Roku has suffered a second data breach incident in this year, where both breaches were a resulting of attackers using credential shuffling technique. How the technique works is that attackers obtain logins from other sites to access accounts on Roku, and make unauthorized purchases. While the number accounts successfully compromised in both attacks, 15,000 and 400, are relatively small compared to the 80 million customer base of Roku, the fact that it’s happen twice over two months has made stockholders uneasy. In response to the recent breaches, Roku has implemented two-factor authentication on all accounts.
