Fast Facts
- On April 12, Roku announced a security breach
- The hack affected 576,000 customers, some of which had their credit card info stolen
- Roku has enabled two-factor authentication on all customer accounts
Roku (ROKU) is having a rocky year when it comes to keeping customer data safe.
The streaming business announced a security breach on Friday, April 12, saying that 576,000 customer accounts were affected. The prior breach, which was announced March 12, affected 15,363 customers and involved credit card, password, and username information being stolen.
Related: Roku is planning a change users won't like
According to the statement Roku released, "In less than 400 cases, malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in these accounts, but they did not gain access to any sensitive information, including full credit card numbers or other full payment information."
Roku has responded to this new breach by emailing customers, resetting the passwords for all affected accounts, refunding or reversing charges unauthorized actors have made using stolen credit card information, and enabling two-factor authentication for all customers, even those who were not affected by the incident.
Here's the email Roku is sending to users that were hacked.
— Rich DeMuro (@richontech) April 12, 2024
It comes from <roku@emails.roku.com> if you want to search your inbox
The hack happened between March 4-9, 2024, and bad actors used stolen logins from another source (one more reason not to reuse passwords!)
They got… pic.twitter.com/iwsiFSP9zK
“[W]e sincerely regret that these incidents occurred and any disruption they may have caused,” the company said. “Your account security is a top priority, and we are committed to protecting your Roku account.”
Roku stock has yet to recover from the nosedive it took in Feb. after warning investors the streaming business was facing a "challenging year," going from $94.50 a share to $60.63 as of the time of this writing.
While customers may be feeling uneasy after the two cyberattacks, Roku did at least confirm to TheStreet yesterday that the patent it filed last year to potentially run ads on anything plugged into its Roku TVs HDMI ports was not going forward "at this time," saying, "Like the patents of many other technology companies, Roku patent applications often describe technologies explored by teams at Roku and many of these technologies do not become part of the products we sell."
Related: Veteran fund manager picks favorite stocks for 2024