If you use a Roku account, make sure you secure it: Hackers recently targeted over 15,000 users of the TV streaming platform to buy unauthorized subscriptions.
On Friday, Roku notified authorities in California and Maine about the data breach, which ensnared 15,363 US residents.
The hackers targeted Roku users from Dec. 28, 2023, to Feb. 21, 2024. According to the company’s data breach notice, the cybercriminals likely hijacked the Roku accounts by using login/password combinations leaked from previous hacks at third-party services.
Since some users like to use the same login/password combinations across multiple websites, the leaked credentials gave the hackers a way to break into the affected Roku accounts. “After gaining access, they then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions,” the company said.
BleepingComputer adds that the hackers were likely taking over the Roku accounts with the goal of selling access to them for as little as $0.50. In return, buyers could make fraudulent purchases with the accounts, including Roku streaming devices and peripherals.
Roku discovered the hijacking in January. In response, the company identified the affected accounts, reset their passwords, and canceled the purchased streaming subscriptions, if any were made. The company also issued refunds for unwanted purchases.