## Roku Experiences Data Breach: More Than Half a Million Accounts Affected
Streaming platform Roku recently reported its second data breach within a two-month period. The company found that an extra 576,000 accounts were compromised as it investigated an earlier incident affecting 15,000 accounts.
Attack Method: Credential Stuffing
In both instances, Roku believes that the attacks were executed via a process known as credential stuffing. This technique involves attackers using stolen or leaked login details from one website to illegitimately access accounts on other sites, where the same login details are employed. Roku commented, “It appears that the login credentials used in these attacks originated from another location, like another digital account, where the impacted users may have used the same credentials.”
Breach Impact
Despite the large scale of compromised accounts, it appears that the damage is relatively contained. In less than 400 cases, attackers manipulated victims’ Roku accounts to buy streaming subscriptions and Roku devices using saved payment methods. However, the hackers did not obtain access to complete credit card numbers or other payment data.
Roku’s Reaction and User Safety Measures
Roku reacted to the breach by resetting password of all affected accounts and notifying the concerned users. The company is also introducing two-step verification across its over 80 million active accounts. This added security layer will ask users to confirm their identity via an email link prior to accessing their account.
Roku additionally confirmed its commitment to refunding or negating charges in cases where unauthorized purchases were made due to the hack.
The Importance of Generating Secure, Unique Passwords
This event emphasizes the importance of creating strong and unique passwords for every online account. The use of a password manager simplifies this process as it permits users to maintain sturdy login details without the need to recall multiple complicated passwords.
Closing Remark
Even though this recent breach at Roku appears to have caused minimal damage, it nevertheless reinforces the importance of strong online safety measures. Users are encouraged to create unique and strong passwords for each of their online accounts and to think about using a password manager for convenience and enhanced security.
FAQ
Q1: What is the definition of credential stuffing?
A1: Credential stuffing is a cyber attack in which criminals use taken or leaked login details from one website to illegitimately access accounts on other sites, where the same login details are employed.
Q2: How is Roku handling the data breach?
A2: Roku has reset the passwords of all the affected accounts, introduced two-step verification across all active accounts, and is providing refunds or negating charges for unauthorized purchases made by the criminals.
Q3: How do I safeguard my online accounts from such incidents?
A3: It’s essential to employ strong, unique passwords for each one of your online accounts. Contemplate using a password manager to deal with multiple complex passwords. Also, enable two-step verification whenever it’s possible.
Q4: Were the criminals able to access credit card data?
A4: Based on what Roku reported, the hackers did not gain access to complete credit card numbers or other payment details.
Q5: What does a password manager do?
A5: A password manager is an application designed to store and manage a users’ passwords. It assists users in maintaining sturdy login details without the requirement to remember several complicated passwords.
