Roku, the popular streaming service, has been hit with another cyberattack, affecting a staggering 576,000 users. This marks the second breach for the company since March, as reported on Friday.

The attackers utilized a technique called credential stuffing, using the login information of account holders to gain unauthorized access to the streaming service and the payment methods of some users. This resulted in unauthorized purchases for subscriptions to streaming services and Roku devices, involving partial credit card numbers from approximately 400 cases. However, sensitive information such as full credit card numbers and addresses was not compromised.

Roku suspects that the login information may have been provided by third-party sources. This incident mirrors a similar method used in March, where 15,000 Roku user accounts were compromised, resulting in the theft of credit card information.

In response to the breach, Roku has taken several measures to address the security concerns. The company has reset the passwords for the affected accounts and will refund or reverse charges for any unauthorized purchases made. Additionally, two-factor authentication has been enabled for all 80 million active Roku accounts, with users being prompted to set up this additional security measure.

The implementation of two-factor authentication is aimed at enhancing security and preventing future credential stuffing incidents. Even for users whose information was not part of the breach, Roku has initiated the process of setting up two-factor authentication to bolster overall account security.

As a precautionary step, users are advised to check Have I Been Pwned? and consider enabling additional login security measures, regardless of whether their account was directly impacted by the recent breach.

With these proactive measures and heightened security protocols, Roku aims to reassure its users and fortify its defenses against potential cyber threats.

For more tech-related news, stay tuned to our blog for the latest updates.