Oh joy, another data breach, says Roku, the streaming giant, which disclosed that 15,363 streaming user accounts were obtained by “unauthorized individuals” who, as Variety reported, in certain cases aimed to buy streaming subscriptions through the hack.
So, get this: the company announced the breach on Friday, March 8, in a filing with the Attorney General’s Office in Maine. Now, in a report by Bleeping Computer, the perpetrators were trying to sell the stolen account details “for as little as $0.50 per account, allowing purchasers to use stored credit cards to make illegal purchases.” Sheesh. Scamming culture is cheap and scary.
Roku investigated account activity “to determine whether the unauthorized actors had incurred any charges, and we took steps to cancel unauthorized subscriptions and refund any unauthorized charges.”
Advertisement
Don’t get too unnerved. The 15,000-plus accounts are just a slither of Roku’s overall subscriber base. They said they had 80 million active users by the end of 2023.
“We take our viewers’ privacy and security seriously and, as part of our commitment to those values and protecting your information, we are writing to notify you about a recent event that may have affected your Roku account,” Roku said in a letter to users affected by the breach.
The company’s security team said it “recently observed suspicious activity indicating that certain individual Roku accounts may have been accessed by unauthorized actors.” Furthermore, they said, “It appears likely that the same username/password combinations had been used as login information for such third-party services as well as certain individual Roku accounts. As a result, unauthorized actors were able to obtain login information from third-party sources and then use it to access certain individual Roku accounts,” Roku’s letter says. “After gaining access, they then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions.”
Luckily, Roku accounts did not provide the hackers access to Social Security numbers, total payment account numbers, dates of birth, or other “similar sensitive personal information requiring notification.” THANKFULLY! The streamer said account holders who are concerned that their account may have been compromised are encouraged to do a password reset at my.roku.com. Well, these are the times, and they are scary.