified affected customers in early March and continued to monitor account activity closely to protect our customers and their personal information,” Roku said on its website. “Through this monitoring we identified a second incident, which impacted approximately 576,000 additional accounts.”

The company didn’t immediately respond to requests for additional comment.

Roku blamed the earlier hack on ”credential stuffing,” which it described as an automated cyberattack in which unauthorized actors accessed usernames and passwords, then used the credentials across multiple services. That same strategy affected the new customer base, it said.

“We concluded at the time that no data security compromise occurred within our systems, and that Roku was not the source of the account credentials used in these attacks,” the company said.

Roku also played down the attack, saying unauthorized purchases were made in less than 400 of the cases.

“They did not gain access to any sensitive information, including full credit card numbers or other full payment information,” it said.

Roku said the attack affected “a small fraction” of its more than 80 million active accounts.

To protect customers, it said it has reset passwords for the affected accounts and it’s notifying affected customers directly.

“We also are refunding or reversing charges for the small number of accounts where we’ve determined that unauthorized actors made purchases of streaming service subscriptions or Roku hardware products using a payment method stored in these accounts,” it said.

It said it is also enabling two-factor authentication for all Roku accounts, whether they were directly affected or not.

Karin Price Mueller

Stories by Karin Price Mueller

Please subscribe now and support the local journalism YOU rely on and trust.

Karin Price Mueller may be reached at KPriceMueller@NJAdvanceMedia.com. Follow her on X at @KPMueller.

If you purchase a product or register for an account through a link on our site, we may receive compensation. By using this site, you consent to our User Agreement and agree that your clicks, interactions, and personal information may be collected, recorded, and/or stored by us and social media and other third-party partners in accordance with our Privacy Policy.