Home & Office

576,000 Roku accounts compromised in latest breach - what you need to know

It's the streaming service's second security breach this year. Here's what Roku is doing about it.
Written by Maria Diaz, Staff Writer
Roku Pro Series TV

Roku is again in the spotlight for a data breach compromising user accounts. After reporting more than 15,000 compromised Roku accounts last month, the TV streaming service is disclosing a second breach, this time involving 576,000 more accounts. In about 400 of these accounts, attackers had made unauthorized purchases. 

The discovery was made during an investigation into the recent security breach. Roku reports that the accounts were accessed using credential stuffing, a process in which attackers use credentials stolen in other breaches to access accounts on different platforms. In the cases where Roku accounts used the same username and password combination as in other platforms, the accounts were breached. 

Also: Roku TVs are getting one of Samsung's best features via a free update

Roku says it has reset the passwords for all affected accounts and is contacting them directly. The company is also refunding the charges related to unauthorized purchases, which included streaming service subscriptions and Roku hardware. The attackers did not gain access to payment information, including credit card numbers.

Furthermore, Roku is adding two-factor authentication (2FA) for all accounts, so the next time you log in to your account, you'll get an e-mail with a verification link you need to click before gaining access. 

Also: Beyond passwords: 4 key security steps you're probably forgetting

Although my account wasn't compromised, I'm taking this opportunity to reset my Roku password and create a stronger one to protect my account against future breaches. In addition, it's a good idea to never use the same email and password combination across multiple platforms, not to click on suspicious links, and to check your email regularly to stay informed of any account changes.

Editorial standards