ROKU – the company behind the popular Fire TV Stick rival – has admitted that more than 15,000 user accounts have been hacked.
Evidence suggests that hackers obtained credit card information from user accounts on two separate occasions and attempted to make fraudulent purchases.
GettyNot only were financial details exposed, but names, emails and passwords too[/caption]
The company says the first breach occurred last year, and a second attack occurred in February.
Roku added that it has refunded customers who were impacted by wrongful purchases.
Once bad actors gained access to the accounts via their leaked login information, hackers locked out the original customers.
According to Roku, many account holders will not have received email confirmation of fraudulent orders made via the account.
This is because the hackers swiftly changed the account information once they had broken inside.
It is encouraged Roku customers check their bank statements for any fishy purchases.
Not only were financial details exposed, but names, emails and passwords too.
How to keep your accounts secure
It is strongly advised that registered Roku users reset their passwords.
If the password that was leaked in the breach is one used for multiple accounts, then customers should also change the passwords on those accounts as well.
Roku says it required registered owners to reset their passwords while they investigated the wrongful activity – so you may have already done this.
However, it’s important to secure your other accounts too.
It’s also advised to set up two-factor authentication (2FA) on all the accounts you can.
Two-factor authentication is becoming increasingly popular – and is available across Google and WhatsApp accounts too.
It involves users need both a password and a passcode that’s texted to them to access accounts, and avoid hacking.
The breaches were documented in a filing made to the attorneys general’s office for Maine and California on March 8.
Here, Roku explains that the incidents occurred on December 28, 2023 and February 21, 2024.
In response, Roku says it quickly “secured the accounts from further unauthorised access”.
The company will continue to keep a watchful eye out for any more “signs of suspicious activity”.