Streaming service platform Roku says cyberattack breached 576000 accounts

This is the second security breach recorded by the company this year.

"We take your privacy and security seriously, and as part of our commitment to these values, we’d like to share information about our investigations into recent incidents that have impacted some of our user accounts, the steps we’ve taken to notify affected customers, and our efforts to protect customers from future attacks," Roku said in a blog post.

Earlier this year, Roku’s security monitoring systems detected an increase in unusual account activity.

"After a thorough investigation, we determined that unauthorized actors had accessed about 15,000 Roku user accounts using login credentials (i.e. usernames and passwords) stolen from another source unrelated to Roku through a method known as 'credential stuffing'," the blog said.

Credential stuffing is a type of automated cyberattack where fraudsters use stolen usernames and passwords from one platform and attempt to log in to accounts on other platforms.

This method exploits the practice of individuals reusing the same login credentials across multiple services.

"We concluded at the time that no data security compromise occurred within our systems, and that Roku was not the source of the account credentials used in these attacks," Roku said.

"After concluding our investigation of this first incident, we notified affected customers in early March and continued to monitor account activity closely to protect our customers and their personal information. Through this monitoring we identified a second incident, which impacted approximately 576,000 additional accounts," the company said.

How you can help protect account

Create a strong, unique password for your Roku account

Remain vigilant

Stay informed