15,363 Roku accounts were compromised, so it’s time to change your password

15,363 Roku accounts suffered a security breach as cybercriminals accessed sensitive user data, including attempted credit card fraud.

The incident was reported to the attorneys general of Maine and California on March 8, detailing how hackers acquired Roku customers' usernames and passwords from an external source and executed a credential attack stuffing (via TechRadar). The Maine filing says the attacks took place on December 28, 2023 and February 21, 2024.

The attackers were able to change account login information, blocking legitimate owners from attempting to purchase streaming subscriptions with stored credit cards. This change prevented account holders from receiving confirmation emails regarding unauthorized purchases.

In response, Roku immediately secured the compromised accounts and initiated a password reset for affected users while investigating fraudulent transactions. The company's efforts were successful in stopping unauthorized subscriptions and refunding all fraudulent charges. Roku assured that no social security numbers or equally sensitive data were compromised in the breach.

For user security, Roku recommends resetting passwords through the My Roku website and contacting their support if you have account access issues. Users should also check their accounts for unauthorized subscriptions or devices, likely indicators of hacking. Additionally, verify your information on HaveIBeenPwned can check if your data has been compromised. Despite the breach affecting a small fraction of Roku's user base, caution is advised.

Further investigation revealed an online marketplace selling stolen Roku account credentials for as little as 50 cents. The lists included instructions to make fraudulent purchases, with the culprits boasting about their exploits on Telegram through screenshots of their ill-gotten gains.