Roku Discloses Data Breach: 15,000 Accounts Compromised

The streaming platform Roku has suffered a data breach, with more than 15,000 accounts compromised.

The company — which has more than 80 million active accounts — revealed the breach in filings with the state attorney generals of Maine and California on Friday. The filings indicate that 15,363 accounts were compromised between Dec. 28, 2023, and Feb. 21, 2024.

More from The Hollywood Reporter

Rather than a hacker breaking into Roku’s system, the filings indicate that the accounts were compromised by hackers that obtained login data from other sources.

“Roku’s security team recently detected suspicious activity that indicated a limited number of Roku accounts were accessed by unauthorized actors using login credentials obtained from third-party sources (e.g., through data breaches of third-party services that are not related to Roku),” a company spokesperson told The Hollywood Reporter. “In response, we took immediate steps to secure these accounts and are notifying affected customers. Roku is committed to maintaining our customers’ privacy and security, and we take this incident very seriously.”

The company, in a letter sent by mail to impacted accounts, said that the hackers, “in a limited number of cases,” used the accounts to try and purchase streaming subscriptions.

“Unauthorized actors separately obtained, from third-party sources that are unrelated to Roku, login information (combinations of sign-in email addresses and passwords) that they then used to access certain individual Roku accounts,” the letter continues. “However, access to the affected Roku accounts did not provide the unauthorized actors with access to social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification.”

Bleeping Computer, which first reported on the breach, wrote that actors were selling the stolen account credentials for as little as $0.50 each.

Best of The Hollywood Reporter