Roku on Friday disclosed that 576,000 accounts had been accessed by malicious actors.
The San José know-how firm stated that it found the issue after monitoring uncommon account exercise on its platform earlier this 12 months that affected roughly 15,000 consumer accounts.
Via its investigation, Roku stated that the malicious actors stole the login credentials by way of a distinct supply and utilized a apply known as “credential stuffing,” making use of stolen usernames and passwords throughout a number of platforms to make the most of individuals who use the identical credentials throughout a number of companies.
In fewer than 400 of the circumstances, Roku stated the malicious actors made unauthorized purchases of streaming subscriptions and Roku {hardware} merchandise, however didn’t achieve entry to full bank card info.
“We concluded on the time that no knowledge safety compromise occurred inside our programs, and that Roku was not the supply of the account credentials utilized in these assaults,” Roku stated in a press release.
The corporate stated it’s enabling two-factor authentification for all of its 80 million account holders. Roku reset passwords for the affected accounts and reversed or refunded the unauthorized expenses made by the malicious actors, the agency stated.
“We additionally need to reassure prospects that these malicious actors weren’t in a position to entry delicate consumer info or full bank card info,” Roku stated.
