Last year, 15,363 Roku accounts were compromised as bad actors gained access to a lot of sensitive data on the platform. There is evidence that they obtained credit card information and attempted to make purchases.
This news comes from a pair of filings Roku filed with the attorney general’s office on March 8 Maine And California. They both arrive with a message explaining exactly what happened. The document is publicly available if you would like to get the full details. But the gist is that the hackers purchased customer usernames and passwords from a third-party source and then entered Roku accounts. This process is known as a credential stuffing attack technical news site BleepingComputer who initially discovered the two communications.
After gaining access, the malicious actors changed the account’s credentials, locking out the original owner. Roku states that the hackers also attempted to purchase streaming subscriptions using stored credit cards. Because the data had been changed, account holders would not have received order confirmation emails if the hackers had purchased anything.
Keep safe
“The Maine file states that the attacks occurred on December 28, 2023 and February 21, 2024.” In response, Roku “quickly secured the accounts from further unauthorized access.” They then required registered owners to reset their passwords while the fraudulent activity was investigated. Company experts successfully stopped “unauthorized subscriptions” and refunded all charges incurred under a user’s name.
They confirmed that other types of sensitive information, such as social security numbers, were not part of the attack. Currently, Roku’s security team is watching for any further “signs of suspicious activity.”
A Roku representative didn’t offer much new information when reached for comment. In an email, they again explained the attacks, how they were taking immediate action, and added that the team is taking the “incident very seriously.”
Roku’s rep gave us a list of what users should do going forward. First, they recommend resetting your password by going to the My Roku website.
If you are having trouble accessing your profile, they ask that you contact the company for assistance. A telephone number for assistance can be can be found on the notification document. Then check if any additional subscriptions or unknown devices have been added. These will most likely be from a hacker. You can find them on your account dashboard.
We also recommend that you enter your login details HaveIbeenPwned to see if your data has been leaked online. Roku states that the incident only affects a “very small percentage” of subscribers, but it wouldn’t hurt to check.
Dive deeper
Looking back at the BleepingComputer report, the publication dug deeper into the situation and discovered an online vendor selling stolen credentials. And get this: You can buy access to a Roku account for just 50 cents.
Each offer comes with a set of instructions detailing how to change account information “to make fraudulent purchases.” What’s even worse is that these bad actors are seemingly gloating on Telegram and posting screenshots of things they bought with stolen credentials.
It is unknown how these logins ended up online. It’s possible that the credentials came from a previous breach and were then posted to the dark marketplace, but that’s just our best guess. It’s a pretty scary situation all around. If you want to know how to improve your digital security, check out Ny Breaking’s list of nine tips to protect your online life.