However, Roku’s security was not compromised in this breach.
This is a case of customers reusing old passwords.
An attack method calledcredential stuffingis responsible for this breach.
Hannah Stryker / How-To Geek
The emails and passwords used in this breach were obtained from previous, unrelated data breaches.
Several individuals or groups may have participated in this attack.
They likely used credential-stuffing tools like Open Bullet 2 to automate the attack process.
Buyers were encouraged to immediately change the login and recovery details for purchased accounts.
The number of accounts that were hit by fraudulent purchases is unknown.
Sensitive materials, such as birthdays or full payment details, were not exposed in this breach.
it’s crucial that you stop reusing passwords and consider using apassword manager.
I also suggest usingHaveIBeenPwnedto see if your credentials have appeared in a public data breach.
Of course, customers can’t be blamed for this breach.
Roku needs to take steps to prevent unauthorized account logins.
Roku published itsdata breach noticeon Friday, March 8th.
This notice will be sent to affected customers, though Roku has already forced customers to reset their passwords.
The company also says that it has identified and reversed fraudulent purchases.
