System breaches are never good news, especially if it was conducted by bad actors. Roku, while claiming that the hack was not direct, found that more than 15,000 accounts were affected by the attack with details being sold online.
(Photo : Rafael Henrique/SOPA Images/LightRocket via Getty Images)
Hacked Roku Accounts for Sale
Roku security team first noticed suspicious activity within its systems which indicated that there might be unauthorized access to some accounts. The company conducted an investigation and found that there was indeed, a breach. Roku immediately took action to prevent further hacker access.
For transparency, Roku announced that it has suffered a breach where hackers gained access to 15,363 accounts. According to the company, it might've been due to a breach of third-party services that are unrelated to Roku.
With the data obtained, the hackers likely performed what's called "credential stuffing," which is the practice where the stolen email and passwords are being used to log into other services. In some cases, the method works as some users use the same credentials.
Once the hackers gain access to the accounts, they would change the login information to gain full control and lock the owner out. In a "limited number of cases," the bad actors would even purchase streaming subscriptions, according to the notification.
Luckily, the breached accounts did not provide the hackers with other private information such as social security numbers, full payment account numbers, dates of birth, and other sensitive information that could cause more harm to the affected users.
Once the issue was identified, the accounts in question were secured from further unauthorized access, resulting in users needing to reset their passwords. If there were charges made by the bad actors, Roku either canceled them or refunded the payments.
Even after the notifications were sent out, the company continued the investigation of the incident to identify the proper course of action. A team in Roku is also currently monitoring other suspicious activities within the system.
The Verge reports that the hackers are selling the stolen information on a hacking marketplace for 50 cents per account. It's still unclear what kind of information was pulled from the hacked accounts, considering what Roku said they failed to acquire.
Read Also: Netflix Subscribers Who Pay Through iTunes Are Being Locked Out
What To Do
If you were among the account holders that were affected in the breach, then you likely have the notice sent to you as well. There are steps you can take to secure your account and make sure that the hackers' access is cut.
For one, you can review the subscriptions and the devices that are linked to your Roku account, making sure that no one else other than the people you authorized is using it. You can check the information through your Roku account dashboard.
Once you're prompted to reset your password, try to create more complicated ones so that hackers won't be able to brute force their way into your account. Try to create one that you haven't used or are currently using in other online accounts as well.
Monitor the activities in your account to make sure that you have pushed out the bad actors from using them, as well as your personal information. Should you find suspicious activity, report it to your account provider immediately so further action may be taken.
Related: Roku Disables TV Unless Users Agree on 'Dispute Resolution Terms'
