132 views 12 secs 0 comments

576,000 Roku user accounts hacked in second credential stuffing incident in two months

In Data Breach News
April 12, 2024
576,000 Roku user accounts hacked in second credential stuffing incident in two months

Streaming giant Roku has disclosed that it experienced a second data security breach in as many months.

This time, about 576,000 user accounts were compromised by a second credential stuffing attack. In credential stuffing, threat actors test username/password combinations from other incidents, knowing that some consumers re-use the same login across sites and that some percentage of their attempts will work on the new target. As Roku explained, both the earlier incident and the current one were due to credential stuffing attacks and not any compromise of Roku’s system.

In less than 400 cases, malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in these accounts, but they did not gain access to any sensitive information, including full credit card numbers or other full payment information. 

More information is available on Roku’s website.