Over 15,000 Roku Accounts Hacked & Sold Online to Use Peoples Saved Credit Cards

By

Luke Bouma

on

in

,

Today, Bleeping Computer reported that over 15,000 Roku accounts were hacked and sold online for as little as $0.50 each. These accounts were then used to make purchases using the stored credit cards on file.

It appears that Roku it self was not compromised but customers reused the same username and password on their Roku as they did with a 3rd party site or app that had been broken into.

Update: Roku is also offering full refunds to impacted customers.

Attacks like this are not new, as hackers often use stolen logins on multiple services to see where they have been reused. From there, they sell them to people looking for free access to paid services or, in the case of Roku, to buy hardware using the stored credit cards.

Here is the email sent to affected Roku customers:

What Happened. Roku’s security team recently observed suspicious activity indicating that certain individual Roku accounts may have been accessed by unauthorized actors. We conducted an investigation to identify affected accounts, determine the scope of the unauthorized activity, protect affected accounts from further unauthorized access, identify the legitimate account holders, and identify any personal information which may have been compromised. Through our investigation, we determined that unauthorized actors had likely obtained certain usernames and passwords of consumers from third-party sources (e.g., through data breaches of third-party services that are not related to Roku). It appears likely that the same username/password combinations had been used as login information for such third-party services as well as certain individual Roku accounts. As a result, unauthorized actors were able to obtain login information from third-party sources and then use it to access certain individual Roku accounts. After gaining access, they then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions.

Even if you are not a part of this breach, it is highly suggested that you do not reuse passwords between accounts. This helps protect you from one site being breached and from affecting other sites and services.

Please follow us on Facebook and for more news, tips, and reviews. Need cord cutting tech support? Join our Cord Cutting Tech Support Facebook Group for help.

Disclaimer: To address the growing use of ad blockers we now use affiliate links to sites like http://Amazon.com, streaming services, and others. Affiliate links help sites like Cord Cutters News, stay open. Affiliate links cost you nothing but help me support my family. We do not allow paid reviews on this site. As an Amazon Associate I earn from qualifying purchases.

Subscribe to Our Newsletter

* indicates required

Please select all the ways you would like to hear from :

You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp’s privacy practices here.