More Roku customers have been impacted by a second data breach at the company, the company announced on Friday. The streaming brand disclosed a breach affecting 576,000 user accounts, which follows another recently unearthed incident involving 15,000 accounts.
In response to the new breach, Roku has enabled two-factor authentication for all Roku accounts, according to a blog post. The company said it’s notifying impacted users and has already reset their passwords.
Roku said with both breaches, login credentials used in the attacks likely came from outside sources, such as a web account where a user employed the same credentials. The company said “there is no indication” its systems were compromised.
A small number of customers were affected by unauthorized transactions, however. In its post, Roku said, “In less than 400 cases, malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in these accounts, but they did not gain access to any sensitive information, including full credit card numbers or other full payment information.” The company is reversing or refunding the unauthorized charges.
Roku has more than 80 million active accounts and provides streaming media players, smart TVs and a streaming platform that lets customers access apps such as Netflix and Disney Plus. As part of the new two-factor authentication, users must click a verification link sent to their email the next time they try to log in to their Roku account. The company is urging users to use strong, unique passwords and to look out for suspicious communications that claim to be from Roku. (Here’s more on how to keep your passwords safe and secure.)