Roku cancels unauthorized subscriptions and provides refunds for 15k breached accounts

Omega Balla
Roku said it canceled unauthorized subscriptions and refunded more than 15,000 accounts after discovering what they called “suspicious activity.”

Roku said it canceled unauthorized subscriptions and refunded more than 15,000 accounts after discovering what they called “suspicious activity.”

The streaming TV giant — which reported $3.4 billion in revenue last year — said that from the end of December to the end of February, hackers used username and password combinations breached from other services to login to user accounts.

“After gaining access, they then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions,” the company said in breach notification letters.

“However, access to the affected Roku accounts did not provide the unauthorized actors with access to social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification.”

Roku’s security team said that it notified law enforcement but did not wait for the investigation to conclude before taking action. After identifying potentially impacted Roku accounts, the security team forced password resets and investigated the account activity to determine whether the hackers had made any unauthorized charges.

Any charges that were unauthorized were canceled and users were refunded.

The company did not respond to requests for comment about how they were able to distinguish between legitimate charges and ones connected to hacker activity.

Roku added that it was still investigating the campaign to see whether there is more they can do to protect customers.

The company told regulators in Maine that 15,363 were affected and also filed breach notification documents in California.

Experts have long warned that due to thousands of breaches, millions of username and password combinations are available on the internet, allowing hackers to use automated tools to test them on other platforms. Because password reuse is so prevalent, hackers have little trouble breaching accounts on a variety of platforms.

CybercrimeNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

ODNI releases new open-source intelligence strategy with limited details

Next Post

ODNI appoints new election security leader ahead of presidential race

Related Posts

TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer

A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. "This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors," Proofpoint said. "Additionally, the actor appeared to
Read More

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks – Patch ASAP!

The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE). The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read vulnerability through the
Omega Balla
Read More