@o2night wrote:

---

Maybe, but how many people can keep up with a different password for every single app, website or program they have?

Everyone can and should. With the excellent secrets ("password") managers available for every platform and well integrated with modern web browsers, it's far easier and safer to manage and use good authentication - userid, unique long random passphrase, code and/or passkey  - than it has ever been.

And if you think those password keepers are safe....well.....enough said.

If by "password keepers" you mean tools such as 1Password, Bitwarden, Proton Pass and the like, then we really can make a fair comparison of the actual risks of using these tools compared to the various alternatives going back decades and it's not even close. The folks who have had to deal with their Roku account access being changed are the ones who are suffering the consequences of not having taken advantage of this technology.

No "security" advice applies indefinitely and no one step provides perfect protection against all threats, but right now and for many years to come, the single best step any of us can take to keep our accounts as well-protected as we are able is to use a secrets manager on all the systems which we use to access the accounts. As we've seen in this incident, it is the service providers such as Roku who let us down by not providing the standards-based opportunity to properly protect our accounts and what is stored in them.

How am I talk to a real role customer representative?

@atc98092 Oh, so we're fine if we didn't receive an email? Funny how you make users agree to the new terms and then get hacked.  NEVER buying another Roku product.

14k posts - are you damage control for Roku?

Not through their website. Have to query online for ‘Roku customer service’. I don’t have their number any more or I’d share it.

And you’d think on their site they would have made an announcement of this issue. And or send an email blast to all customers about it.

@zqmjadlzfltqdnp I can't say for certain that the lack of an email means your account wasn't affected. But it does seem reasonable. 

No, I don't work for Roku in any manner. I'm simply an experienced user that the company feels I have enough knowledge about most things with Roku devices to help people resolve problems. 

I agree

ROKU should have announced the hacking and advised us of the extent

I was hacked and it didnt take but 5 days for my bank account to be wiped out. 

External source https://finance.yahoo.com/video/roku-576k-accounts-hacked-second-165955992.html reports this today 04/14/2024: Roku: 576K accounts hacked in second data breach of 2024

When I entered my known credentials accurately to login to my Roku account, authentication failed and required me to click "Forgot my password" to initiate the reset procedure.

Aside from this community forum, I have seen no disclosures to inform Roku account holders about the first hack, nor the second hack, nor the need to initiate the manual process "Forgot my password".

I agree with Roku Guru VAR there should be better safeguards. 2FA/MFA is one.
Notification to account holders is also needed whenever their account data is breached OR rendered invalid.

---

@RockOn wrote:

Aside from this community forum, I have seen no disclosures to inform Roku account holders about the first hack, nor the second hack, nor the need to initiate the manual process "Forgot my password".

I agree with Roku Guru VAR there should be better safeguards.
2FA/MFA is one. Notifying account holders whenever their account credentials get invalidated is another.

---

Roku sent out an email yesterday about the second breach. If you didn't get one, then you might not have been impacted. Doesn't explain why you just had to reset your password, I know.