Roku suffered another data breach, this time affecting 576,000 accounts

The company is switching on two-factor authentication for all users after a credential stuffing attack.

Will Lipman Photography for Engadget

Roku has disclosed a second data breach in as many months. While it was looking into a previous incident in which 15,000 accounts were affected, the company learned that another 576,000 accounts had been compromised.

In both incidents, Roku believes that the attackers used a method called credential stuffing. "It is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials," the company says.

Roku added that, in fewer than 400 cases, attackers used victims' Roku accounts to buy streaming subscriptions and Roku devices using stored payment methods. However, the hackers did not gain access to full credit card numbers or other payment information.

The company has reset the passwords for all affected accounts and informed users who have been impacted. The company is also turning on two-factor authentication for its more than 80 million active accounts. The next time you log in, you'll get a verification email. You'll need to click a link in the email before you can access your account. Meanwhile, Roku says it's refunding or reversing charges in the cases where the hackers bought subscriptions or hardware.

While the impact of this latest breach doesn't seem too disastrous, it's a good reminder that you should have a strong, unique password for every single one of your accounts. A password manager makes it much easier to have robust login credentials, as you'll only need to remember one main password or log in using biometric data.

This article contains affiliate links; if you click such a link and make a purchase, we may earn a commission.