Roku on Friday disclosed that 576,000 accounts were accessed by malicious actors.
The San José, California, technology company said that it discovered the problem after monitoring unusual account activity on its platform earlier this year that affected roughly 15,000 user accounts.
Through its investigation, Roku said that the malicious actors stole the login credentials through a different source and applied a practice called “credential stuffing,” applying stolen usernames and passwords across multiple platforms to take advantage of people who use the same credentials across multiple services.
In fewer than 400 of the cases, Roku said the malicious actors made unauthorized purchases of streaming subscriptions and Roku hardware products, but did not gain access to full credit card information.
“We concluded at the time that no data security compromise occurred within our systems, and that Roku was not the source of the account credentials used in these attacks,” Roku said in a statement.
The company said it is enabling two-factor authentification for all of its 80 million account holders. Roku reset passwords for the affected accounts and reversed or refunded the unauthorized charges made by the malicious actors, the firm said.
“We also want to reassure customers that these malicious actors were not able to access sensitive user information or full credit card information,” Roku said.
___
© 2024 Los Angeles Times
Distributed by Tribune Content Agency, LLC.
Click this link for the original source of this article.
Author: Wendy Lee – Los Angeles Times
This content is courtesy of, and owned and copyrighted by, https://americanmilitarynews.com and its author. This content is made available by use of the public RSS feed offered by the host site and is used for educational purposes only. If you are the author or represent the host site and would like this content removed now and in the future, please contact USSANews.com using the email address in the Contact page found in the website menu.