Roku data breach overview:
- Who: Roku disclosed a data breach that affected more than 15,000 customers; Bleeping Computer reports the breach led to threat actors selling compromised accounts for as little as 50 cents.
- Why: Roku attributed the data breach to a credential stuffing attack that locked certain users out of their accounts and led to a “limited number of cases” of efforts to purchase streaming subscriptions.
- Where: The data breach affected certain Roku customers nationwide.
A data breach targeted more than 15,000 Roku customers earlier in March, the company announced.
In what the company described as a credential stuffing attack, threat actors were able to change login information for certain Roku users, locking them out of their accounts and resulting in “a limited number” of attempts to purchase streaming subscriptions, according to a Roku data breach notice.
Roku said unauthorized actors were not able to access sensitive information such as Social Security numbers, fully payment account numbers or dates of birth, among other things.
“We are committed to maintaining the privacy and security of your Roku account and we are taking this incident very seriously,” the Roku data breach notice says.
Some Roku customers’ stolen accounts reportedly sold online for as little as 50 cents
The threat actors behind the data breach were reportedly selling compromised Roku accounts for as little as 50 cents, according to Bleeping Computer, which said the sellers also reportedly provided information on how to use the accounts to make fraudulent purchases.
In the Roku data breach notice, the company said it secured accounts affected by the data breach by requiring the registered account holder to conduct a password reset and that it is continuing to monitor for signs of suspicious activity.
“If we discovered evidence that your Roku account was impacted, we have reset your Roku account password,” the data breach notice states.
The company also said it investigated whether threat actors made any fraudulent purchases with compromised accounts and took steps to cancel unauthorized subscriptions and refund unauthorized charges.
In past news involving Roku, an impasse in negotiations with Google for a YouTube TV contract renewal in 2021 nearly resulted in YouTube TV being pulled from the streaming service.
Were you affected by the Roku data breach? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
553 thoughts onRoku data breach impacts 15,000+ customers
Yes
Please add me
Please add me
ROKU subscriber
please add me