Roku Data Breach 28 Dec 2023 - 21 Feb 2024
From Office of the Maine @torney General Data Breach Notifications: Date(s) Breach Occured: 12/28/2023 - 2/21/2024 Date Breach Discovered: 1/4/2024 - 2/21/2024 From Over 15,000 hacked Roku account...
Forum Discussion
Modern strong authentication mechanisms used in or as multi-factor or two-factor authentication (MFA, 2FA) include Passkeys (a.k.a. WebAuthn), Tokens (e.g. YubiKey), and Time-based One Time Password (TOTP, a.k.a. your "authenticator app"). These are well supported by popular password managers and other tools.
Less robust second factor authentication methods include sending codes by email or SMS [Strongly discouraged].
For sites and services which only use weak password authentication, breaches provide access to accounts for anyone with access to the breach data. The best resource for information on breaches and checking your email (or domain) is Troy Hunt's Have I Been Pwned (HIBP).
I for one am flabbergasted as to why ROKU DOES NOT UTILIZE MFA/2FA etc to secure accounts! It is inexcusable and should be implemented. Now, more than ever. if you are concerned with end users not being able to log in with their TV, box etc, then enable what other sites do, a nice little link to join where you enter a predefined code on the TV to pair it once the user is logged in.
SERIOUSLY ROKU! Get with the program!!!! (No Pun intended)
