The Desk appreciates the support of readers who purchase products or services through links on our website. Learn more...

Roku says 15,000 accounts affected by external data breach

Some Roku usernames and passwords were used by hackers following a cybersecurity incident at an unrelated company, Roku says.

Some Roku usernames and passwords were used by hackers following a cybersecurity incident at an unrelated company, Roku says.

An office building at the San Jose, California campus of streaming television technology developer Roku. (Photo via Google Street View)
An office building at the San Jose, California campus of streaming television technology developer Roku. (Photo via Google Street View)

Roku is warning more than 15,000 streamers that their usernames and passwords appeared in a data breach affecting a separate company.

In a letter filed with officials in California and Maine this week, Roku says it has begun notifying affected users that their passwords were located in a data dump involving an unknown third-party company.

Roku itself was not the target of a cybersecurity breach, but some hackers gained access to certain Roku user accounts by using the usernames and passwords that were disclosed in the security incident affecting the other company. Roku became aware of the matter last December when its security team flagged logins that came from suspicious devices and locations, and further investigation led them to the data dump that contained a cache of usernames and passwords used by their customers.

In some cases, hackers were able to gain access to a customer’s Roku account using the compromised username and password and, in a few instances, hackers tried to purchase streaming subscriptions through the Roku website by using a credit card stored on file, the company said.

The security website Bleeping Computer suggested hackers were able to infiltrate Roku customer accounts because the company did not implement two-factor authentication (2FA) or a secondary login step. They added that compromised Roku accounts didn’t just give hackers the ability to purchase streaming services — they also allowed hackers to buy Roku hardware like streaming sticks, sound bars and light strips, which are sold through the Roku website. Hackers who were able to make purchases shared their receipts on Telegram channels, where credentials were re-sold to others.

“We took immediate steps to secure these accounts and are notifying affected customers,” a Roku spokesperson said in a statement. “Roku is committed to maintaining our customers’ privacy and security, and we take this incident very seriously.”

Roku says it secured the accounts of affected customers, so those with compromised credentials could no longer make changes or otherwise access their accounts. The company is also working with a law enforcement agency to further investigate the matter.

Affected Roku users should take certain steps to secure their accounts, to include changing their passwords by using the “Forgot Password?” feature on the Roku website and modifying their password so that it is different from those used on other platforms.

Anyone with questions about the Roku security incident is asked to call the company at 1-816-272-8106 or reach out by email at [email protected].

Get stories like these in your inbox, plus free breaking news alerts on business and policy matters involving media and tech.

Get stories like these in your inbox, plus free breaking news alerts on business and policy matters involving media and tech.

Photo of author

About the Author:

Matthew Keys

Matthew Keys is a nationally-recognized, award-winning journalist who has covered the business of media, technology, radio and television for more than 11 years. He is the publisher of The Desk and contributes to Know Techie, Digital Content Next and StreamTV Insider. He previously worked for Thomson Reuters, the Walt Disney Company, McNaughton Newspapers and Tribune Broadcasting.
Home » News » Industries » Security » Roku says 15,000 accounts affected by external data breach