(CNN) — About 576,000 Roku accounts were compromised in a cyberattack, the company said on Friday, the second security breach for the streaming service this year.
Hackers gained access to user accounts through stolen login credentials, Roku said in a blog post. The security breach was discovered while Roku monitored account activity after a cyberattack affected 15,000 accounts earlier this year.
In each instance, fraudsters used a cyberattack method known as credential stuffing: Hackers try login and password information leaked in one data breach on a variety of users’ accounts, exploiting people who use the same credentials across different accounts. (Experts recommend people use different passwords for each of their online accounts.)
Credentials used to access Roku accounts were likely from a data breach on a different site, the company said in a statement.
“There is no indication that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident,” the company said.
In fewer than 400 cases, hackers used Roku accounts to make purchases on streaming services and Roku products but did not gain access to sensitive financial information. Roku is reversing charges and refunding all affected accounts, the company said in a statement.
“These malicious actors were not able to access sensitive user information or full credit card information,” the company said.
User passwords have been automatically reset, and users affected by the security breach will be contacted by Roku, the company said in a statement.
Roku, a streaming giant, hosts more than 80 million users. The company announced it is implementing two-factor authentication across all Roku accounts. The two-step security confirmation prompts users on a second device whenever there’s an attempted log in.
“We sincerely regret that these incidents occurred and any disruption they may have caused. Your account security is a top priority, and we are committed to protecting your Roku account,” the company said in a statement.
The company’s stock is down nearly 3% since the security breach was announced.
Tips for securing your account
Users looking to protect their online accounts should create unique passwords that comprise a mix of letters, symbols and numbers at least eight characters long.
Be aware of internet scams, phishing emails and suspicious requests for login or financial information.
Roku users should contact customer support when in doubt and periodically log in to accounts to review purchases and subscriptions, the company said in a statement.
The-CNN-Wire™ & © 2024 Cable News Network, Inc., a Time Warner Company. All rights reserved.