Hackers hijack 15,000 Roku accounts and place orders on stolen credit cards — how to check if you're affected

The trademark Roku homescreen shown on a flatscreen television. Roku, which competes with Fire TV and Chromecast, brings streaming services, games, and other popular apps to any television via the HDMI port

ROKU PRESS OFFICE
Aaron Brown

By Aaron Brown


Published: 14/03/2024

- 09:15

Updated: 14/03/2024

- 09:15

Cybercriminals gained access to thousands of accounts using a "credential stuffing" attack

  • Roku has confirmed 15,363 accounts were compromised by hackers
  • Saved payment details were used to make unauthorised purchases
  • Hackers sold access to the stolen accounts for as little as $0.50 online
  • Roku has reset password for accounts under attack from scammers

Roku has suffered a cyberattack, with thousands of accounts breached by criminals.

Over 15,000 accounts have been accessed by scammers — enabling them to place orders with the credit card numbers stored with Roku. Fraudulent charges were racked up on streaming subscriptions as well as new hardware, Bleeping Computer reports.


According to Roku, a total of 15,363 accounts have been compromised in this latest credential stuffing attack. The latter refers to a scam when cybercriminals collect credentials exposed in recent data breaches and then use these leaked email address and password combos to attempt to log in to other websites and online services. In this case, hackers attempted to access Roku.com.

Credential stuffing is the reason that security experts warn you to never use the same password for multiple accounts. If one of these services suffers a breach, hackers could access dozens of others.

Once hackers have gained access to your account, they’re able to change critical information — like passwords, email addresses, and shipping addresses. This can be used to lock-out account owners.

In a “limited number” of cases, these Roku accounts had credit or debit card details saved in the account profile, enabling scammers to start spending, Roku has admitted. If the password has already been changed, account owners will be left unable to log in and halt the attack.

If you've saved payment details with your Roku account, hackers could purchase subscriptions to popular streamers like Netflix, Disney+, Paramount+, and others, within Roku.

According to Bleeping Computer, hackers who accessed Roku accounts with payment details have sold this stolen information for around $0.50 per account on a Dark Web marketplace.

Roku confirmed the attack in a data breach notice.

It reads: “Roku’s security team recently observed suspicious activity indicating that certain individual Roku accounts may have been accessed by unauthorized actors.

“Through our investigation, we determined that unauthorized actors had likely obtained certain usernames and passwords of consumers from third-party sources (e.g., through data breaches of third-party services that are not related to Roku). It appears likely that the same username/password combinations had been used as login information for such third-party services as well as certain individual Roku accounts. As a result, unauthorized actors were able to obtain login information from third-party sources and then use it to access certain individual Roku accounts.

“After gaining access, they then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions.”

Roku says it has now secured the hacked accounts by asking the legitimate account owners to reset their passwords. It’s currently working to cancel and refund unauthorised purchases made by scammers.

The streaming brand is encouraging all Roku account owners to...

  • Review the subscriptions and the devices linked to your Roku account. You can access that information from your Roku account dashboard
  • Always use a strong unique password for each of your online accounts
  • Remain vigilant against incidents of identity theft and fraud by monitoring your account activity, account statements, credit reports, and other online account information for suspicious activity and to report any suspicious activity promptly to your account provider or other applicable institutions

You may like