Roku hit with another cyberattack, exposing 576,000 accounts' data

Last month, the company announced more than 15,000 accounts had been impacted by a first breach that included fraudulent purchases in some cases.

Roku has been hit by another cyberattack, this time affecting nearly 40 times more accounts than did a similar incident earlier this year. 

The streaming company said Friday that it had identified a second security breach involving 576,000 customers as it was monitoring account activity after the first cyberattack, which affected 15,363 accounts.

In both incidents, Roku said hackers used a tactic known as "credential stuffing," meaning the unauthorized actors took username and password combinations leaked in other breaches to attempt to log into Roku's platform. This method targets those who use the same login information on multiple platforms, so it wasn't an attack on or within the Roku system itself.

"There is no indication that Roku was the source of the account credentials used in these attacks or that Roku's systems were compromised in either incident," the company said in a statement.

In fewer than 400 cases of breached accounts, hackers used stored payment information to purchase streaming service subscriptions and Roku hardware products, but the company said sensitive information like full credit card numbers was not accessed.