Roku cancels unauthorized subscriptions and provides refunds for 15k breached accounts

Omega Balla
Roku said it canceled unauthorized subscriptions and refunded more than 15,000 accounts after discovering what they called “suspicious activity.”

Roku said it canceled unauthorized subscriptions and refunded more than 15,000 accounts after discovering what they called “suspicious activity.”

The streaming TV giant — which reported $3.4 billion in revenue last year — said that from the end of December to the end of February, hackers used username and password combinations breached from other services to login to user accounts.

“After gaining access, they then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions,” the company said in breach notification letters.

“However, access to the affected Roku accounts did not provide the unauthorized actors with access to social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification.”

Roku’s security team said that it notified law enforcement but did not wait for the investigation to conclude before taking action. After identifying potentially impacted Roku accounts, the security team forced password resets and investigated the account activity to determine whether the hackers had made any unauthorized charges.

Any charges that were unauthorized were canceled and users were refunded.

The company did not respond to requests for comment about how they were able to distinguish between legitimate charges and ones connected to hacker activity.

Roku added that it was still investigating the campaign to see whether there is more they can do to protect customers.

The company told regulators in Maine that 15,363 were affected and also filed breach notification documents in California.

Experts have long warned that due to thousands of breaches, millions of username and password combinations are available on the internet, allowing hackers to use automated tools to test them on other platforms. Because password reuse is so prevalent, hackers have little trouble breaching accounts on a variety of platforms.

CybercrimeNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

ODNI releases new open-source intelligence strategy with limited details

Next Post

ODNI appoints new election security leader ahead of presidential race

Related Posts

China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration

A previously undocumented threat actor called CeranaKeeper has been linked to a string of data exfiltration attacks targeting Southeast Asia. Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the Mustang Panda actor. "The
Avatar
Read More