Categories
Latest News Roku

More Than 15,000 Roku Customers Affected By Data Breach

This post may contain affiliate links and we may earn a commission. Learn more

More than 15,000 Roku customers have been affected by a data breach. From what is understood, Roku didn’t encounter the data breach directly. Instead, customers were impacted by a credential stuffing attack.

Credential stuffing refers to a cyber attack where details are obtained from one service and then used to access another service. For example, situations where a user might use the same username and password for more than one service, leading to the potential for multiple accounts to be compromised once one of the services encounters a data breach.

This appears to be exactly what has happened to those affected Roku customers. First reported by Bleeping Computer, Roku’s data breach notice explains that “unauthorized actors had likely obtained certain usernames and passwords of consumers from third-party sources.” In total, 15,363 U.S. customer accounts are understood to have been affected.

The notice goes on to explain that after gaining access to accounts, the unauthorized actors changed the login details to prevent the real account holders from regaining access to their accounts. In some cases, Roku notes, the unauthorized actors also attempted to purchase streaming subscriptions using the payment methods on file.

In addition to the information provided by Roku, Bleeping Computer reports that the unauthorized actors were also selling accounts online for as little as $0.50 each. Once sold, it was the buyer of the account that would then attempt to make purchases, including Roku devices and other hardware products, using the payment methods associated with the Roku account.

For those unsure of whether they have been impacted by this situation, Roku confirmed that it has reset passwords for those accounts. Basically, those users will now need to go to my.roku.com and use the “Forgot password?” option to reset their password before they can access their account again.

For those that can still access their Roku account without having to set a new password, it might be worth checking the Payments & subscriptions section under My account after logging in to the Roku website and checking for any recent and unusual hardware purchases, as well as any new streaming subscriptions. It may also be worth changing the password as a precautionary measure.

For reference, Roku did say it has since canceled or refunded any unauthorized purchases and subscriptions.

John Finn
Connect
Want to stay up to date on all our latest news and guides? Sign up to the Streaming Better newsletter.
John Finn

By John Finn

John Finn is the Founder and Editor of Streaming Better, a platform created in 2019 to help consumers navigate the complicated live TV streaming and subscription service market.

John has been covering technology for various online publications since 2014. After originally covering the wider tech industry as a writer and editor, John now spends his time focusing on the emerging video-streaming market, including live TV streaming, SVOD, AVOD, FAST, and TVOD services.

In a bid to keep up to date on the industry, John actively subscribes to multiple streaming services at the same time. However, John continues to advocate that the best approach for consumers is to rotate between streaming services as needed.

A Psychology graduate from England, who now lives in the US, John previously worked in the aviation industry as an airline reviewer. While reviewing airlines isn't quite the same as reviewing devices and streaming services, John brings the same analytical eye to all of his reviews and industry analysis, along with a special emphasis on what's best for the consumer.

Connect with John
Email: john@streamingbetter.com
X: @J_Finns
Website: JohnFinn.net

Leave a Reply

Streaming can be frustrating but please be respectful and avoid personal information. All comments are moderated according to our comment policy.