Roku, one of the top streaming service companies in America, has reported a breach that has affected 576,000 accounts. The hackers used what’s called credential stuffing. This method is where bad actors retrieve stolen account credentials from one service and then apply them to other services to see if a user is using the same username and password for multiple services. This has been the second data breach in recent months. Recently, 15,000 accounts were affected by credentials being stolen from other services. Hacker groups have been a growing issue for enterprise companies in the last few years from ransomware with payouts in the millions and stolen sensitive data being sold on the black market. Implementing effective authentication methods has been one way to combat data breaches, but hackers have been getting more and more proficient at stealing account information in the cyber world.
With trillions of people using the internet worldwide, vulnerabilities in networks are inevitable. Safeguarding your network in both personal and business environments mean deploying patches regularly to keep devices up to date and having strong malware protection installed on all devices. Staying current on the education of the different tactics used to infiltrate networks like clicking links in phishing emails, having weak generic passwords, and outdated operating systems is crucial in preventing breaches.
Roku has released a statement stating that users are now required to go through MFA, which stands for Multiple Factor Authentication. This will require members to go through a two-step process to verify they own the account to successfully log on. They’ve also stated that they are refunding and reversing all charges that were made to the affected accounts.