In an update shared recently, Roku has announced that all customer accounts will be forced to use two-factor authentication following a couple of massive security breaches.
Over the past few weeks alone, Roku has gone through not one, but two major breaches in security. And these haven’t been simple exploits, as customer account data was breached in both instances.
In March, 15,000 Roku accounts were breached with the hackers selling the accounts online, as reported by Bleeping Computer. This included the ability for hackers to use stored credit card details to start new subscriptions to various streaming services. The most sensitive customer data, including social security and birth dates, were not breached.
Roku then disclosed that, beyond that, another security breach exposed customer data for 576,000 accounts.
Sensitive data was again not breached, but the method in which hackers gained access was through credential stuffing, which effectively just re-uses credentials obtained in other data breaches to attempt to gain access if a user has the same username and password across multiple accounts. All affected accounts have already been forced to change their password.
With that in mind, Roku has now turned on two-factor authentication for all user accounts. This change takes effect immediately, with users being prompted to set up 2FA through an email.
Roku details how to use two-factor authentication on a support page.
More on Roku:
Follow Ben: Twitter/X, Threads, and Instagram
FTC: We use income earning auto affiliate links. More.