Roku cyberattack leaves over 500K accounts breached

Roku has revealed that over 500K customers have been affected by a cyberattack and have alerted affected users.

Roku shared an update about how they’re protecting user accounts in a blog post on April 12, 2024, and shared news about two attacks that have happened.

In early 2024, Roku detected the first cyber attack that saw roughly 15,000 user accounts that were breached by what is called Credential Stuffing. The company says that bad actors likely acquired user account information from another website, and found out that the same information was used on the website.

After concluding the investigation of the original attack and securing users’ accounts, Roku continued to monitor accounts and found a second, much larger incident.

“Through this monitoring, we identified a second incident, which impacted approximately 576,000 additional accounts,” they said. “There is no indication that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident.”

“In less than 400 cases, malicious actors logged in and made unauthorized purchases of streaming service subscriptions and Roku hardware products using the payment method stored in these accounts, but they did not gain access to any sensitive information, including full credit card numbers or other full payment information.”

Roku says that they have reset the passwords of all affected accounts and have refunded those who were unfortunate enough to have a charge made to their payment method. To keep it from happening in the future, the company has enabled two-factor authentication for all accounts.