In a recent data breach, hackers managed to gain access to more than 15,000 Roku user accounts, selling the stolen records for as little as 50 cents each, according to online information security and technology news site BleepingComputer. The cable-TV streaming giant notified the California Department of Justice on March 8, stating that the breach occurred between December 28 and February 21.
The company’s security team detected suspicious activity indicating that a limited number of Roku accounts were accessed by unauthorized actors using login credentials obtained from third-party sources unrelated to Roku.
In response to the breach, Roku took immediate steps to secure the affected accounts and is notifying the impacted customers. The company stated that it is committed to maintaining customers’ privacy and security and is taking the incident very seriously.
During the investigation, Roku determined that the hackers changed login information for the affected accounts and, in some cases, attempted to purchase streaming subscriptions using stolen credit card data. However, the company claims that sensitive personal information, such as Social Security numbers, full payment account numbers, and dates of birth, was not accessed by the hackers.
Roku is resetting passwords on accounts that show evidence of being part of the breach. Affected customers can visit my.roku.com and use the “Forgot password?” option on the sign-in page to regain access to their accounts. The company is continuing to monitor for signs of suspicious activity.
Cybersecurity experts recommend that Roku users take proactive steps to protect their data, such as changing account passwords, enabling two-factor authentication when available, monitoring credit card statements for unauthorized charges, and being cautious of phishing emails posing as Roku support.