- Roku has experienced a second cyberattack, affecting over 500,000 users.
- Attackers used credential stuffing to gain unauthorized access to accounts.
- Roku has reset passwords and introduced mandatory multi-factor authentication to enhance security.
Roku, the popular TV streaming service, has been hit by another cyberattack, affecting over half a million users.
In this second attack, which occurred late last week, approximately 576,000 accounts were compromised. This comes after an initial breach that impacted around 15,000 accounts.
The company clarified that it wasn’t the source of the account credentials used by the attackers, nor were its systems compromised.
The attackers employed a technique called “credential stuffing,” where they used login details obtained from other sources, such as dark web forums, to gain unauthorized access to Roku accounts.
While the initial breach raised concerns about the security of personal information, the recent attack went further.
In less than 400 instances, the attackers accessed accounts and made unauthorized purchases of streaming service subscriptions and Roku hardware products. However, they did not gain access to sensitive information like full credit card numbers.
Credential stuffing is a concerning tactic because many people use the same login details across multiple services. This makes it easier for attackers to gain access to various accounts once they obtain this information.
To address the situation, Roku took proactive measures. It reset the passwords for all affected accounts and implemented mandatory multi-factor authentication (MFA) for added security. Even accounts not directly impacted by the attack are now required to use MFA.
MFA adds an extra layer of protection by requiring users to provide additional verification, such as a code sent to their phone, along with their usual login credentials. This helps prevent unauthorized access even if attackers manage to obtain login details.
Roku emphasized the importance of vigilance in protecting personal information online. Users are encouraged to create strong, unique passwords for each of their accounts and enable additional security features like MFA whenever possible.
Individuals must be aware of the risks associated with credential stuffing and take steps to safeguard their online accounts. This includes regularly monitoring account activity for any suspicious behavior and promptly reporting any unauthorized access.
While Roku has taken steps to enhance security following these cyberattacks, it serves as a reminder of the ongoing threats posed by cybercriminals.
Continued efforts to strengthen security measures and raise awareness about cybersecurity best practices are essential in mitigating these risks and ensuring a safer online environment for all users.