Roku said it canceled unauthorized subscriptions and refunded more than 15,000 accounts after discovering what they called “suspicious activity.”
The streaming TV giant – which reported $3.4 billion in revenue last year – said that from late December to late February, hackers used combinations of username and passwords breached by other services to log in to user accounts.
“After gaining access, they then changed the Roku login information for the affected individual Roku accounts and, in a limited number of cases, attempted to purchase streaming subscriptions,” the company said in letters violation notification.
“However, access to the affected Roku accounts did not allow unauthorized actors to access social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification.”
Roku’s security team said it notified law enforcement but did not wait for the investigation to conclude before taking action. After identifying potentially affected Roku accounts, the security team forced password resets and investigated account activity to determine if the hackers had made unauthorized charges.
All unauthorized charges have been reversed and users have been refunded.
The company did not respond to requests for comment on how it was able to distinguish between legitimate accusations and those related to hacker activity.
Roku added that it is still investigating the campaign to see if it can do more to protect customers.
The company said Maine regulators that 15,363 were affected and also deposit California Breach Notification Documents.
Experts have long warned that due to thousands of breaches, millions of username and password combinations are available on the Internet, allowing hackers to use automated tools to test them on other platforms . Because password reuse is so prevalent, hackers have no trouble hijacking accounts on various platforms.
Future saved
Intelligence cloud.