April 15 (Portaltic/EP) –
Roku has reported on a new leak of data that has affected approximately 576,000 customer accounts via credential stuffing attackin which it has been possible to access practically 400 accounts to purchase services and products in an unauthorized mannerwith which the company has reset the passwords of the affected accounts and has implemented the two-factor authentication (2FA).
The TV streaming platform already reported last March about a Credential stuffing attack occurred in early 2024in which cybercriminals managed to access more than 15,000 customer accounts to fraudulently purchase Roku streaming services.
The credential stuffing cyber attacks are a type of automated fraudulent action with which malicious actors attempt to access accounts of a service, using usernames and passwords stolen from other platforms. Thus, this method takes advantage of a common user practice, in which They reuse the same login credentials for multiple services.
In the attack suffered earlier this year, the company said that There was no data security compromise within Roku's systems. He also confirmed that the platform was not the source of the account credentials used in these attacks.
Likewise, the TV streaming platform indicated that, although its investigation had concluded, would continue to closely monitor account activity, to identify potential new attacks and protect customers and their personal information.
Now, Roku has announced that it has identified a second credential attack incident, in which cybercriminals have achieved affect around 576,000 additional customer accounts.
As in the first attack, malicious actors have used credential stuffing technique to try to access the accounts. However, as Roku has detailed in a statement on his blog, there is no indication that the company was the source of the account credentials used in these attacks. Likewise, he has also assured that the Platform systems have not been compromised.
Specifically, as explained, cybercriminals They have only managed to log in to less than 400 accounts out of the 576,000 affected. In these cases, malicious actors used the payment method stored in said accounts to make unauthorized purchases of subscriptions to streaming services as well as Roku hardware products.
However, despite this, the company has stressed that the attackers “did not have access to any confidential information”. That is, they could not access complete credit card numbers, dates of birth or other types of personal information.
TWO-FACTOR AUTHENTICATION
Roku has launched a series of Specific controls and measures to “detect and deter” future credential stuffing incidents. First of all, the company has reset passwords of all affected accounts, as well as notified customers about this incident.
has also refunded the charges of those accounts where malicious actors have been identified as making unauthorized purchases, while reassuring customers that cybercriminals were not able to access sensitive information.
Finally, Roku has announced that, as a preventive measure, it has enabled two-factor authentication for all accounts on the platformincluding those that have not been affected by these attacks, which “adds an additional step to the login process.”
In this way, with 2FA authentication, users who log in to their Roku account 'online', They will receive a verification link to the email address associated with the account. Thus, they must click on said link in the email to confirm their identity before being able to access the account.
OTHER MEASURES TO PROTECT THE ACCOUNT
Likewise, the company has shared some instructions so that users add more protection to your accounts. These measures are based on use strong and unique passwords for each of your accounts, making it more difficult for cybercriminals to gain unauthorized access.
In this framework, Roku has recalled that a strong password is one that uses a combination of at least eight characters, including numbers, symbols, and upper and lower case letters.
Users must be alert of any suspicious communication that appears to come from the company but may actually be an attempted cyber attack. In these cases, users are often asked to update their payment details, share their username and password, or click on suspicious links.
Finally, Roku has pointed out the importance of users staying informed, whether through blog posts or email. Likewise, it is recommended that Periodically log into your account to review account charges.