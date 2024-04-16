Roku has been hit by another cyberattack, this time affecting nearly 40 times more accounts than did a similar incident earlier this year.
In both incidents, Roku said hackers used a tactic known as"credential stuffing," meaning the unauthorized actors took username and password combinations leaked in other breaches to attempt to log into Roku's platform. This method targets those who use the same login information on multiple platforms, so it wasn't an attack on or within the Roku system itself.
In fewer than 400 cases of breached accounts, hackers used stored payment information to purchase streaming service subscriptions and Roku hardware products, but the company said sensitive information like full credit card numbers was not accessed. But Roku is also enacting a new security step for all users, not just those whose data was involved in the breach. All accounts are now fitted with two-factor authentication, requiring users to click on an emailed verification link anytime they try to log into their Roku account.
