Roku Enforces Mandatory 2FA After Credential Stuffing Attacks Impact 591K Accounts

April 16, 2024
Roku Enforces Mandatory 2FA After Credential Stuffing Attacks Impact 591K Accounts
  • Roku has implemented mandatory two-factor authentication for all 80 million users following two credential stuffing attacks.

  • The attacks compromised around 591,000 Roku customer accounts, leading to unauthorized purchases in fewer than 400 instances.

  • Attackers used known credentials and common passwords, suggesting the data may have originated from breaches of other services.

  • Roku's internal systems remain secure; no breach occurred within the company's infrastructure.

  • Mandatory password resets have been issued for all affected accounts.

  • Roku advises customers to create strong, unique passwords and to monitor their accounts for any unusual activity.

Summary based on 4 sources


Get a daily email with more Tech stories

Related Stories