Streaming service provider Roku said Friday that it is investigating a breach that affected 15,000 user accounts earlier this year and has identified a second cyberattack that affected approximately 576,000 additional accounts.
The company said it has more than 80 million active accounts and the hackers did not have access to sensitive information such as full credit card numbers or other payment details.
Roku stock fell more than 2%.
However, the company says it has identified fewer than 400 cases in which this information was used to fraudulently purchase streaming service subscriptions or hardware products using payment methods stored in an account. said.
The company said it would refund or reverse charges for any accounts it determined had fraudulent purchases made as part of the attack.
Roku identified an unauthorized “credential stuffing” attack in which users may have used the same credentials across different platforms.
Meanwhile, the company has enabled two-factor authentication for all accounts to tighten security controls.
