Roku warns that 576,000 accounts were hacked in new credential stuffing attacks after disclosing another incident that compromised 15,000 accounts in early March.
The company said the attackers used login information stolen from other online platforms to breach as many active Roku accounts as possible in credential stuffing attacks.
In such attacks, the threat actors leverage automated tools to attempt millions of logins using a list of user/password pairs, with this technique being particularly effective against accounts whose owners have reused the same login information across multiple platforms.
"After concluding our investigation of [the] first incident, we [..] continued to monitor account activity closely [and] we identified a second incident, which impacted approximately 576,000 additional accounts,"
Roku said on Friday.
"There is no indication that Roku was the source of the account credentials used in these attacks or that Roku's systems were compromised in either incident."
"In less than 400 cases, malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in these accounts, but they did not gain access to any sensitive information, including full credit card numbers or other full payment information."
As BleepingComputer
reported in March, threat actors are using credential stuffing attacks with Open Bullet 2 or SilverBullet cracking tools to compromise Roku accounts, which are then sold for as little as 50 cents on illegal marketplaces.
