Roku said Friday that accounts of more more than half a million customers were accessed by hackers.
The data breach is the second incident of its kind reported by the TV streaming service this year.
Both breaches were the result of a tactic known as “credential stuffing,” Roku said in a news blog post
“This method exploits the practice of individuals reusing the same login credentials across multiple services,” Roku said, adding that its security team concluded that Roku was not the source of the stolen credentials.
Roku said approximately 576,000 accounts were accessed in this months customer data breach.
In less than 400 cases, Roku said the hackers made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in those accounts.
But the hackers were not able to gain access to any sensitive information, including full credit card numbers or other full payment information, Roku said.
This the second time this year Roku was hacked. Last month the hackers gained access to more the 15,000 accounts using the customers login credentials. The customers were notified to change their login passwords.
Roku said they are going to start requiring two-factor authentication to login (normally a set of 6 numbers sent to the customer’s phone or email) for all accounts.