Roku Mandates 2FA for Customers After Credential-Stuffing Compromise

  /     /     /  
Publicated : 23/11/2024   Category : security


Roku Mandates 2FA for Customers After Credential-Stuffing Compromise


Roku assures customers that no financial information was stolen and that any purchases made through user accounts have been reimbursed.



Roku is now making
two-factor authentication
(2FA) mandatory for its users after two separate incidents in which customer accounts were compromised.
Roughly 591,000 customers were affected earlier this year — the first instance, limited to 15,363 accounts, prompted Roku to keep a closer watch on customer account activity, which led to discovery of another incident affecting around 576,000 accounts. 
For around 400 customers, their accounts were reportedly used to purchase streaming subscriptions and Roku hardware using financial credentials stored in their accounts. These customers have been reimbursed for these charges, according to Roku, and the threat actors were not able to glean any sensitive financial information such as full credit card numbers. Social Security numbers, dates of birth, and other information also were not accessed, according to the data breach notice letter sent out. 
Roku stated in its blog post that it believes the attack occurred through the use of
credential stuffing
and said it has reset the passwords for affected accounts, in addition to mandating 2FA for all its users. 
According to Rokus
blog post
, The next time you attempt to log in to your Roku account online, a verification link will be sent to the email address associated with your account, and you will need to click the link in the email before you can access the account.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Roku Mandates 2FA for Customers After Credential-Stuffing Compromise