Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

576,000 accounts more were impacted in Roku cyberattack

576,000 accounts more were impacted in Roku cyberattack

While investigating a previous attack, Roku found itself experiencing a second cyberattack.

 

What happened?

Smart TV provider Roku revealed that it encountered a second cyberattack affecting approximately 576,000 additional accounts. 

This incident was discovered while investigating a previous breach that impacted 15,000 user accounts earlier in the year. While the hackers did not manage to access sensitive information like full credit card numbers or payment details, fewer than 400 accounts experienced unauthorized purchases of streaming service subscriptions and hardware products using the payment methods stored in those accounts.

 

The backstory 

Roku experienced a security breach affecting 15,363 accounts between December 28 and February 21, 2024, allowing unauthorized access to sensitive data, including credit card information. Hackers used a credential stuffing attack to alter login information and attempted to purchase streaming subscriptions using stored data, preventing account holders from receiving confirmation emails. In response to these security challenges, Roku announced the implementation of two-factor authentication for all accounts to enhance security measures.

The breach was revealed through filings Roku submitted to the attorneys general offices of Maine and California on March 8, 2024.

Go deeperRoku: More than 15,000 accounts breached

 

In the know

Credential stuffing is a cyberattack tactic employed by hackers who use stolen usernames and passwords obtained from past data breaches to infiltrate online accounts across diverse platforms. Cyberattackers streamline the process by utilizing automated tools to input these stolen credentials into login interfaces, capitalizing on individuals' inclination to recycle passwords across multiple accounts. This approach benefits from the widespread practice of users employing identical login details for various services, making it easier for hackers to gain unauthorized access to their accounts.

RelatedCommon password attacks and how to avoid them

 

Why it matters

While still investigating a previous breach, a second one occurred. The longer it takes for cyberattacks to be resolved, the worse the "initial" attack will be because cybercriminals continue to have access to sensitive information. 

The fact that over half a million additional accounts were impacted raises concerns about the security of user data and the potential for financial losses due to unauthorized purchases. While Roku reassured users that sensitive information like full credit card numbers was not compromised, the incident still emphasizes the effectiveness of robust security measures like multi-factor authentication to prevent unauthorized access to personal accounts.

 

FAQs

How can individuals protect themselves from cyber threats?

Individuals can protect themselves from cyber threats by using strong, unique passwords for each online account, enabling two-factor authentication (2FA), keeping software and systems updated with the latest security patches, being cautious of suspicious emails or messages, and using reputable antivirus and security software.

See also: 5 Steps to improve password security in healthcare

 

How can I identify a credential stuffing attack?

Identifying a credential stuffing attack requires vigilance and awareness of certain sign

  • Multiple failed login attempts
  • Unusual account activity 
  • Login from unfamiliar locations or devices
  • Increased traffic or server load
  • Patterns of failed logins

 

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.