12 March 2024

Roku data breach exposes 15,000 users to fraudulent purchases


Roku data breach exposes 15,000 users to fraudulent purchases

US streaming giant Roku has disclosed a data breach impacting more than 15,000 customers, leading to fraudulent transactions and unauthorized access to accounts. The breach, identified as a credential-stuffing attack, targeted credentials compromised in previous data breaches of third-party services.

According to Roku's official data breach notice, cybercriminals exploited login and password combinations leaked from unrelated third-party breaches to hijack Roku accounts. With some users employing same credentials across multiple platforms, threat actors managed to gain access to Roku accounts and change login information, and, in some cases, attempted to buy streaming subscriptions.

This breach left thousands of users locked out of their accounts, allowing hackers to exploit stored credit card information to make illicit purchases, all while users received confirmation emails for orders they did not authorize.

Upon discovering the breach in January 2024, Roku took action to secure affected accounts and enforced a mandatory password reset. The company said it conducted a thorough investigation to identify unauthorized purchases, cancel fraudulent subscriptions, and issue refunds to affected users.

The streaming platform assured users that the breach did not compromise sensitive personal data such as social security numbers, full payment account details, or dates of birth. Nevertheless, subscribers have been urged to review their account activity and memberships via the Roku dashboard to ensure the legitimacy of their accounts.


Back to the list

Latest Posts

Cyber Security Week in Review: September 6, 2024

Cyber Security Week in Review: September 6, 2024

In brief: the US charges Russian GRU hackers for attacks on Ukraine, Apache, Cisco, Zyxel patch high-risk flaws, Google fixes Android zero-day, and more.
6 September 2024
Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Some of the documents appeared to be part of legitimate Red Team exercises, while other were intended for malicious purposes.
5 September 2024
US seizes 32 domains linked to Russian Doppelganger influence campaign

US seizes 32 domains linked to Russian Doppelganger influence campaign

The domains, used to disseminate propaganda, were seized as part of a broader effort to disrupt Russia’s attempts to interfere in the 2024 US Presidential Election.
5 September 2024