Earlier this year we learned that Roku owners had their accounts illegally accessed and in some cases used to buy movies and TV shows or subscribe to streaming services. Now Roku says they have found that this attack impacted 576,000 other Roku owners.
“After concluding our investigation of this first incident, we notified affected customers in early March and continued to monitor account activity closely to protect our customers and their personal information. Through this monitoring we identified a second incident, which impacted approximately 576,000 additional accounts.” Roku said in a statement on their website.
The issue here is that Roku owners reuse the same username and passwords on multiple services. When those accounts are breached, attackers use that password and username to access Roku and buy movies and TV shows or subscribe to streaming services.
“There is no indication that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident. Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials. In less than 400 cases, malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in these accounts, but they did not gain access to any sensitive information, including full credit card numbers or other full payment information.” Roku said on its website.
Attacks like this are not new, as hackers often use stolen logins on multiple services to see where they have been reused. From there, they sell them to people looking for free access to paid services or, in the case of Roku, to buy hardware using the stored credit cards.
Even if you are not a part of this breach, it is highly suggested that you do not reuse passwords between accounts. This helps protect you if one site is breached.
Of you are worried you may have been effected by this it is suggested that you change your password and do not reuse passwords.
Roku says all affected accounts have had their passwords reset. Roku is also enabling two-factor authentication for all Roku accounts to help stop attacks like this. You can learn more about Roku’s two-factor authentication HERE.
Again do not reuse passwords to help avoid attacks like this.
Please follow us on Facebook and X for more news, tips, and reviews. Need cord cutting tech support? Join our Cord Cutting Tech Support Facebook Group for help.