The streaming video platform Roku says that it has uncovered a new data breach impacting 576,000 accounts.
The company says it uncovered the new “incident” while investigating last month’s security breach, in which 15,000 accounts were compromised.
“After concluding our investigation of this first incident, we notified affected customers in early March and continued to monitor account activity closely to protect our customers and their personal information,” the company said in a statement. “Through this monitoring we identified a second incident, which impacted approximately 576,000 additional accounts.”
Rather than a hacker breaking into Roku’s system, the attack utilized a technique called “credential stuffing,” with the accounts compromised by hackers that obtained log-in data from other sources.
“In less than 400 cases, malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in these accounts, but they did not gain access to any sensitive information, including full credit card numbers or other full payment information,” the Roku statement continued.
The company says it has reset the passwords for the impacted accounts and alerted the owners about the breach. Roku has more than 80 million active accounts. In addition, the company says it will be turning on two-factor authentication for all accounts to improve its security.
SOURCE: The Hollywood Reporter