Roku, the popular streaming platform, recently disclosed a data breach resulting from a credential stuffing attack that has affected over 15,000 customer accounts, including credit card information & more.
A credential stuffing attack occurs when hackers utilize login information obtained from previous data breaches to gain unauthorized access to accounts. In this case, hackers exploited vulnerabilities in Roku’s system and used stolen credentials to infiltrate user accounts. Once inside, they swiftly changed login details, such as passwords and email addresses, effectively locking genuine account owners out of their own profiles.
The consequences of this breach were far-reaching. Hackers not only acquired access to streaming subscriptions but also made fraudulent purchases using stored credit card information without the knowledge of account holders. These stolen accounts were even sold on hacking marketplaces for as little as $0.50 per account, further exacerbating the consequences of the breach.
Pictured below is a screenshot of one of these stolen accounts available for purchase on a black market website.

As you can see, the seller even provided details on how to access the stolen credentials and make purchases with the users credit card information.
Roku has acted swiftly to mitigate the impact of the data breach. They have taken steps to secure the compromised accounts, enforced mandatory password resets, and delved into investigating any unauthorized purchases. By doing so, Roku aims to ensure that their users regain control over their accounts and are shielded from any further fraudulent activity.

Roku’s Response and Advice for Users

In a statement sent to affected users, Roku noted the breach and stated that the affected accounts have been secured.
We take our viewers’ privacy and security seriously and, as part of our commitment to those values and protecting your information, we are writing to notify you about a recent event that may have affected your Roku account…
“We” recently observed suspicious activity indicating that certain individual Roku accounts may have been accessed by unauthorized actors.
It appears likely that the same username/password combinations had been used as login information for such third-party services as well as certain individual Roku accounts. As a result, unauthorized actors were able to obtain login information from third-party sources and then use it to access certain individual Roku accounts…
After gaining access, they then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions.
As part of their response, Roku has urged users to carefully review their account activity, connected devices, and active subscriptions. By doing so, users can ensure that their accounts are only linked to legitimate devices and services. This step helps users identify any potential signs of fraudulent activity and take appropriate action to mitigate any risks.
While Roku has taken significant steps to address the data breach, it is crucial to highlight that the platform does not currently support two-factor authentication. Two-factor authentication adds an extra layer of security by requiring users to provide a secondary form of verification when accessing their accounts. Implementing two-factor authentication could have potentially prevented unauthorized access even in cases of credentials compromise, further enhancing account security.
We always preach the importance of online security and suggest using anonymous payment methods for anything bought online including the use of Bitcoin or Masked Credit Cards from companies such as Abine Blur.
This story was first reported by BleepingComputer which you can find below.
Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware
What do you think of Roku’s latest data breach? Let us know your thoughts in the comment section below!
For the latest news and tutorials in the streaming and tech world, be sure to sign up for the KODIFIREIPTVAdvisor with updates weekly.
This Advisor provides all the best tips, reviews, and guides to get the most out of your favorite streaming devices. Click the link below for your KODIFIREIPTVAdvisor Subscription:
KODIFIREIPTVAdvisor

This page includes affiliate links where KODIFIREIPTVmay receive a commission at no extra cost to you. Many times, visitors will receive a discount due to the special arrangements made for our fans. Learn more on my Affiliate Disclaimer page.