Nearly 600,000 Roku Accounts Affected by Company’s Latest Security Breach; Streamer Changes Impacted Passwords
Just weeks after news of a data breach affecting thousands of Roku customers circulated, there’s a new security issue for users to be aware of.
Roku’s public relations team isn’t going to have a very relaxing weekend. A new report from Variety indicates that the smart TV and streaming device manufacturer is contending with a new invasion of customer privacy, one that affects more than a half million customers. It’s just the latest security issue from Roku and one that will make the company all the more glad it recently updated its terms of service to further protect itself from legal repercussions.
- Roku says 576,000 user accounts were affected by its latest data breach.
- The company told its users that in less than 400 cases, thieves made unauthorized purchases of streaming subscriptions or Roku hardware.
- The news of the breach comes just a month after Roku informed customers that 15,000 other accounts had been hacked.
Though hackers got access to over 576,000 Roku accounts in the company’s latest security breakdown, less than 400 accounts were actually used to make illicit purchases. These accounts saw their stored payment information used to purchase streaming subscriptions through Roku’s platform or to buy Roku hardware. The company says that hackers were not able to see full credit card numbers or other sensitive personal information.
Roku has reset passwords for the affected accounts, and those users whose information has been breached are being notified directly by the company. If you own a Roku device, make sure to keep an eye on your email. Two-factor authentication is now being enabled for all Roku accounts, and customers will be prompted to click a verification link sent to the email address associated with their Roku device the next time they try to sign in.
“While the overall number of affected accounts represents a small fraction of Roku’s more than 80 million active accounts, we are implementing a number of controls and countermeasures to detect and deter future credential stuffing incidents,” Roku said.
How Are Hackers Continuing to Attack Roku?
As connected TV technology evolves, so too do methods of thieves to try to steal customer information or money. Last year, the Better Business Bureau began warning consumers of a new scam strategy from malicious actors trying to con viewers into paying bogus fees to reactivate streaming accounts on smart TVs or other devices.
Roku denies any wrongdoing in the new data breach. Its explanation is that login credentials for affected accounts were stolen from a third party, and when thieves realized that users had copied usernames and passwords for their Roku accounts they were able to gain access to those accounts. It’s essentially the same explanation the company gave in March when a data breach affecting 15,000 customers was uncovered.
News of the first attack on Roku circulated just days after the company updated its terms of service to place another layer of protection between it and customer-driven litigation. Roku’s user agreement prevents its customers from initiating or joining lawsuits against the company, and the update to that agreement compels Roku owners with litigious intent to settle their disputes with company lawyers instead of pursuing other avenues.
It’s a certainty that Roku would rather have spent the upcoming weekend promoting its new line of smart TVs, which are coming to consumers soon. Now, it’s forced to do damage control after news of yet another data breach affecting thousands of its device owners.
Roku Channel
The Roku Channel is a free live TV streaming service that provides 350+ live linear streaming channels and more than 80,000 free movies and TV shows. The library contains entertainment from several different decades, including some major hits.