Roku Implements Mandatory 2FA After Nearly 600K Accounts Compromised in Cyberattacks

The streaming company has reset passwords and refunded unauthorized transactions, ensuring no sensitive financial information was accessed.

Nearly 600,000 Roku accounts were compromised in two separate incidents, with the larger breach affecting 576,000 accounts.
The breaches were attributed to credential stuffing attacks, where attackers used stolen login information from other sources.
Roku has implemented mandatory two-factor authentication (2FA) for all accounts to enhance security.
Fewer than 400 of the compromised accounts had unauthorized transactions, but all affected users have been reimbursed.
Roku assures no sensitive financial data like full credit card numbers were accessed during the attacks.