Your Roku Might Be Hacked! 576,000 Accounts Impacted

News Roku security incident
Published:
By: Jessica Fritsch

We choose to run an ad-free site, so this post may contain affiliate links. If you wish to support us and use these links to buy something, we may earn a commission. Learn more here.

Roku Logo

Roku, the streaming technology company, just reported on a security issue concerning unauthorized access to some user accounts.

Earlier in the year, Roku’s security systems identified abnormal activity suggesting unauthorized access to approximately 15,000 user accounts via credential stuffing. This type of attack involves using stolen login details from one service to access accounts on other services, exploiting users’ tendencies to reuse passwords across multiple platforms. Roku clarified that their systems had not been compromised and the credentials used were obtained from sources outside of Roku. Roku contacted the affected customers in early March after their initial investigation and continued to monitor for suspicious account activity.

A subsequent incident was just discovered, affecting around 576,000 additional accounts. Again, Roku’s systems were not the source of the stolen credentials. In fewer than 400 instances, unauthorized purchases were made, but no sensitive information such as full credit card numbers was accessed.

The way an attack like this works is pretty straightforward. If you reuse passwords for multiple services, and one of those services is hacked, then your password is put into a database of usernames and passwords by the bad guys. They’ll then take this password database and use it against other services to see if they can login. In this case, we don’t know where the original usernames / passwords are from. It’s safe to say that using the same usernames and passwords on multiple services is a bad idea.

In response to these incidents, Roku has reset passwords for the affected accounts and is reversing any unauthorized charges. They have also introduced two-factor authentication (2FA) for all Roku accounts to enhance security. This new measure requires users to verify their identity via a link sent to their associated email address upon attempting to log in.

Roku advises customers to create strong, unique passwords and remain vigilant for any suspicious communications that may appear to be from Roku. Users are encouraged to stay informed by checking their email and Roku account regularly. For further assistance or information regarding account security, customers can visit Roku’s Customer Support site.

For more information about this incident, check out Roku’s post about it here.

Now $700 Off: Samsung 77″ OLED 4K Smart TV

Don’t Miss: Save over $1215 on Pre-Order of Samsung’s New Refrigerator

Latest News

CrowdStrike Logo
News

Understanding Today’s Computer Outages from CrowdStrike Update

Jessica Fritsch
Modern living room with a large smart TV mounted on the wall. The TV is clear of any text or icons and shows a street view
Features

Which is Better: Roku or Smart TV

Jessica Fritsch
Padlock on a pile of $100 bills
News

The FTC May Be Sending You Money

Jessica Fritsch
Male hacker unlocking with phone.
News

Your Smart Lock May be Hacked! CISA Warns About “Low Complexity” Attack

Jessica Fritsch

© 2024 AllTheThings.Best. All rights reserved.

About Us · Privacy Policy · Disclosures · Contact · Partner Sites