Roku, a leading streaming service provider, has warned 576,000 of its users that their accounts have been compromised in a cyber breach discovered during an ongoing investigation into a previous intrusion from March.
Rather than directly compromising Roku's network through a security flaw, the hackers employed a "credential-stuffing" attack, the company said.
This technique involves hackers using previously leaked usernames and passwords to gain unauthorized access to user accounts, particularly when users use the same credentials across multiple platforms.
Roku said there is no evidence indicating it was the source of the account credentials used in these attacks, and that neither of Roku's systems were compromised in either incident.
Despite the scale of the breach, the company assured its users that the hackers did not manage to access any sensitive data such as full credit card numbers or other payment details. However, the company did acknowledge that in fewer than 400 cases, the compromised data was used to make unauthorized purchases of hardware products and streaming service subscriptions.
The purchases were made using the payment methods stored in the affected accounts.
In response to the breach, Roku says it has taken steps to address the situation. The company has committed to refunding or reversing charges for the accounts where unauthorized purchases were made as a result of the attack.
As a precautionary measure, the company has reset the passwords for the affected accounts and is rolling out two-factor authentication across all user accounts to enhance security measures.
According to BleepingComputer, threat actors are employing credential stuffing technique using tools like Open Bullet 2 or SilverBullet to breach Roku accounts. These hacked accounts are subsequently sold for as little as $0.50 in illegal online marketplaces.
The sellers also provide instructions on how to use the stolen accounts for unauthorized purchases.
Roku, which boasts more than 80 million active accounts, has advised its users to create unique and strong passwords for their accounts and to enable two-factor authentication as an additional layer of security.
Cybersecurity experts have often warned against the dangers of using the same credentials across different platforms, emphasizing the importance of using unique passwords for each online account to minimize the risk of unauthorized access.
Roku provides a variety of streaming devices, home automation kits, sound bars, and various other products powered by its specialized operating system, allowing users to access services such as Netflix, Amazon Prime Video, and Hulu.
To generate revenue, Roku permits customers to buy streaming subscriptions directly via their Roku account, consolidating all their streaming services into one account. Upon adding a subscription, Roku securely stores customers' credit card details in their online accounts to simplify future purchases.
Last month, Roku disclosed another data breach impacting more than 15,000 customers, amid reports that compromised accounts were being sold for as little as $0.50 each.
At that time, Roku said it had secured the affected accounts and initiated a password reset as soon as the breach was detected.
This article originally appeared on our sister site Computing.
