Roku announced in its latest update that all customers will be forced to use two-factor authentication after a series of massive security breaches.
The streaming platform faced two major security breaches within the span of a few weeks only, resulting in leaked customer account data.
Roku Suffers Two Consecutive Massive Security Breach
Last month, Roku disclosed that 15,000 accounts were breached by hackers. The acquired account information was found on sale online.
Reports also showed that hackers can store credit card details and use them to start other subscriptions to different streaming services. However, most sensitive data such as social security numbers and birth dates were not included in the breach.
Last week, Roku revealed that another security breach happened and the incident affected 576,000 customer accounts. The company shared that both attacks used credential stuffing which re-uses obtained credentials from previous data breaches.
Roku Strictly Enforces Two-Factor Authentication to Subscribers
After detailing the breaches to its users, Roku forced all the affected accounts to reset their passwords. In addition, the streaming platform has now enabled two-factor authentication for all user accounts by default.
"While the overall number of affected accounts represents a small fraction of Roku's more than 80M active accounts, we are implementing a number of controls and countermeasures to detect and deter future credential stuffing incidents," the company explained.
The strict implementation is effective immediately for all users. Subscribers of the streaming service are instructed to set up their 2FA through an email. Roku also created a dedicated support page on how to set up and sign in using the 2FA.
Roku also advised its users to create a strong and unique password for their streaming account. The company also reminded its subscribers to be alert for any suspicious messages that pretend to be from Roku.