Roku admits data breach on 15,000 streaming accounts
MARCH 13, 2024 11.49 EUROPE/LONDON BY JULIAN CLOVER

Roku has confirmed a data breach that led to the details of accounts belonging to 15,363 users of its streaming service being hacked.

The company disclosed the matter in a filing with the office of the Maine Attorney General.

Bleeping computer reported the accounts were then sold on for as little as 50 cents a piece – allowing the purchasers to then make unauthorised purchases using credit cards lodged with the accounts.

In its report to the Attorney General, Roku said that its security team had “observed suspicious activity” on a number of accounts. It believes that the information had been obtained from a third party source not related to Roku. By obtaining both the user name and password, the hackers were then able to gain direct access to the accounts.

However, Roku says there was no access to information such as full payment account numbers, dates of birth or other similar data. It seems likely that those with the account details were not able to do much more than subscribe to some of the streaming services on the platform without the permission of the account holder.

Roku has now taken action to cancel any unauthorised subscriptions and identified accounts have been forced to change their password.