Roku data breach overview:
- Who: Roku disclosed a data breach that affected more than 15,000 customers; Bleeping Computer reports the breach led to threat actors selling compromised accounts for as little as 50 cents.
- Why: Roku attributed the data breach to a credential stuffing attack that locked certain users out of their accounts and led to a “limited number of cases” of efforts to purchase streaming subscriptions.
- Where: The data breach affected certain Roku customers nationwide.
A data breach targeted more than 15,000 Roku customers earlier in March, the company announced.
In what the company described as a credential stuffing attack, threat actors were able to change login information for certain Roku users, locking them out of their accounts and resulting in “a limited number” of attempts to purchase streaming subscriptions, according to a Roku data breach notice.
Roku said unauthorized actors were not able to access sensitive information such as Social Security numbers, fully payment account numbers or dates of birth, among other things.
“We are committed to maintaining the privacy and security of your Roku account and we are taking this incident very seriously,” the Roku data breach notice says.
Some Roku customers’ stolen accounts reportedly sold online for as little as 50 cents
The threat actors behind the data breach were reportedly selling compromised Roku accounts for as little as 50 cents, according to Bleeping Computer, which said the sellers also reportedly provided information on how to use the accounts to make fraudulent purchases.
In the Roku data breach notice, the company said it secured accounts affected by the data breach by requiring the registered account holder to conduct a password reset and that it is continuing to monitor for signs of suspicious activity.
“If we discovered evidence that your Roku account was impacted, we have reset your Roku account password,” the data breach notice states.
The company also said it investigated whether threat actors made any fraudulent purchases with compromised accounts and took steps to cancel unauthorized subscriptions and refund unauthorized charges.
In past news involving Roku, an impasse in negotiations with Google for a YouTube TV contract renewal in 2021 nearly resulted in YouTube TV being pulled from the streaming service.
Were you affected by the Roku data breach? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
556 thoughts onRoku data breach impacts 15,000+ customers
I have a Roku account please add me
I have an Roku account add me
Add me to claim
Add My Name
Add me
So I have a rioku account and they’ve been charging me for Disney plus since September 2023 and I don’t have I canceled my subscription in September to Disney Plus but ryoku keeps charging me and when I contact them they tell me it’s not their problem it’s Disney’s fault
I have roku account please add me
Please add me I have a Roku account
Well I been get 4 charges from Roku and I only have 2 accounts
SEEMS LIKE ANYTHING CAN BE HACKED, OUR INFORMATION IS NEVERSAFE ANYMORE
Add Me Please
Please add me in lawsuit. I have 3 TV’s with roku accounts
I have roku and have had roku products
I have two Roku TV’s and a account
Add me please to the lawsuit