Roku says more than 500,000 accounts impacted in cyberattack

By Arsheeya Bajwa

(Reuters) – Streaming service provider Roku said on Friday it identified a second cyberattack that impacted about 576,000 additional accounts while investigating a breach that affected 15,000 user accounts earlier this year.

The company, which had more than 80 million active accounts, said the hackers did not gain access to any sensitive information such as full credit card numbers or other payment details.

Roku’s shares were down about 2% in early trading.

However, the company said it identified less than 400 cases where the information was used to make unauthorized purchases of streaming service subscriptions and hardware products using the payment method stored in the accounts.

The company said it would refund or reverse charges for accounts where it has determined unauthorized purchases have been made as part of the attack.

Roku pinned the unauthorized access to “credential stuffing”, where users may have used the same credentials across different platforms.

Meanwhile, the company has enabled a two-factor authentication for all the accounts to beef up security controls.

Roku says more than 500,000 accounts impacted in cyberattack
FILE PHOTO A video sign displays the logo for Roku Inc, a Fox-backed video streaming firm, in Times Square after the company’s IPO at the Nasdaq Market in New York, U.S., September 28, 2017. REUTERS/Brendan McDermid/File Photo