Streaming service provider Roku said Friday it identified a second cyberattack that impacted about 576,000 additional accounts while investigating a breach that affected 15,000 user accounts earlier this yr.
The company, which had greater than 80 million energetic accounts, said the hackers didn’t gain access to any sensitive information corresponding to full bank card numbers or other payment details.
Roku’s shares were down greater than 2%.
However, the corporate said it identified lower than 400 cases where the knowledge was used to make unauthorized purchases of streaming service subscriptions and hardware products using the payment method stored within the accounts.
The company said it could refund or reverse charges for accounts where it has determined unauthorized purchases have been made as a part of the attack.
Roku pinned the unauthorized access to “credential stuffing,” where users could have used the identical credentials across different platforms.
Meanwhile, the corporate has enabled two-factor authentication for all of the accounts to beef up security controls.