On Friday, March 8, Roku sent out a notification to over 15,000 users to inform them about their accounts being breached by hackers.
Roku explained in the letter that the hackers likely obtained user data from other data breaches and used leaked username and password combinations to access Roku accounts. After gaining access to the Roku accounts, the hackers changed login details and, in some instances, tried to purchase streaming subscriptions with the stored credit card information.
Thankfully, Roku said, “access to the affected Roku accounts did not provide the unauthorized actors with access to social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification.”
As for what the company is doing, Roku said that it required all affected customers to reset their account passwords, investigated account activity to see if the hackers had incurred any charges, and canceled or refunded the unauthorized charges it discovered.
That means if you were affected by the hack, Roku will have already notified you via email. If you didn’t receive an email, you seemingly have nothing to worry about.
According to BleepingComputer, there’s more to this hack than what Roku is letting on. Sources have told the website that hackers are also selling the compromised accounts on stolen account marketplaces for as little as 50 cents each. BleepingComputer even shared a screenshot of one such marketplace where 439 hacked Roku accounts were still in stock.
Whether or not you received the notification about your account being impacted by this breach, it’s probably a good idea to change your password if you have a Roku account.
This has been a notably tumultuous month for Roku. The company recently came under fire for disabling access to its TVs and streaming devices until users agreed to new Dispute Resolution Terms. Worst of all, the only way to opt out is to physically mail a letter to its offices.