Last week, Bleeping Computer reported that more than 15,000 Roku accounts were hacked and sold online for as little as $0.50 each. These stored credit cards for these accounts were then used to make purchases. So, how can you protect yourself? There is an easy way to make sure you are not hacked.
It appears that Roku itself was not compromised, but customers who reused the same username and password on their Roku as they did with a third-party site or app that had been broken into.
Attacks like this are not new, as hackers often use stolen logins on multiple services to see where they have been reused. From there, they sell them to people looking for free access to paid services or, in the case of Roku, to buy hardware using the stored credit cards.
Here is the email sent to affected Roku customers:
What Happened. Roku’s security team recently observed suspicious activity indicating that certain individual Roku accounts may have been accessed by unauthorized actors. We conducted an investigation to identify affected accounts, determine the scope of the unauthorized activity, protect affected accounts from further unauthorized access, identify the legitimate account holders, and identify any personal information which may have been compromised. Through our investigation, we determined that unauthorized actors had likely obtained certain usernames and passwords of consumers from third-party sources (e.g., through data breaches of third-party services that are not related to Roku). It appears likely that the same username/password combinations had been used as login information for such third-party services as well as certain individual Roku accounts. As a result, unauthorized actors were able to obtain login information from third-party sources and then use it to access certain individual Roku accounts. After gaining access, they then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions.
Even if you are not a part of this breach, it is highly suggested that you do not reuse passwords between accounts. This helps protect you if one site is breached.
Roku has been clear that it will refund any impacted customer and has already done so.
Please follow us on Facebook and X for more news, tips, and reviews. Need cord cutting tech support? Join our Cord Cutting Tech Support Facebook Group for help.