Roku Unveils Data Breach Affecting 576,000 Accounts

Roku has revealed the discovery of a significant data breach impacting 576,000 of its users. This breach was identified during an investigation into a previous security issue last month, which saw 15,000 accounts compromised.

The streaming service initially addressed the earlier incident by notifying the affected customers in early March, enhancing account monitoring to safeguard personal information, it said today in a blog post.

Roku detailed that the breach resulted from “credential stuffing,” a cyberattack where stolen login details from other breaches are used to gain unauthorized access (another reason to not reuse your passwords).

This incident resulted in fewer than 400 incidents of unauthorized transactions, including the purchase of Roku products and streaming subscriptions, though it did not expose sensitive payment information. Looks like the bad guys got some free rentals.

What’s Roku doing about this data breach? It has reset passwords for the affected accounts and made two-factor authentication required for all of its over 80 million active users.

“We understand that 2FA adds an extra step to the login process. That’s why we’ve worked hard to make it as simple as possible,” said Roku. Have mandatory 2FA is a pain but it’s one way to slow down accounts from being compromised.