Streaming large Roku has confirmed a second security incident in as many months, with hackers this time capable of compromise greater than half one million Roku consumer accounts.
In an announcement Friday, the corporate stated about 576,000 consumer accounts have been accessed utilizing a method generally known as credential stuffing, the place malicious hackers use usernames and passwords stolen from different data breaches and reuse the logins on different websites.
Roku stated in fewer than 400 account breaches, the malicious hackers made fraudulent purchases of Roku {hardware} and streaming subscriptions utilizing the fee information saved in these customers’ accounts. Roku stated it refunded prospects affected by the account intrusions.
The corporate, which has 80 million prospects, stated the malicious hackers “weren’t capable of entry delicate consumer info or full bank card info.”
Roku stated it found the second incident whereas it was notifying some 15,000 Roku customers that their accounts have been compromised in an earlier credential stuffing assault.
Following the security incidents, Roku stated it rolled out two-factor authentication to customers. Two-factor authentication prevents credential stuffing assaults by including a further layer of security to on-line accounts. By prompting a consumer to enter a time-sensitive code together with their username and password, malicious hackers can’t break right into a consumer’s account with only a stolen password.
