In response to a credential stuffing attack, the organization is implementing two-factor authentication for every user.
This is the second data breach that Roku has acknowledged in the same number of months. During the course of the investigation into a previous incident in which 15,000 accounts were stolen, the company discovered that an additional 576,000 accounts had been compromised.
Roku is of the opinion that the attackers utilized a technique known as credential stuffing in both of the events discussed. “It is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials,” according to the business statement.
According to Roku, there were less than 400 instances in which attackers utilized the Roku accounts of victims to purchase streaming subscriptions and Roku devices by using the payment methods that were kept on their devices. On the other hand, the hackers were not successful in obtaining complete credit card numbers or any other relevant payment information.
The organization has contacted users who have been affected by the breach and has reset the passwords for all accounts that were susceptible to the breach. Additionally, the corporation is implementing two-factor authentication for its more than 80 million different accounts that are now active. You will receive a verification email the next time you log in to your account. A link will be included in the email, and in order to access your account, you will need to click on it. During this time, Roku has said that it will be reversing or refunding any purchases that were made in instances where the hackers purchased subscriptions or hardware.
Despite the fact that the consequences of this most recent security breach do not appear to be particularly catastrophic, it serves as a useful reminder that you should use a robust and one-of-a-kind password for each and every one of your accounts. A password manager makes it much simpler to have strong login credentials because you will only need to remember one primary password or log in using biometric data. This makes it much easier to stay secure.