Following a data breach earlier this year affecting 15,000 user accounts, Roku has revealed a much larger security episode.
In a blog post Friday, the streaming giant said 576,000 user accounts had been affected in the second breach. Roku noted that its investigation had found that it was not responsible for the breach, which it said occurred via third-party websites.
The company, which has more than 80 million active accounts, said its systems were not compromised. “We sincerely regret that these incidents occurred and any disruption they may have caused,” the company said.
In fewer than 400 cases, Roku wrote in the post, “malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in these accounts, but they did not gain access to any sensitive information, including full credit card numbers or other full payment information.” As a protective measure, Roku said it has implemented two-factor authentication for all Roku accounts, even for those that have not been impacted by these recent incidents.
Read more on deadline.com