April 15, 2024 at 04:19PM
Roku is enforcing mandatory two-factor authentication for all users following two incidents where customer accounts were compromised. Approximately 591,000 customers were affected, with 400 having their accounts used for unauthorized purchases. The breach did not expose sensitive financial or personal information, and Roku has reset passwords for the affected accounts.
Key takeaways from the meeting notes:
1. Roku experienced two separate incidents of customer accounts being compromised.
2. A total of 591,000 customers were affected: 15,363 in the first instance and approximately 576,000 in the second instance.
3. Approximately 400 customers had unauthorized purchases made using their financial credentials but have since been reimbursed by Roku.
4. No sensitive financial information, such as full credit card numbers, Social Security numbers, or dates of birth, was accessed by the threat actors.
5. Roku believes the attack occurred through credential stuffing and has reset passwords for affected accounts.
6. Roku is now mandating two-factor authentication (2FA) for all its users, with a verification link being sent to the associated email address during login.
Let me know if you need any further assistance or information!