15,363 Roku accounts were compromised last year when criminals gained access to a large amount of sensitive data on the platform. Evidence suggests they obtained credit card information and attempted to make purchases.
This news comes from a pair of presentations Roku made on March 8 at the Maine and California attorney general's offices. Both come with a notice explaining exactly what happened. The document is publicly available if he wants all the details. But the gist of the matter is that the hackers purchased customer usernames and passwords from a third-party source and then proceeded to break into Roku accounts. This process is known as a credential stuffing attack, according to technology news site BleepingComputer, which initially discovered the two advisories.
After gaining access, the criminals changed the account login information, locking out the original owner. Roku claims that hackers also attempted to purchase streaming subscriptions using stored credit cards. Because the details were altered, account holders would not have received order confirmation emails if the hackers purchased something.
Stay safe
“Maine's filing states that the attacks occurred on December 28, 2023 and February 21, 2024.” In response, Roku quickly “protected accounts from further unauthorized access.” They then required registered owners to reset their passwords while they investigated the fraudulent activity. The company's experts successfully stopped the “unauthorized subscriptions” and refunded all charges made on the user's behalf.
They confirmed that other types of sensitive information, such as social security numbers, were not part of the attack. Roku's security team is currently on the lookout for any “signs of suspicious activity.”
A Roku representative didn't offer much new information when contacted for comment. In an email, they again explained the attacks, how they took immediate action, and added that the team is taking the “incident very seriously.”
The Roku representative gave us a list of what users should do in the future. First, they suggest resetting your password by visiting the My Roku website.
If you are having trouble accessing your profile, they ask that you contact the company for help. You can find a support phone number on the notification document. Next, check if additional subscriptions or unknown devices have been added. Most likely, they belong to a hacker. You can find them in your account dashboard.
We also recommend entering your credentials on HaveIBeenPwned to see if your data has been leaked online. Roku claims the incident only affects a “very small percentage” of subscribers, but it wouldn't hurt to check.
Diving deeper
Going back to BleepingComputer's report, the publication dug deeper into the situation and discovered an online retailer selling stolen login credentials. And get this: You can purchase access to a Roku account for as little as 50 cents.
Each listing comes with a set of instructions detailing how to change account details “to make fraudulent purchases.” What's worse is that these bad actors are apparently gloating on Telegram, posting screenshots of things they purchased using stolen credentials.
It is unknown how these logins made their way onto the Internet. It's possible that the credentials were taken from a previous breach and then posted to the dark market, but that's our best guess. It's a pretty scary situation all around. If you want to know how to strengthen your digital security, check out TechRadar's list of nine tips to protect your online life.