Did anyone hear of the Roku Hack
Did anyone get a message from Roku? I saw it on Tom's guide- nothing from Roku. it was all your information including cc, passwords. So disappointed. why cant these big companies figure out how to...
Forum Discussion
Heard the same also I read on the internet and claims that roku should send a notification to those whose information was stolen
i agree there should be better safe guards
has anyone been notified yet??
External source https://finance.yahoo.com/video/roku-576k-accounts-hacked-second-165955992.html reports this today 04/14/2024: Roku: 576K accounts hacked in second data breach of 2024
When I entered my known credentials accurately to login to my Roku account, authentication failed and required me to click "Forgot my password" to initiate the reset procedure.
Aside from this community forum, I have seen no disclosures to inform Roku account holders about the first hack, nor the second hack, nor the need to initiate the manual process "Forgot my password".
I agree with Roku Guru VAR there should be better safeguards. 2FA/MFA is one.
Notification to account holders is also needed whenever their account data is breached OR rendered invalid.
RockOn wrote:
External source https://finance.yahoo.com/video/roku-576k-accounts-hacked-second-165955992.html reports this today 04/14/2024: Roku: 576K accounts hacked in second data breach of 2024I've now read more detailed information. Roku was NOT "hacked". Other sites were hacked and login credentials were stolen from "those" sites. If someone's credentials that were stolen were the same as they used on the Roku site, then they simply logged into the Roku account as if they were the real user. No one can protect an account from something like that unless they use two factor authentication. And Roku just implemented 2FA, forcing us to receive an email to the registered account address to complete login. And of course that will only keep someone out if they don't also have the password to the email account.
Using the same password on numerous web sites is dangerous, as this has demonstrated. But Roku was not at fault for any of it, unless you want to fault them for not deploying 2FA sooner. No data was stolen from Roku. Some services were charged to users Roku accounts, but Roku has refunded any such charges. Personal information, such as complete credit card numbers, were not stolen. And considering the uproar that has happened because they now implemented it, even after the publicity of this attack, shows people simply don't want to bother with increased security. But unfortunately we now have to accept 2FA to help keep our accounts safer.
Thanks, Dan. I understand your explanation. The hackers stole credentials from a different site, not from Roku. Only the credentials that were identical between that site and Roku became vulnerable to this credential stuffing attack.
I'm grateful to learn from you that Roku sent email yesterday to notify impacted users, implemented 2FA to keep our accounts safer, and refunded unauthorized charges.
RockOn wrote:
Aside from this community forum, I have seen no disclosures to inform Roku account holders about the first hack, nor the second hack, nor the need to initiate the manual process "Forgot my password".
I agree with Roku Guru VAR there should be better safeguards.
2FA/MFA is one. Notifying account holders whenever their account credentials get invalidated is another.Roku sent out an email yesterday about the second breach. If you didn't get one, then you might not have been impacted. Doesn't explain why you just had to reset your password, I know.
