Roku $ROKU, the maker of SmartTV and streaming devices, said Friday that about 576,000 user accounts were compromised in the second cyberattack to hit the company this year.
A new breach of 576,000 accounts followed an attack in which about 15,000 were compromised earlier this year

Roku $ROKU, the maker of SmartTV and streaming devices, said Friday that about 576,000 user accounts were compromised in the second cyberattack to hit the company this year.
The company said in a blog post that it detected the new breach while it closely monitored user activity after a different attack breached 15,000 accounts earlier this year.
Roku believes that in both cases, hackers accessed users’ login credentials via a method called “credential stuffing.” The practice is a type of automated cyberattack in which hackers use stolen usernames and passwords from one platform to try to login to other platforms. The method puts people who use the the same credentials for multiple services at most risk.
“We concluded at the time that no data security compromise occurred within our systems, and that Roku was not the source of the account credentials used in these attacks,” the company said. “Rather, it is likely that login credentials used in these attacks were taken from another source.
There were less than 400 cases in which the hackers actually used the stolen login credentials to make unauthorized purchases of streaming service subscriptions and Roku devices with payment methods saved on those accounts. Roku said that no sensitive information, including full credit card details, were exposed in the breaches.
Join 500,000+ readers who start their day with Quartz.
By subscribing, you agree to our Terms of Service and Privacy Policy.