Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Broadcasting & Cable
Broadcasting & Cable
Business
Daniel Frankel

Roku Has More than 15,000 User Accounts Hacked, Stolen Data Sold for 50 Cents Per Customer on the Dark Web

Computer hack.

Hackers have stolen personal data, including credit-card authentication credentials, of 15,363 Roku users, with individual user account data selling for just 50 cents each on the Dark Web. 

Some Roku users were locked out of their accounts, with data thieves coopting them to make nefarious in-app purchases. 

Roku began to notify affected customers on Friday via email with this message

The streaming company also released this statement to Next TV: “Roku’s security team recently detected suspicious activity that indicated a limited number of Roku accounts were accessed by unauthorized actors using login credentials obtained from third-party sources (e.g., through data breaches of third-party services that are not related to Roku). In response, we took immediate steps to secure these accounts and are notifying affected customers. Roku is committed to maintaining our customers’ privacy and security, and we take this incident very seriously.” 

Bleeping Computer was first to report the data breach on Monday. 

The data breach, which occurred "earlier this year," according to Roku, stemmed from what's described as a "credential stuffing" attack, whereby hackers steal usernames and passwords from, say, Roku, then try them out in a range of other services. 

Fortunately, Roku's data doesn't include social security numbers, full payment account numbers, or dates of birth.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.