Roku has reported a security breach affecting 15,363 streaming user accounts, where unauthorized individuals gained access to the accounts. The breach was disclosed in a filing with the Maine Attorney General's Office. The perpetrators of the data theft were attempting to sell the stolen account credentials for as little as $0.50 per account, enabling buyers to make illegal purchases using stored credit cards.
Roku took immediate action to secure the affected accounts by requiring registered users to reset their passwords. The company also investigated account activity to identify any unauthorized charges, cancel unauthorized subscriptions, and refund any unauthorized charges incurred by the hackers.
Despite the breach, the 15,000-plus compromised accounts represent only a small fraction of Roku's total user base, which stood at 80 million active accounts by the end of 2023. Roku emphasized its commitment to user privacy and security, notifying affected users promptly about the incident.
The security team at Roku detected suspicious activity indicating that certain individual accounts had been accessed by unauthorized actors. Investigation revealed that the hackers likely obtained usernames and passwords from third-party sources, unrelated to Roku, and used this information to access specific Roku accounts.
While the breach did not expose sensitive personal information like Social Security numbers or full payment account details, Roku advised concerned customers to reset their passwords on the company's website. Additional guidance on creating strong and secure passwords for Roku accounts can be found on the support page.
