Roku, the popular streaming platform, has recently disclosed a security breach affecting more than 15,000 user accounts. The company revealed that unauthorized individuals gained access to these accounts, with some attempting to purchase streaming subscriptions using stolen credentials.
The breach was brought to light in a filing with the Maine Attorney General’s Office, where Roku reported that the perpetrators were looking to sell the stolen account details for as little as $0.50 each, enabling buyers to make illicit purchases using stored credit card information.
In response to the breach, Roku took immediate action to secure the affected accounts by mandating password resets for all registered account holders. Additionally, the company conducted a thorough investigation into account activity, canceling unauthorized subscriptions and refunding any illicit charges.
Although the breach impacted over 15,000 accounts, it represents only a small fraction of Roku’s extensive user base, which totaled 80 million active accounts at the end of 2023. In a letter to affected users, Roku emphasized its dedication to safeguarding user privacy and security, underscoring the company’s commitment to protecting user information.
Roku’s security team noted that the unauthorized access was likely facilitated by the use of compromised usernames and passwords from third-party sources, unrelated to Roku. It appears that the same login credentials used for these external services were also employed for certain individual Roku accounts, enabling unauthorized access to the platform.
This recent breach serves as a reminder of the ongoing importance of robust security measures and the need for users to exercise caution with their account credentials. As streaming services continue to gain popularity, ensuring the protection of user data remains a critical priority for companies like Roku.