Roku Enforces Mandatory 2FA After Credential Stuffing Attacks Impact 591K Accounts

April 16, 2024
Roku Enforces Mandatory 2FA After Credential Stuffing Attacks Impact 591K Accounts
Tech
Tech
Cybersecurity
Cybersecurity

  • Roku has implemented mandatory two-factor authentication for all 80 million users following two credential stuffing attacks.

  • The attacks compromised around 591,000 Roku customer accounts, leading to unauthorized purchases in fewer than 400 instances.

  • Attackers used known credentials and common passwords, suggesting the data may have originated from breaches of other services.

  • Roku's internal systems remain secure; no breach occurred within the company's infrastructure.

  • Mandatory password resets have been issued for all affected accounts.

  • Roku advises customers to create strong, unique passwords and to monitor their accounts for any unusual activity.

Summary based on 4 sources

Get a daily email with more Tech stories

Sources

Roku makes 2FA mandatory for all after nearly 600K accounts pwned

The Register • Apr 15, 2024

Roku makes 2FA mandatory for all after nearly 600K accounts pwned
Roku Mandates 2FA for Customers After Credential-Stuffing Compromise

Dark Reading • Apr 15, 2024

Roku Mandates 2FA for Customers After Credential-Stuffing Compromise
Roku: Credential Stuffing Attacks Affect 591,000 Accounts

Security Boulevard • Apr 15, 2024

Roku: Credential Stuffing Attacks Affect 591,000 Accounts
Roku Makes 2FA Mandatory For All After Nearly 600K Accounts Pwned - Slashdot

Slashdot • Apr 15, 2024

Roku Makes 2FA Mandatory For All After Nearly 600K Accounts Pwned - Slashdot

More Stories