Are you at risk? Cyberattack hits over 576,000 Roku accounts
By
Seia Ibanez
- Replies 8
Digital convenience is king, that’s why the recent news from TV streaming company Roku has served as a reminder that with great connectivity comes great risk.
Roku, a popular free TV streaming service in Australia and globally, has issued an apology after a staggering number of its accounts were compromised in two cyberattacks.
Roku's platform, which boasts 80 million users, is designed to seamlessly integrate free channels like 7plus with subscription services like Netflix, all within a single interface on Roku TVs.
This ease of access, however, has been tainted by the revelation that approximately 15,000 accounts were initially breached in early March, followed by a further 576,000 in a subsequent attack.
The second, more extensive breach was uncovered only after the company increased its account monitoring in the wake of the first cyberattack.
Roku has quickly reassured users that the attacks did not stem from any inherent flaws in their data security systems but were likely the result of 'credential stuffing’. This technique involves cybercriminals using login credentials obtained from other sources, exploiting users who recycle the same passwords across multiple online accounts.
‘It is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials,’ Roku said on Friday, 12 April.
In fewer than 400 cases, unauthorised transactions were made, draining funds from accounts linked to a payment method. These transactions included the purchase of streaming service subscriptions and Roku hardware products.
In response to the breaches, Roku has taken decisive action to bolster its defences and support its customers.
‘First, we have reset the passwords for all affected accounts and are notifying those customers directly about this incident,’ Roku said.
Furthermore, Roku has issued refunds for all unauthorised charges.
‘As a part of our ongoing commitment to information security, we have enabled two-factor authentication (2FA) for all Roku accounts, even for those that have not been impacted by these recent incidents,’ Roku added.
‘As a result, the next time you attempt to log in to your Roku account online, a verification link will be sent to the email address associated with your account.’
Roku's commitment to security extends to urging users to remain vigilant against suspicious communications that may request updated payment details and to create strong, unique passwords for their accounts.
‘We sincerely regret that these incidents occurred and any disruption they may have caused. Your account security is a top priority, and we are committed to protecting your Roku account,’ Roku expressed.
In a similar story, several Australian brands were also targeted by cyberattacks in the past few months.
Hackers were believed to have purchased stolen login details from overseas cybercriminals, allowing them to access customers’ online accounts.
You can read more about the story here.
Have you been affected by this cyberattack? Share your experiences and tips for staying safe online in the comments below!
Roku, a popular free TV streaming service in Australia and globally, has issued an apology after a staggering number of its accounts were compromised in two cyberattacks.
Roku's platform, which boasts 80 million users, is designed to seamlessly integrate free channels like 7plus with subscription services like Netflix, all within a single interface on Roku TVs.
This ease of access, however, has been tainted by the revelation that approximately 15,000 accounts were initially breached in early March, followed by a further 576,000 in a subsequent attack.
The second, more extensive breach was uncovered only after the company increased its account monitoring in the wake of the first cyberattack.
Roku has quickly reassured users that the attacks did not stem from any inherent flaws in their data security systems but were likely the result of 'credential stuffing’. This technique involves cybercriminals using login credentials obtained from other sources, exploiting users who recycle the same passwords across multiple online accounts.
‘It is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials,’ Roku said on Friday, 12 April.
In fewer than 400 cases, unauthorised transactions were made, draining funds from accounts linked to a payment method. These transactions included the purchase of streaming service subscriptions and Roku hardware products.
In response to the breaches, Roku has taken decisive action to bolster its defences and support its customers.
‘First, we have reset the passwords for all affected accounts and are notifying those customers directly about this incident,’ Roku said.
Furthermore, Roku has issued refunds for all unauthorised charges.
‘As a part of our ongoing commitment to information security, we have enabled two-factor authentication (2FA) for all Roku accounts, even for those that have not been impacted by these recent incidents,’ Roku added.
‘As a result, the next time you attempt to log in to your Roku account online, a verification link will be sent to the email address associated with your account.’
Roku's commitment to security extends to urging users to remain vigilant against suspicious communications that may request updated payment details and to create strong, unique passwords for their accounts.
‘We sincerely regret that these incidents occurred and any disruption they may have caused. Your account security is a top priority, and we are committed to protecting your Roku account,’ Roku expressed.
In a similar story, several Australian brands were also targeted by cyberattacks in the past few months.
Hackers were believed to have purchased stolen login details from overseas cybercriminals, allowing them to access customers’ online accounts.
You can read more about the story here.
Key Takeaways
- Roku has apologised after two cyberattacks affected over 500,000 accounts, with money taken from linked bank accounts.
- The company denied that the data breaches resulted from faults in their data security systems, suggesting the cause was 'credential stuffing'.
- Roku has taken remedial actions, including resetting passwords for affected accounts, refunding unauthorised charges, and implementing two-factor authentication (2FA).
- Roku advises users to use strong, unique passwords and to remain vigilant for suspicious communications requesting payment details.