Roku hackers breach 15,000 accounts, used data to subscribe to streaming services

www.foxbusiness.com ^ | March 12, 2024 4:17pm EDT | By Aislinn Murphy

[Red Badger]

The need for cybersecurity is 'nothing like we've ever seen before': Dan Ives Wedbush Managing Director of Equity Research Dan Ives reflects on the 'golden age for cybersecurity' on 'The Claman Countdown.'

Bad actors may have illegally gotten into thousands of people’s Roku accounts, Roku told the offices of two state attorneys general.

In a data breach notification to the Office of the Maine Attorney General, the video streaming company estimated the number of accounts affected by the breach at over 15,300. It let those customers know about the situation on Friday via a letter.

The "unauthorized actors" changed the login details of the compromised accounts after using usernames and passwords they likely got "from third-party sources" that Roku believed "had been used as login information for such third-party sources as well as certain individual Roku accounts" to get access, Roku said in the customer notification letter.

The company suggested the bad actors got the login combinations "through data breaches of third-party services that are not related to Roku." The information was reportedly sold, or the hackers used stored credit card information to sign up for streaming services attached to the device.

The letter is publicly available on both the Maine and California Attorney General websites.

Roku said sensitive personal information such as Social Security numbers, full payment account numbers and birth dates of the breached account holders were not accessed.

The bad actors did, however, try to use Roku accounts to sign up for paid streaming subscriptions "in a limited number of cases," the company said in the letter.

The company became aware of the incident between Jan. 4 and Feb. 21, according to the data breach notification submitted to Maine. The breach itself happened between Dec. 28 and Feb. 21.

"In response, we took immediate steps to secure these accounts and are notifying affected customers," a Roku spokesperson told FOX Business Tuesday. "Roku is committed to maintaining our customers’ privacy and security, and we take this incident very seriously."

Roku told customers via letter it "secured the accounts from further unauthorized access by requiring the registered account holder to reset the password, we investigated account activity to determine whether the unauthorized actors had incurred any charges and we took steps to cancel unauthorized subscriptions and refund any unauthorized charges."

The company’s security team "continues to actively monitor for signs of suspicious activity, to ensure that all customer information and data is kept secure," according to the letter.

Roku’s total number of active accounts rose to 80 million in the fourth quarter. Those accounts accumulated 29.1 billion hours of streaming in the three-month period and contributed to the 106 billion hours watched by Roku accounts over the course of the entire year, according to the company.

[small farm girl]

Happened to me...didn’t notice until I was reviewing charges (which I do not do near enough). Jerks.

[Red Badger]

Yes, people need to scan their charges EVERY MONTH. Not just ROKU, but EVERY STREAMING SERVICE.

And your credit cards, as they usually charge them directly...................

[NWFree]

My Roku credit card info is defunct and I never updated it for reasons like this

[4yearlurker]

I had to look up Roku to see what it was. Glad I am an old fuddyduddy.

[Red Badger]

It’s just one of many streaming services for people to watch movies, sports and etc..................lots of etc.............

[bobbo666]

This is Roku’s fault. They do contracts with 3rd parties and then do not enforce adequate security.

Banks do this when they let your Visa/MC card purchases pass thru 3rd party data handlers that operate from our PC/phone to the online store, to the bank, etc. Wherever a 3rd party is involved is a point of insecurity. And, the banks don’t do a damned thing to protect you.

This is common. 3rd parties are typically involved to push risk away. TO YOU.

[SunkenCiv]

• Nationwide McDonald's outage in Australia and Japan; internal systems down, stores affected, EFTPOS offline, app out. [03/15/2024]
  • Tech Ping: proton mail server and outlook my own . Proton has to reformulated outlook every time the computer turns on. Instead of leaving the emails in outlook. Ideas@ [03/14/2024]
  • "There's a lot of bad information": Beware TikTok tax advice [03/14/2024]
  • Trump Treasury Secretary Steve Mnuchin says he's looking to buy TikTok [03/14/2024]

  ---

• Heroic doctor dies days after exposing deadly COVID-Vax component [03/15/2024]
• No Such Thing as 'Long COVID,' Health Agency Says in Shock Claim: 'Unnecessary Fear' [03/14/2024]
• How the Anti-Vaccine Movement Pits Parental Rights Against Public Health (parental freedom legislation... "creates obstacles to vaccination, the foundation of pediatric care.") [03/14/2024]
• Warning: The annual flu vaccine is being transformed into an mRNA jab... [03/14/2024]
• Blood test shows 83% accuracy for detecting colorectal cancer in trial [03/14/2024]
• Cancer free [03/14/2024]

  ---

• Southern California Woman Terrorized Harassed By Alleged Dognappers [03/15/2024]
• 3-month-old baby mauled to death by family pit bull in NJ: reports [03/15/2024]
• Suspicious betting patterns emerging in sports wagering now [03/15/2024]
• 32-Year-Old Beauty Store Employee Beaten By Robbers Need Heart Transplant Following Brutal Attack, Father Says [03/14/2024]
• Leader of Gwinnett County restaurant robbery crew sentenced to life in prison [03/14/2024]
• PICTURED: Arizona teen Talan Renner whose millionaire dad tried to 'cover up his role' in murder of Preston Lord who was beaten to death outside Halloween party - as cops apologize for giving family court valet for their Tesla [03/14/2024]
• Virginia mother Vanessa Schwartz, 35, is struck and killed on her first night out since birth of her baby after being 'thrown out of Uber on side of highway and stumbling into traffic' [03/14/2024]
• 1 of 2 teens in Sumner shooting, robbery that caused man to lose eye, on house arrest [03/14/2024]
• Metro (OKC) family asks for prayers as teen remains in a coma after heart attack [03/14/2024]

  ---

• Cockpit Mishap Might Have Caused Plunge on Latam Boeing 787: Flight attendant hit a seat switch [03/14/2024]
• Former Horry County police officer 'violently thrown backwards' trying to help pilot after 2021 Socastee crash, lawsuit claims [03/14/2024]

  ---

• 6 eighth graders face criminal charges over 'hateful and racist' online chat: DA [03/15/2024]
• Oakland police see rise in smash-and-grab suspects targeting people sitting in their cars [03/14/2024]
• Berkeley parents raise $40K for private security to patrol campus as university plagued by 'armed robbery spree [03/14/2024]
• Expect the exoneration frenzy in Cook County to continue under Clayton Harris [Chicago] [03/14/2024]

  ---

• Uber says it will suspend services in metro area after Minneapolis vote [03/15/2024]
• Note to Black Lives Matter: Literacy Made Civilization [03/15/2024]
• Lyft, Uber plan to leave Minneapolis after city council forces them to hike driver pay [03/14/2024]
• Black, deaf Google worker who was touted as diversity success story sues tech giant for discrimination [03/14/2024]
• Kobe Bryant memorial riddled with spelling errors to be repaired after more than a month of ridicule from fans (DEI at work) [03/14/2024]

  ---

• Man in Thailand Goes on Rampage in Temple, Dies After Being Impaled by Buddha Statue [03/14/2024]