Roku Enforces Mandatory 2FA After Credential Stuffing Attacks Impact 591K Accounts
April 15, 2024
Roku has implemented mandatory two-factor authentication for all 80 million users following two credential stuffing attacks.
The attacks compromised around 591,000 Roku customer accounts, leading to unauthorized purchases in fewer than 400 instances.
Attackers used known credentials and common passwords, suggesting the data may have originated from breaches of other services.
Roku's internal systems remain secure; no breach occurred within the company's infrastructure.
Mandatory password resets have been issued for all affected accounts.
Roku advises customers to create strong, unique passwords and to monitor their accounts for any unusual activity.
Summary based on 4 sources
Get a daily email with more Tech stories
Sources

The Register • Apr 15, 2024
Roku makes 2FA mandatory for all after nearly 600K accounts pwned
Dark Reading • Apr 15, 2024
Roku Mandates 2FA for Customers After Credential-Stuffing Compromise
Security Boulevard • Apr 15, 2024
Roku: Credential Stuffing Attacks Affect 591,000 Accounts
Slashdot • Apr 15, 2024
Roku Makes 2FA Mandatory For All After Nearly 600K Accounts Pwned - Slashdot