Roku is at the center of a cybersecurity storm, suffering a major new data breach just over a month after admitting over 15,000 user accounts were hacked.
The popular streaming hardware manufacturer has now said it is in the process of notifying over 576,000 users affected by a second hack, including some who are now having their account details sold on the dark web for as little as 50 cents.
In about 400 instances, Roku accounts have been used to make unauthorized purchases. Here’s what you need to know about the hack, and how to check if you’re affected.
How to Check if You’re Affected by New Roku Data Breach
First things first: as a Roku owner and user myself, I know you’re primarily here to find out if you’ve been caught up in the latest Roku data breach.
According to the company, all affected accounts have now had their passwords reset and been notified of the hack via email.
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.
That means that you should have had the heavy lifting done for you, so simply check your email or try to log in to your account ASAP to see if you’re among the 576,000 impacted users.
In a blog post revealing the hack, Roku has been keen to stress that the number is a small percentage of its 80m strong user base – but I’m less convinced a hack of over half a million accounts can be downplayed in any way.
What All Roku Users Should Do Next
Regardless of whether or not you’ve been notified by Roku, it’s pretty clear the set-top box and streaming stick maker has some ongoing vulnerability issues.
For its part, Roku has announced that it’s now making two-factor authentication (2FA) mandatory for all users. To this end, it has put together this guide to enabling and using it with your account. It’s pretty straight forward and is something I’ll definitely be doing myself.
I’d also highly recommend (as Roku has) that all users change their password as a matter of importance. If you’re looking for tips on creating a secure password, we’ve got a guide on how to test your password strength that’s a good starting point.
Beyond that, you should seriously consider using one of the best password managers, as these tools take so much of the pain out of creating and using super secure passwords to protect all your accounts.
What Else Should I Know About This April’s Roku Breach?
Well, if you’re interested in cybersecurity (or cybercrime) then you might want to know how Roku’s latest breach went down.
As was the case in March, Roku was breached using what’s called a “credential stuffing” attack, whereby hackers use automated tools to try and breach accounts using log in credentials stolen from other platforms.
It’s a form of “brute force” attack that’s only really effective because so many people re-use the same log in details across multiple accounts, despite it being widely acknowledged as bad practice.
