Advertisement
Australia markets closed
  • ALL ORDS

    8,039.90
    +27.80 (+0.35%)
     
  • ASX 200

    7,796.00
    +26.60 (+0.34%)
     
  • AUD/USD

    0.6641
    -0.0018 (-0.27%)
     
  • OIL

    80.48
    -0.81 (-1.00%)
     
  • GOLD

    2,333.70
    -35.30 (-1.49%)
     
  • Bitcoin AUD

    95,596.05
    -1,980.88 (-2.03%)
     
  • CMC Crypto 200

    1,338.35
    -21.97 (-1.62%)
     
  • AUD/EUR

    0.6209
    -0.0008 (-0.13%)
     
  • AUD/NZD

    1.0853
    -0.0020 (-0.18%)
     
  • NZX 50

    11,682.39
    -89.42 (-0.76%)
     
  • NASDAQ

    19,698.99
    -53.31 (-0.27%)
     
  • FTSE

    8,237.72
    -34.74 (-0.42%)
     
  • Dow Jones

    39,120.38
    -14.38 (-0.04%)
     
  • DAX

    18,163.52
    -90.66 (-0.50%)
     
  • Hang Seng

    18,028.52
    -306.80 (-1.67%)
     
  • NIKKEI 225

    38,596.47
    -36.55 (-0.09%)
     
Engadget
Why you can trust us

Engadget has been testing and reviewing consumer tech since 2004. Our stories may include affiliate links; if you buy something through a link, we may earn a commission. Read more about how we evaluate products.

Roku suffered another data breach, this time affecting 576,000 accounts

The company is switching on two-factor authentication for all users after a credential stuffing attack.

Will Lipman Photography for Engadget

Roku has disclosed a second data breach in as many months. While it was looking into a previous incident in which 15,000 accounts were affected, the company learned that another 576,000 accounts had been compromised.

In both incidents, Roku believes that the attackers used a method called credential stuffing. "It is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials," the company says.

Roku added that, in fewer than 400 cases, attackers used victims' Roku accounts to buy streaming subscriptions and Roku devices using stored payment methods. However, the hackers did not gain access to full credit card numbers or other payment information.

ADVERTISEMENT

The company has reset the passwords for all affected accounts and informed users who have been impacted. The company is also turning on two-factor authentication for its more than 80 million active accounts. The next time you log in, you'll get a verification email. You'll need to click a link in the email before you can access your account. Meanwhile, Roku says it's refunding or reversing charges in the cases where the hackers bought subscriptions or hardware.

While the impact of this latest breach doesn't seem too disastrous, it's a good reminder that you should have a strong, unique password for every single one of your accounts. A password manager makes it much easier to have robust login credentials, as you'll only need to remember one main password or log in using biometric data.