- Share this article on Facebook
- Share this article on Twitter
- Share this article on Flipboard
- Share this article on Email
- Show additional share options
- Share this article on Linkedin
- Share this article on Pinit
- Share this article on Reddit
- Share this article on Tumblr
- Share this article on Whatsapp
- Share this article on Print
- Share this article on Comment
The streaming platform Roku has suffered a data breach, with more than 15,000 accounts compromised.
The company — which has more than 80 million active accounts — revealed the breach in filings with the state attorney generals of Maine and California on Friday. The filings indicate that 15,363 accounts were compromised between Dec. 28, 2023, and Feb. 21, 2024.
Rather than a hacker breaking into Roku’s system, the filings indicate that the accounts were compromised by hackers that obtained login data from other sources.
Related Stories
“Roku’s security team recently detected suspicious activity that indicated a limited number of Roku accounts were accessed by unauthorized actors using login credentials obtained from third-party sources (e.g., through data breaches of third-party services that are not related to Roku),” a company spokesperson told The Hollywood Reporter. “In response, we took immediate steps to secure these accounts and are notifying affected customers. Roku is committed to maintaining our customers’ privacy and security, and we take this incident very seriously.”
The company, in a letter sent by mail to impacted accounts, said that the hackers, “in a limited number of cases,” used the accounts to try and purchase streaming subscriptions.
“Unauthorized actors separately obtained, from third-party sources that are unrelated to Roku, login information (combinations of sign-in email addresses and passwords) that they then used to access certain individual Roku accounts,” the letter continues. “However, access to the affected Roku accounts did not provide the unauthorized actors with access to social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification.”
Bleeping Computer, which first reported on the breach, wrote that actors were selling the stolen account credentials for as little as $0.50 each.
THR Newsletters
Sign up for THR news straight to your inbox every day