Did anyone get a message from Roku? I saw it on Tom's guide- nothing from Roku. it was all your information including cc, passwords. So disappointed. why cant these big companies figure out how to keep our information safe? spend more time fixing their errors.
From what I’ve read, this hack was to get passwords from one place and then try them at other places. The underlying reason it works is because some people still use the same password at many places. If you’re not one of those, you should be safe from this one.
When I tried to log into the community today, my password did not work. I had to use the reset password feature to log in. Are they forcing everyone to change their password?
Probably no. Most likely your account triggered an automatic password reset due to maximum number of failed attempts. This is both a good thing and bad thing.
GOOD: It likely shows your account was not breached in the known published breach.
BAD: It means an email / password combination you have used likely at different site has been compromised.
You should make sure ALL your passwords are different for every site/app otherwise you are very vulnerable using the same password at many sites.
Strega2 wrote:From what I’ve read, this hack was to get passwords from one place and then try them at other places. The underlying reason it works is because some people still use the same password at many places. If you’re not one of those, you should be safe from this one.
Maybe, but how many people can keep up with a different password for every single app, website or program they have? And if you think those password keepers are safe....well.....enough said.
Well, if you’re convinced that a problem can’t be solved, then you’ll probably continue having the problem. If you don’t like any of the available password managers (not even any of the open source entirely local ones that have had independent security audits?), then there are such answers as: a document on your computer, or like my 91-year-old mom: a paper notebook.
You can also do hybrid things. Like a password manager has a bunch of random passwords. But you also have a rule in your head such as: after pasting the password from my manager, I add [whatever]. Even if the [whatever] is constant, the random stuff in front of it should keep you safe.
After agreeing to the new terms and conditions that were mandatory to make the device function, the local news reported that over 15 thousand Roku accounts were accessed and customer data, such as credit card details, is being sold. As I only subscribe to free services, I always felt that providing a credit card was odd, but now that we know that data is not secure, how do we proceed?
From the reports, these hackers used credentials from another hack. Basically, if you use the same email and password on multiple sites/services, one hack can result in you getting hit in multiple places.
Yes, so if you’ve used the same username/password at other sites, make sure to change those. Since you think it’s odd that Roku has your credit card, you can remove it if you wish. They encourage you to have one on file but don’t require it.
Did Roku reset your password? If not, then you are probably not one of the roughly 0.02% who were affected. Still, you might as well take this as an opportunity to make sure passwords aren’t being shared and maybe change passwords that are fairly simple, etc.
Heard the same also I read on the internet and claims that roku should send a notification to those whose information was stolen
i agree there should be better safe guards
has anyone been notified yet??
I called them yesterday. There was no small feat as they make it almost impossible to talk to a person there. they claimed that if anyone was part of the group (15K or 50K…?) that was hacked that Roku sent out an email to them, notifying them. I was not notified. Roku said that as a precaution they also then changed all Roku users passwords, such as what I found with my account. Then I reset it. I confirmed they did not have my credit card number.
How am I talk to a real role customer representative?
Not through their website. Have to query online for ‘Roku customer service’. I don’t have their number any more or I’d share it.
And you’d think on their site they would have made an announcement of this issue. And or send an email blast to all customers about it.
I agree
ROKU should have announced the hacking and advised us of the extent
Yes, already posted here on the community. It amounted to maybe 50,000 user accounts. Considering Roku has millions of users, it was a very small percentage of accounts that were hacked. It's a very good reason to not keep a credit card stored in your user account.
thanks, why did they not advise us? sure get enough emails from them? no cc, and now have to worry about passwords. i have 5 roku devices. have a good evening
If your account wasn't hacked, they had no reason to notify you. I would take the non-notification as a strong likelihood your account is fine.
atc98092 wrote:Yes, already posted here on the community. It amounted to maybe 50,000 user accounts. Considering Roku has millions of users, it was a very small percentage of accounts that were hacked. It's a very good reason to not keep a credit card stored in your user account.
Doesn't matter how many. Even one is too many. And we heard it from an outside source. This along with the bricked televisions from a forced arbitration, is enough to know they can't be trusted.
HOW TO GEEK is along time email subscription who is reporting:
"Roku will enforce mandatory two-factor authentication (2FA) on all accounts following security breaches that affected approximately 591,000 user accounts earlier this year. The breaches, apparently occurred in two separate incidents, with the first impacting 15,363 accounts and prompting closer monitoring of account activity in March. The company then discovered a much bigger breach affecting about 576,000 accounts. Less than 1% of all Roku accounts were affected by the breach, but due to the massive scale of Roku's installation base, that's still a lot of people. "
THEYRE ADVISING ALL ROKU ACCONTS TO CHANGE PW IMMED.
Anonymous all true, but missing one critical detail. The breaches did not happen on Roku servers. The breaches occurred on other sites, which did provide the thieves with stolen login credentials to that specific site. The issue is people often use the same user credentials on different sites, and that's what happened at Roku. The credentials stolen from other sites would work on the Roku site. Roku themselves did not lose any personal information, such as complete credit card info. By implementing 2FA, even if they have the correct credentials they cannot successfully log into the Roku account since they would also have to have access to the stolen email account as well.
How do I enable Two Factor Authentication to my Roku Web account ?
I'm a bit concerned about all the Roku accounts and passwords that has been stolen recently. If Two Factor Authentication would be requirement for all on-line accounts, then these types of thefts would be much harder and almost all prevented.
I have a free Roku acct, just use the box to stream netflix and amazon Prime video. I just heard of the HACK. I tried to login but it had a new password assigned. So I changed the password via their utility that sends the reset link.
Question, am i vulnerable in any way with the netflix and amazon Prime streaming through the Roku? Would the hacker have access to those two accts of mine?
Thanks in advance!
Dave
Montclair, NJ
dvarga wrote:I have a free Roku acct, just use the box to stream netflix and amazon Prime video. I just heard of the HACK. I tried to login but it had a new password assigned. So I changed the password via their utility that sends the reset link.
Question, am i vulnerable in any way with the netflix and amazon Prime streaming through the Roku? Would the hacker have access to those two accts of mine?
First, your account did not get hacked. Roku decided to mandate a password update as a precaution. If you had never received an email telling you your password had been changed, then no one had changed it. I received such an email after I changed it, but never before.
Your Netflix and Prime account passwords are not saved within your Roku account to the best of my knowledge. So even if your Roku account had been hacked that information would be safe. And my guess is even if Roku has passwords for any of your accounts (they do store a few) they would all be encrypted and of little use to a hacker. I'm not saying the encryption couldn't be hacked, but usually not worth the time and effort to the hacker.
So Roku's recent data breach of over 15,000 users with their credit card information stored on Roku was compromised - therefore, there is indeed a "risk" which you so casually cast aside. If Roku requires CC information, at least require 2 factor authentication for increased security but guess what? There is no 2FA available and nothing indicates that there will be any 2 FA in the near future.
As far as I can tell from reading various articles (some of which are sensationalism at its worst), credit card information wasn't actually stolen. People signed into accounts using a username and password the user used elsewhere (very, very bad practice) and then ordered subscriptions and Roku products. They didn't actually get any credit card number. If anyone has different information or more details I'd like to hear it.
I don't consider this a hack of Roku's system - just ignorant users getting burned. And 15 thousand out of millions upon millions of accounts is hardly a "massive breach". 🙄
Today Mar 14 in Yahoo web and android cell phone google web it show that Roku web was hacked by 50,000 account only out of millions and for sale at a site for .50 cents per account.
Luckily that I did not use my credit card but only antenna live Roku and Roku 3 player is still working well.
Roku did not ask holder/s to change password or any sort of precautions ... they leave it as is...
Roku doesn’t actually require a credit card, so if you don’t trust their security, then I would suggest you remove your CC information.
StopTheFomo wrote:So Roku's recent data breach of over 15,000 users with their credit card information stored on Roku was compromised - therefore, there is indeed a "risk" which you so casually cast aside. If Roku requires CC information, at least require 2 factor authentication for increased security but guess what? There is no 2FA available and nothing indicates that there will be any 2 FA in the near future.
I don't cast it aside casually, but consider how many millions of Roku user accounts there are and a breach of 15,000 is well under 1% of the total. It's not nothing to the ones that were breeched, but an extremely small number. Roku does not require CC information, other than to initially set up a user account (I really wish they would simply stop requiring that). Once the account is created, the CC can be removed with no impact on using the device, other than not being able to purchase anything directly through Roku (which I don't do anyway). I agree that 2FA should be implemented on anything that stores personal financial information.
I just created an account at:
https://my.roku.com/signup/nocc
and wasn't asked for a payment method. That's the way I originally signed up for Roku around 2016, based on searching for: roku sign up no credit card
I was hacked and it didnt take but 5 days for my bank account to be wiped out.
