Streaming service provider Roku on Friday said a cyberattack has compromised about 576,000 accounts.
This is the second security breach recorded by the company this year.
We take your privacy and security seriously, and as part of our commitment to these values, wed like to share information about our investigations into recent incidents that have impacted some of our user accounts, the steps weve taken to notify affected customers, and our efforts to protect customers from future attacks, Roku said in a blog post.
Earlier this year, Rokus security monitoring systems detected an increase in unusual account activity.
After a thorough investigation, we determined that unauthorized actors had accessed about 15,000 Roku user accounts using login credentials (i.e. usernames and passwords) stolen from another source unrelated to Roku through a method known as credential stuffing, the blog said.
Credential stuffing is a type of automated cyberattack where fraudsters use stolen usernames and passwords from one platform and attempt to log in to accounts on other platforms.
This method exploits the practice of individuals reusing the same login credentials across multiple services.
We concluded at the time that no data security compromise occurred within our systems, and that Roku was not the source of the account credentials used in these attacks, Roku said.
After concluding our investigation of this first incident, we notified affected customers in early March and continued to monitor account activity closely to protect our customers and their personal information. Through this monitoring we identified a second incident, which impacted approximately 576,000 additional accounts, the company said.
How you can help protect account
Create a strong, unique password for your Roku account
Remain vigilant
Stay informed
