The cyberattack technique used by attackers is called “credential stuffing.” This attack uses credentials obtained through data breaches of other services to compromise accounts belonging to another service. “Credential stuffing” is so effective because too many people use the same username and password for different accounts on different platforms. Roku has discovered that its systems were not the source of this data breach.
Roku hardware can be very expensive
Shortly after Roku finished investigating the first incident, a second incident was discovered that affected 576,000 Roku accounts. Again, Roku says there is no indication that was the source of the account credentials used in either attack. Additionally, Roku's systems were not compromised in either attack. The second incident appears to be another use of “credential stuffing.”
“Rather, the login credentials used in these attacks were likely obtained from another source, such as another online account, and the affected users may have used the same credentials there,” Roku said. There is a gender.” Additionally, Roku notes that there have been fewer than 400 cases in which malicious attackers have compromised his Roku subscriber accounts and fraudulently purchased streaming subscriptions for his service or Roku hardware. I am. Even in these 400 cases, the attackers were unable to access critical and sensitive customer data, including complete credit card numbers and other payment information.
The company says the number of affected accounts is a small fraction (0.0072%) of its 80 million accounts, but it has nonetheless reset the passwords for all affected accounts and informed these customers of the situation. We are notifying you. Roku will also issue refunds or cancellations to a small number of accounts where Roku discovers that streaming subscription services or Roku hardware were purchased using payment methods stored in those accounts. going. Again, Roku says the malicious attacker was unable to view the user's sensitive information or complete credit card information.
Roku has two-factor authentication (2FA) enabled for all accounts. Although it adds an extra step to the login process, Roku says they've made it as simple as possible. The company also offers some tips for Roku account holders.
Create a strong, unique password for your Roku account. Use a combination of upper/lower case letters, numbers, and symbols. Passwords must be at least 8 characters.
Please continue to be vigilant. Be careful if you receive a message from Roku asking you to update your payment details, share your username or password, or click a link. If you're not sure whether an email, tweet, or phone call from Roku is legitimate, call customer service. Finally, keep checking Roku's blog posts for legitimate communications from the company. Please check your account on Roku's website from time to time.
Roku says it's committed to protecting your account.
