TLDR:
– Roku data breach affected over 15,000 customers and stored credit cards were used for unauthorized purchases.
– Unauthorized actors gained access to accounts through credential stuffing and attempted to purchase streaming subscriptions.
Article Summary:
Roku, a media streaming company with a large customer base, recently notified over 15,000 customers of a data breach that allowed threat actors to use stored credit cards for unauthorized purchases. The company detected suspicious activity on certain accounts, initiated an investigation, and determined that a limited number of accounts were accessed through login credentials obtained from previous breaches. While the breach did not leak sensitive personal or financial information, stored credit cards were used to attempt unauthorized purchases of streaming subscriptions.
Roku advised customers to change their account passwords, monitor their online accounts and financial statements, and cancel any unwanted subscriptions. The company is taking steps to cancel unauthorized subscriptions and refund any unauthorized charges. While not a top target for cybercriminals, media streaming platforms like Roku sometimes fall victim to cyber-attacks, as seen in a 2022 data breach incident involving Plex.