576K Roku customers impacted in cyber attack Stay vigilant online

April 15, 2024
1 min read



TLDR:

  • Roku cyberattack affected 576,000 customer accounts
  • Hackers accessed accounts using stolen login credentials

Roku recently experienced a cybersecurity incident where 576,000 customer accounts were impacted by hackers who accessed the accounts using stolen login credentials. This marked the second major security breach for the company in the same year. The initial attack, which took place in March, was a result of “credential stuffing,” where bad actors used stolen login details from other sites to breach Roku’s systems.

The company discovered the breach after increasing monitoring of account activity following the first attack that affected 15,000 accounts. Although there was “no indication” that Roku’s systems were compromised, they implemented various controls and countermeasures to detect and deter future credential stuffing incidents. These measures included resetting passwords for affected customers, refunding or reversing charges for compromised accounts, and enabling two-factor authentication for all accounts.

Roku reassured its customers that sensitive user information or full credit card information was not accessed by the hackers. The company expressed regret for the incidents and any disruptions they may have caused, emphasizing that account security is a top priority, and they are committed to protecting customer accounts.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and