Roku TV accounts hacked in second cyberattack of its kind this year
Roku said Friday that accounts of more more than half a million customers were accessed by hackers.
The data breach is the second incident of its kind reported by the TV streaming service this year.
Both breaches were the result of a tactic known as "credential stuffing," Roku said in a corporate news blog post. Credential stuffing is a type of cyberattack in which hackers obtain a username and password from a data breach on one service and then attempt to log in with the stolen credentials across multiple services.
"This method exploits the practice of individuals reusing the same login credentials across multiple services," Roku said, adding that its security team concluded that Roku was not the source of the stolen credentials.
Roku said approximately 576,000 accounts were accessed in the latest incident.
In less than 400 cases, Roku said the hackers made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in those accounts.
But the hackers were not able to gain access to any sensitive information, including full credit card numbers or other full payment information, Roku said.
RELATED: Google to delete billions of 'Incognito' browsing data after lawsuit
Last month, Roku said hackers got into the accounts of about 15,000 customers by the same method.
Customers whose accounts were affected have been notified directly by Roku, and Roku is enabling two-factor authentication for all accounts moving forward.
Roku’s total number of active accounts rose to 80 million in the fourth quarter. Those accounts accumulated 29.1 billion hours of streaming in the three-month period and contributed to the 106 billion hours watched by Roku accounts over the course of the entire year, according to the company.
This story was reported from Detroit. FOX Business contributed.