Streaming service provider Roku said Friday it identified a second cyberattack that impacted about 576,000 additional accounts while investigating a breach that affected 15,000 user accounts earlier this yr.
The corporate, which had greater than 80 million energetic accounts, said the hackers didn’t gain access to any sensitive information reminiscent of full bank card numbers or other payment details.
Roku’s shares were down greater than 2%.
Roku said hackers didn’t gain access to any sensitive information reminiscent of full bank card numbers or other payment details. REUTERS
Nonetheless, the corporate said it identified lower than 400 cases where the data was used to make unauthorized purchases of streaming service subscriptions and hardware products using the payment method stored within the accounts.
The corporate said it might refund or reverse charges for accounts where it has determined unauthorized purchases have been made as a part of the attack.
Roku pinned the unauthorized access to “credential stuffing,” where users can have used the identical credentials across different platforms.
Meanwhile, the corporate has enabled a two-factor authentication for all of the accounts to beef up security controls.