Roku, a streaming video provider, alerted users on Friday to a security breach affecting 576,000 accounts. The breach was found during an examination into a much smaller-scale incursion that Roku had to deal with in March. Roku explained that the hackers had used a technique known as “credential-stuffing,” in which they attempted credentials for users that had been released elsewhere, in order to get access to accounts where users had reused those passwords, instead of actually breaking into Roku’s own network through a security flaw. Less than 400 instances, according to the business, involved hackers really using their access to make transactions using the identities they had stolen. Nevertheless, the business changed all user passwords and added two-factor authentication to each account.
