Earlier this year we learned that Roku owners had their accounts illegally accessed and in some cases used to buy movies and TV shows or subscribe to streaming services. Last week Roku says they have found that this attack impacted 576,000 other Roku owners. Now Roku has turned on two-factor authentication for all Roku owners that make you enter a code from your email when you log in.
“After concluding our investigation of this first incident, we notified affected customers in early March and continued to monitor account activity closely to protect our customers and their personal information. Through this monitoring we identified a second incident, which impacted approximately 576,000 additional accounts.” Roku said in a statement on their website.
The issue here is that Roku owners reuse the same username and passwords on multiple services. When those accounts are breached, attackers use that password and username to access Roku and buy movies and TV shows or subscribe to streaming services. Turning on two-factor authentication will now help address this issue even if the users reused their passwords.
“There is no indication that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident. Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials. In less than 400 cases, malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in these accounts, but they did not gain access to any sensitive information, including full credit card numbers or other full payment information.” Roku said on its website.
Attacks like this are not new, as hackers often use stolen logins on multiple services to see where they have been reused. From there, they sell them to people looking for free access to paid services or, in the case of Roku, to buy hardware using the stored credit cards.
This two-factor will only affect you when you first log into your Roku. Once you do it you are all set and won’t need to do it every time you use your Roku. You can learn more about Roku’s two-factor authentication HERE.
Please follow us on Facebook and X for more news, tips, and reviews. Need cord cutting tech support? Join our Cord Cutting Tech Support Facebook Group for help.