Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
Following a recent data breach, Roku has now revealed that it has discovered even more compromised accounts online and this time around, with over half a million users are affected.
Last month, the streaming giant announced that as many as 15,000+ customers could have had their passwords, usernames and credit card information stolen by hackers. To make matters worse, the hackers responsible then used these stolen credentials to buy access to other streaming platforms as well streaming gear from Roku’s website. From there, they then went on to sell the stolen Roku accounts they acquired for $0.50 a pop on the dark web.
Now though, Roku has provided new information on how it identified a second incident in which approximately 576,00 additional accounts were also compromised. Here’s everything you need to know along with some helpful tips on how you can keep your own Roku account safe from hackers.
Proactive instead of reactive
With major data breaches and other security incidents, most companies tend to only take action once their brand or customers are at risk. However, Roku took a different approach following its recent security incident.
While investigating last month’s security incident, the company discovered another similar occurrence in which 500k+ additional accounts were compromised by hackers. Just like with the first one, Roku’s investigation showed that there was “no indication that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident.”
Instead, the credentials used in both attacks were likely taken from another source, perhaps from a previous data breach or even a data leak. Roku thinks that once again, password reuse is to blame. As for the hackers responsible for this second security incident, they also used their newly acquired Roku accounts to make unauthorized purchases of streaming services and streaming hardware.
Fortunately though, they didn't gain access to any sensitive financial information like full credit card numbers from these stolen accounts.
How to keep your Roku account safe from hackers
If you’re a Roku user like myself, the news of what seems to be two back-to-back security incidents might have you concerned about your own account. Good thing there are some easy steps and precautions you can take right now to protect your Roku account.
The company has already reset the password for all of the affected accounts and it has also begun notifying customers directly about this incident. Likewise, Roku is refunding or reversing any charges made to a small number of accounts by unauthorized hackers.
At the same time, the company has enabled two-factor authentication (2FA) for all Roku accounts, including those that aren’t affected by this incident. As such, the next time you log into your account you will need to find a verification link in your email before you can access it.
If you’re still concerned about your Roku account though, you’re going to want to make sure that you are using a strong and unique password for it. While you can come up with one on your own or use a free password generator online to make one, all of the best password managers include this functionality plus they let you safely and securely store all of your passwords in one place.
Even though Roku has taken plenty of action on its end, you still want to carefully check your account as well as your bank statements for any suspicious activity. There could also be a chance that the hackers responsible try to use the information they’ve stolen to launch targeted phishing attacks. For this reason, you want to be very careful when opening or interacting with any emails purporting to come from Roku. Make sure to check the sender’s address to see if it’s genuine or not and you also want to avoid clicking on any links or downloading any attachments emails claiming to come from Roku may contain.
We’ll likely hear more about this incident from Roku once it completes its second investigation. In the meantime, though, stay vigilant online and contact Roku’s customer support department directly if you’re worried about whether or not an email from the company is legitimate.
More from Tom's Guide
