The streaming platform Roku has experienced a data breach, resulting in over 15,000 accounts being compromised. Roku, known for its 80 million active accounts, disclosed the breach in filings with the state attorney generals of Maine and California. The breach affected 15,363 accounts between December 28, 2023, and February 21, 2024.
The filings revealed that the breach was not due to a hacker infiltrating Roku's system but rather hackers gaining access to login data from external sources. A Roku spokesperson stated that the security team identified suspicious activity indicating unauthorized access to a limited number of accounts using login credentials obtained from third-party breaches unrelated to Roku.
Roku promptly secured the compromised accounts and is notifying affected customers. The company emphasized its dedication to customer privacy and security, underscoring the seriousness with which it views the incident.
In a letter sent to impacted accounts, Roku disclosed that in some instances, hackers attempted to purchase streaming subscriptions using the compromised accounts. The unauthorized actors acquired login information, such as email addresses and passwords, from external sources unaffiliated with Roku.
Fortunately, the breach did not expose sensitive personal data like social security numbers, full payment account details, or dates of birth that would necessitate further notification. Bleeping Computer, the first to report on the breach, noted that the stolen account credentials were being sold for as little as $0.50 each.
