For the second time this year, Roku is facing a second major breach, this time affecting 576,000 users. In a blog post, the company says that after 15,000 Roku users’ account login credentials were stolen, the platform discovered a new breach, this time affecting more than half of a million users.
This major breach was discovered through Roku’s security monitoring system. The company reports that after the first incident, it started to “monitor account activity closely to protect our customers and their personal information,” which led to Roku identifying this second incident.
Still, the company doesn’t think the issue is with the platform:
“There is no indication that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident. Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials,” says the company.
Nonetheless, of this 576,000 data compromised, Roku says that “in less than 400 cases, malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in these accounts, but they did not gain access to any sensitive information, including full credit card numbers or other full payment information.”
If you’ve been affected by this major breach, Roku reset your password
Roku is calling this major breach a “small fraction” of its more than 80M active accounts. That said, the company has reset the passwords for all affected accounts, and it’s notifying those customers directly about the incident.
The platform is also refunding or reversing charges for the “small number of accounts” where it has determined that unauthorized actors made purchases of streaming service subscriptions or Roky hardware products.
Lastly, Roku is enabling two-factor authentication for all Roku accounts so it can mitigate a possible attack in the future. As a result, the next time you attempt to log in to your Roku account online, a verification link will be sent to the email address associated with your account, and you will need to click the link in the email before you can access the account.
Tips and tricks to protect your Roku account
After this major breach, Roku is giving a few tips and tricks to keep your account protected:
- Create a strong, unique password for your Roku account. This makes it harder for someone to gain unauthorized access to your account. Use a mix of at least eight characters, including numbers, symbols, and lowercase and upper-case letters.
- Remain vigilant. Please be alert to any suspicious communications appearing to come from Roku, such as requests to update your payment details, share your username or password, or click on suspicious links. When in doubt over the authenticity of a communication, contact Roku Customer Support.
- Stay informed. In addition to blog posts and Support pages on Roku, be sure to check your email for communications from Roku and periodically login to your Roku account to review your account charges.