Roku data breach overview:
- Who: Roku disclosed a data breach that affected more than 15,000 customers; Bleeping Computer reports the breach led to threat actors selling compromised accounts for as little as 50 cents.
- Why: Roku attributed the data breach to a credential stuffing attack that locked certain users out of their accounts and led to a “limited number of cases” of efforts to purchase streaming subscriptions.
- Where: The data breach affected certain Roku customers nationwide.
A data breach targeted more than 15,000 Roku customers earlier in March, the company announced.
In what the company described as a credential stuffing attack, threat actors were able to change login information for certain Roku users, locking them out of their accounts and resulting in “a limited number” of attempts to purchase streaming subscriptions, according to a Roku data breach notice.
Roku said unauthorized actors were not able to access sensitive information such as Social Security numbers, fully payment account numbers or dates of birth, among other things.
“We are committed to maintaining the privacy and security of your Roku account and we are taking this incident very seriously,” the Roku data breach notice says.
Some Roku customers’ stolen accounts reportedly sold online for as little as 50 cents
The threat actors behind the data breach were reportedly selling compromised Roku accounts for as little as 50 cents, according to Bleeping Computer, which said the sellers also reportedly provided information on how to use the accounts to make fraudulent purchases.
In the Roku data breach notice, the company said it secured accounts affected by the data breach by requiring the registered account holder to conduct a password reset and that it is continuing to monitor for signs of suspicious activity.
“If we discovered evidence that your Roku account was impacted, we have reset your Roku account password,” the data breach notice states.
The company also said it investigated whether threat actors made any fraudulent purchases with compromised accounts and took steps to cancel unauthorized subscriptions and refund unauthorized charges.
In past news involving Roku, an impasse in negotiations with Google for a YouTube TV contract renewal in 2021 nearly resulted in YouTube TV being pulled from the streaming service.
Were you affected by the Roku data breach? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
556 thoughts onRoku data breach impacts 15,000+ customers
Add me I’ve had Roku for many years
Add me Roku settlement data breach.
ADD ME please to the Roku Settlement on data breach.
Add me, I’ve been effected
Add me please
Add me please!
Add me please to the Roku Settlement on data breach.
Add me
Add me please
Add me please
Roku is another example of corporate greed add me please
Yes I was as well as two employer’s and Att money just stolen 9: different bank accounts and 7 phones and now my new phone is breached and my new bank account vThat I Haven’t used yet and now my account is cleaned out so what we have to prove it no you thieves need to put it back plus pay interest and damages to our name and accounts and free secure service for 5 years. So sick of this not my fault.