Article 6M6Z2 Roku forcing 2-factor authentication after 2 breaches of 600K accounts

Roku forcing 2-factor authentication after 2 breaches of 600K accounts

by
Kevin Purdy
from Ars Technica - All content on (#6M6Z2)
GettyImages-15563750851-800x534.jpg

Enlarge (credit: Getty Images)

Everyone with a Roku TV or streaming device will eventually be forced to enable two-factor authentication after the company disclosed two separate incidents in which roughly 600,000 customers had their accounts accessed through credential stuffing.

Credential stuffing is an attack in which usernames and passwords exposed in one leak are tried out against other accounts, typically using automated scripts. When people reuse usernames and passwords across services or make small, easily intuited changes between them, actors can gain access to accounts with even more identifying information and access.

In the case of the Roku attacks, that meant access to stored payment methods, which could then be used to buy streaming subscriptions and Roku hardware. Roku wrote on its blog, and in a mandated data breach report, that purchases occurred in "less than 400 cases" and that full credit card numbers and other "sensitive information" was not revealed.

Read 3 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments