Roku reported a data breach that affected over 15,300 accounts, stating that unauthorized actors accessed usernames and passwords likely obtained from third-party sources. These bad actors then changed the login details of compromised accounts, potentially using stored credit card information to sign up for streaming services. The company assured customers that sensitive personal information like Social Security numbers and full payment account numbers were not accessed.
Roku took immediate steps to secure affected accounts and notified impacted customers through a letter. The company’s security team continues to actively monitor for any signs of suspicious activity to ensure customer data remains secure. While the breach occurred between Dec. 28 and Feb. 21, Roku became aware of the incident between Jan. 4 and Feb. 21. Despite this cybersecurity incident, Roku saw an increase in active accounts to 80 million in the fourth quarter, culminating in 29.1 billion hours of streaming within three months.