In a concerning turn of events, more than 500,000 Roku accounts have fallen victim to a sophisticated cyberattack, the streaming giant confirmed.
Roku disclosed that cybercriminals infiltrated user accounts by exploiting stolen login credentials, targeting individuals who habitually reuse passwords across multiple platforms.
The company revealed that the compromised credentials likely originated from a separate data breach on another website, highlighting the far-reaching consequences of password recycling.
While the breach affected a staggering 576,000 accounts, Roku assured users that only a fraction—less than 400 cases—resulted in unauthorized purchases on its streaming services. Fortunately, no sensitive financial information was accessed. Roku promptly initiated charge reversals and refunds for all impacted accounts, alongside automatic password resets to bolster security measures.
In response to the breach, Roku has committed to directly contacting affected users, extending support and guidance during this unsettling period.
Regrettably, this marks the second security breach for the streaming service this year, with the initial attack compromising 15,000 accounts, underscoring the pressing need for heightened cybersecurity vigilance in an increasingly digitized landscape.