In a recent update, Roku has announced a mandatory implementation of two-factor authentication for all customer accounts, following two significant security breaches.
In the past few weeks, Roku has experienced not one, but two serious security breaches, resulting in the compromise of customer account data. These breaches were not minor incidents; rather, they involved the unauthorized access and sale of Roku accounts, with hackers exploiting stored credit card information to initiate new subscriptions to various streaming services, as reported by Bleeping Computer. Fortunately, the most sensitive customer data, such as social security numbers and birth dates, remained secure.
Subsequently, Roku disclosed another security breach affecting 576,000 accounts. While sensitive data was once again safeguarded, the breach occurred due to credential stuffing, a method where hackers reuse credentials obtained from other data breaches to gain unauthorized access. As a precautionary measure, all affected accounts have been compelled to reset their passwords.
In response to these security challenges, Roku has swiftly enacted two-factor authentication for all user accounts. This immediate change requires users to set up 2FA via email authentication.