Roku Security

Late last month, entertainment conglomerate, Roku, had a significant security breach. Further, the streaming company changed its terms of service to make it harder for customers to take legal action. This article covers the specifics of the digital attack and how to protect yourself from what may be a new industry standard… 

The TWO Roku Security Breach 

In 2024, Roku security has been compromised not once — but twice. 

The company reported the first breach Mar 20, 2024, and was suspected to have occurred between January and February of that year. The first attack affected 15,363 accounts. 

However, cybercriminals accessed 576,000 users’ information the second time Roku was targeted in April. 

According to the entertainment service, the hackers got into their systems by cracking third-party servers…

AND CREDENTIAL STUFFING. 

Credential stuffing is where online crooks learn login information from one account and attempt to use it on others. Then if victims use the same credentials for multiple services, criminals get in. 

For that reason, Roku advised the customers affected to change usernames and passwords to protect their security. 

Nonetheless, what other information did the lawbreakers obtain and what did they do with it?

What Data Criminals Obtained Getting Through Roku Security 

Luckily, hypersensitive information is not generally stored by Roku. 

As such, the threat actors were only able to make unauthorized purchases in accounts with payment methods saved. 

This was the case for both Roku security breaches. Additionally, all fraudulent transactions have been refunded. 

THAT BEING SAID, THE FREQUENCY OF THESE INFRINGEMENTS IS CONCERNING. 

And while Roku is looking into changing security protocols, they are taking a page out of 23andMe’s book…

Making it harder for CUSTOMERS to take legal action against the brand for damages. 

Agreeing So You Can… Disagree? 

After the first strike in March, Roku sought to improve security — including for themselves. 

Whether by coincidence or because of the attack, the company changed its Terms of Service. Most notably, the new terms included a clause about forfeiture of rights to sue Roku without jumping through hoops…

ON TOP OF THAT, YOU MUST AGREE TO CONTINUE TO USE ANY ROKU SERVICES OR DEVICES. 

But, there is a way to work around this and still use Roku — but you gotta check “yes” first. After which, you must write a letter within 30 days to not accept those terms along with your device receipt. 

All in all, the Roku security breach has brought a lot to light — including where this company’s loyalties lie…

Be Great,

GCTV Staff

Disclaimer: This content is intended to be used for educational and informational purposes only. Individual results may vary. You should perform your own due diligence and seek the advice from a professional to verify any information on our website or materials that you are relying upon if you choose to make an investment or business decision. Investment, real estate, and business involve great risk and there is no guarantee of performance or results.We are not attorneys, investment advisers, accountants, tax professionals or financial advisers and any of the content presented should not be taken as professional advice. We recommend seeking the advice of a financial professional before you invest, and we accept no liability whatsoever for any loss or damage you may incur.