How Following Cybersecurity Best Practices Keeps Your Accounts Safe
The tried and true cybersecurity best practices are classics for a reason. Using strong and unique passwords, never reusing your passwords, taking advantage of MFA whenever possible: These tips aren’t just theoretical suggestions, but they actively keep your accounts safe. You see this in real-world examples all the time. Case in point, Roku: The company responsible for creating TVs and
The tried and true cybersecurity best practices are classics for a reason. Using strong and unique passwords, never reusing your passwords, taking advantage of MFA whenever possible: These tips aren’t just theoretical suggestions, but they actively keep your accounts safe.
You see this in real-world examples all the time. Case in point, Roku: The company responsible for creating TVs and streaming devices recently disclosed it had suffered not one, but two cyberattacks. Roku says it was investigating the first cyberattack, which affected around 15,000 users, when it discovered a second attack, this one affecting about 576,000.
Apparently, bad actors were able to obtain Roku user credentials from third-party sources, not Roku itself. In both attacks, bad actors had used the stolen logins to see if any were active Roku user accounts: They seem to have found almost 600,000 usernames and passwords that worked. Luckily, Roku itself was not breached, and no personal Roku information was stolen. Less than 400 user accounts had fraudulent charges made, and Roku is refunding all affected users.
While the number of users affected is objectively large, statistically, it’s a fraction of a percent of Roku’s total active users, which numbers around 80 million.
It’s here where we see how cybersecurity best practices would help: Bad actors were able to break into these Roku accounts because the accounts had reused passwords from other accounts. Those other accounts had their credentials leaked, and bad actors were able to use them successfully against Roku accounts—presumably, in addition to other accounts across the web.
Had these users not reused the password, bad actors wouldn’t have been able to break in. But more than that, Roku supports MFA: Even if someone reused a password on their Roku account, bad actors wouldn’t have been able to break into it with MFA, as they wouldn’t have had access to the trusted device to confirm their identity. In fact, Roku has activated MFA on all affected accounts automatically. Affected users just need to finish set up, and they’ll be protected against similar attacks in the future.
Attacks like the ones on Roku happen every day. By utilizing cybersecurity best practices, you can ensure your business accounts are always protected, even if a company has a breach.
Share This