Roku Mandates 2FA for Customers After Credential-Stuffing Compromise

April 15, 2024 at 04:19PM Roku is enforcing mandatory two-factor authentication for all users following two incidents where customer accounts were compromised. Approximately 591,000 customers were affected, with 400 having their accounts used for unauthorized purchases. The breach did not expose sensitive financial or personal information, and Roku has reset passwords for the affected accounts. … Read more

Roku makes 2FA mandatory for all after nearly 600K accounts pwned

April 15, 2024 at 11:40AM Roku is requiring 2FA for all accounts after attackers accessed around 591,000 customer accounts through credential stuffing attacks. Users affected by the compromise have been reimbursed, and no sensitive information was accessed. Roku emphasized the need for unique passwords and vigilant monitoring of suspicious activity. All users are encouraged to … Read more

Roku warns 576,000 accounts hacked in new credential stuffing attacks

April 12, 2024 at 11:06AM Roku disclosed two separate incidents of account breaches in March, with approximately 576,000 accounts compromised in the latest attack. Threat actors utilized stolen login information from other platforms to execute credential stuffing attacks. While some accounts were used for unauthorized purchases, Roku confirmed no sensitive information was accessed. Additionally, the … Read more