Roku Responds to Security Breach Affecting 576,000 Accounts

Roku, the US-based streaming service giant, has taken swift action following a security breach that compromised approximately 576,000 user accounts, marking the second such incident this year.

The breach, disclosed by Roku in a blog post on Friday night, revealed that unauthorized access was gained through stolen login credentials. This method, known as “credential stuffing,” involves hackers utilizing login details obtained from previous data breaches to gain access to multiple accounts, exploiting users who reuse passwords across different platforms.

Further investigations by Roku indicate that the stolen credentials originated from a separate data breach of another service, reassuring users that Roku’s systems were not compromised in either incident. While the breach affected a large number of accounts, the financial impact was contained, with fewer than 400 cases of unauthorized purchases reported. Roku has taken steps to reverse these charges and is issuing refunds to affected users. Importantly, the company emphasized that sensitive user information and full credit card details were not accessed by the intruders.

In response to the breach, Roku has initiated automatic password resets for affected accounts and will directly reach out to impacted users. Additionally, the company is implementing two-factor authentication for all accounts, adding an extra layer of security by requiring a verification step on a secondary device during login attempts. With over 80 million users, Roku is prioritizing account security and treating these incidents seriously. The company expressed regret over the breaches and any inconvenience caused to its customers, reaffirming its commitment to protecting Roku accounts.

Following the announcement, Roku’s stock price experienced a minor decline, reflecting investor concern over the security breach. Despite this setback, Roku remains focused on addressing security vulnerabilities and safeguarding user accounts..