Roku has disclosed a data breach affecting over 15,000 users. The service says hackers tried to make purchases using stored account information in some cases.
Roku has disclosed a breach that allowed hackers to gain access to 15,363 accounts and stored credit card information, as first reported by Bleeping Computer. In a notice sent to customers, Roku says hackers obtained login information and tried to purchase streaming subscriptions in a “limited number” of instances. Hackers likely obtained account information exposed in previous data breaches of third-party services, Roku says.
If the account had stored credit card info, hackers could also purchase subscriptions within Roku for services such as Netflix, Max, Paramount Plus, Hulu, Peacock, Disney Plus, and others. Bleeping Computer also found that hackers are selling the stolen information for around 50 cents per account on a hacking marketplace. One saving grace is that the Roku accounts didn’t reveal social security numbers, full payment account numbers, or dates of birth.