I was also forced to do a password reset this morning. Since I'm logged into the forum almost constantly (just needing to log in again every morning) I know there was nothing wrong with my password. Odds are they are pushing out a requirement to reset your password, although I would have expected an email about it. 

Roku Data Breach 28 Dec 2023 - 21 Feb 2024

I have a free Roku acct, just use the box to stream netflix and amazon Prime video.  I just heard of the HACK. I tried to login but it had a new password assigned. So I changed the password via their utility that sends the reset link.

Question, am i vulnerable in any way with the netflix and amazon Prime streaming through the Roku? Would the hacker have access to those two accts of mine?

Thanks in advance!

Dave

Montclair, NJ

---

@dvarga wrote:

I have a free Roku acct, just use the box to stream netflix and amazon Prime video.  I just heard of the HACK. I tried to login but it had a new password assigned. So I changed the password via their utility that sends the reset link.

Question, am i vulnerable in any way with the netflix and amazon Prime streaming through the Roku? Would the hacker have access to those two accts of mine?

---

First, your account did not get hacked. Roku decided to mandate a password update as a precaution. If you had never received an email telling you your password had been changed, then no one had changed it. I received such an email after I changed it, but never before. 

Your Netflix and Prime account passwords are not saved within your Roku account to the best of my knowledge. So even if your Roku account had been hacked that information would be safe. And my guess is even if Roku has passwords for any of your accounts (they do store a few) they would all be encrypted and of little use to a hacker. I'm not saying the encryption couldn't be hacked, but usually not worth the time and effort to the hacker. 

So Roku's recent data breach of over 15,000 users with their credit card information stored on Roku was compromised - therefore, there is indeed a "risk" which you so casually cast aside. If Roku requires CC information, at least require 2 factor authentication for increased security but guess what? There is no 2FA available and nothing indicates that there will be any 2 FA in the near future. 

Roku doesn’t actually require a credit card, so if you don’t trust their security, then I would suggest you remove your CC information. 

---

@StopTheFomo wrote:

So Roku's recent data breach of over 15,000 users with their credit card information stored on Roku was compromised - therefore, there is indeed a "risk" which you so casually cast aside. If Roku requires CC information, at least require 2 factor authentication for increased security but guess what? There is no 2FA available and nothing indicates that there will be any 2 FA in the near future. 

---

I don't cast it aside casually, but consider how many millions of Roku user accounts there are and a breach of 15,000 is well under 1% of the total. It's not nothing to the ones that were breeched, but an extremely small number. Roku does not require CC information, other than to initially set up a user account (I really wish they would simply stop requiring that). Once the account is created, the CC can be removed with no impact on using the device, other than not being able to purchase anything directly through Roku (which I don't do anyway). I agree that 2FA should be implemented on anything that stores personal financial information. 

I just created an account at:

https://my.roku.com/signup/nocc

and wasn't asked for a payment method.   That's the way I originally signed up for Roku around 2016, based on searching for:  roku sign up no credit card 

Cool, I didn't think that worked anymore. 🙂