Roku says 576,000 accounts breached in cyberattack

About 576,000 Roku accounts were compromised in a cyberattack, the company said on Friday, the second security breach for the streaming service this year. Hackers gained access to user accounts through stolen login credentials. Roku monitored account activity after a cyberattack affected 15,000 accounts earlier this year. In each instance, fraudsters used a cyberattack method known as credential stuffing. Credentials used to access Roku accounts were likely from a data breach on a different site. Hackers used Roku accounts to make purchases on streaming services and Roku products but did not gain access to sensitive financial information. Roku is reversing charges and refunding all affected accounts. User passwords have been automatically reset, and users affected by the security breach will be contacted by Roku. Roku announced it is implementing two-factor authentication across all accounts. The company’s stock is down nearly 3% since the security breach was announced. Users should create unique passwords, be aware of internet scams, phishing emails, and suspicious requests, and periodically review purchases and subscriptions.