Roku Strengthens Security After Second Cyberattack

Roku announced it suffered a second cyberattack, affecting approximately 576,000 customer accounts. This comes on the heels of a previous incident where more than 15,000 accounts were compromised. In response, the company is providing technical and financial assistance to affected users, reinforced its risk detection measures, and security measures within user accounts.

Last March, the company detected a security breach that affected more than 15,000 users worldwide. During the attack, "unauthorized individuals" gained access to these accounts through credential stuffing, allowing the attackers to purchase streaming subscriptions through the compromised accounts. In addition, data stolen from the affected accounts, according to a Bleeping Computer report, was offered on the "hacking market" at a price of US$0.50 per account. In response to this incident, Roku claimed to have protected the affected accounts from future unauthorized access.

Roku announced the second cyberattack in a blog post, explaining that, as with the initial attack, this incident involved credential stuffing. This allowed the attackers to make unauthorized purchases of Roku streaming services and hardware products. However, Roku clarified that there is no evidence to suggest that its database was the source of the compromised credentials.

"It is likely that the login credentials used in these attacks were taken from another source, such as another online account, where affected users may have used the same credentials," reads the company blog post.

Since the announcement, users have voiced their concerns about future infiltrations through the company's complaint portal. Investor volatility has also been noticeable, with the company's shares down 3% since the blog was published.

In response, Roku has refunded affected users for the unauthorized charges. It has also begun a series of checks and measures to "detect and deter" future incidents. Finally, the company has reset passwords for all the affected accounts and implemented two-factor authentication (2FA) as an additional security measure. This measure adds an additional step to the login process, requiring users to verify their identity via a link sent to their associated email address.

Roku also provided users with recommendations to strengthen the security of their accounts, stressing the importance of using strong passwords and to be on the lookout for suspicious communications that could be phishing attempts. Finally, Roku emphasizes the importance of staying informed through its blog posts and emails, and recommends periodically reviewing account charges to detect any unauthorized activity.