Roku has issued a warning regarding a recent credential stuffing attack. In this incident, cybercriminals gained access to over 15,000 customer accounts to make fraudulent purchases of services and products. They used stored credit card information to purchase subscriptions and then sold those accounts to other buyers to make fraudulent purchases.
Roku, the TV streaming platform, places great importance on the privacy and security of its customers. As part of this commitment, they have informed us of a cybersecurity incident that impacted multiple customer accounts. The Roku team detected suspicious activity and confirmed that 15,363 accounts were affected by unauthorised access. Cybercriminals attempted to purchase streaming service subscriptions using login credentials obtained from third-party sources. These credentials included usernames and passwords that were not directly related to Roku.
The company investigated to determine the extent of the attack and locate the compromised personal information. It is important to note that the affected accounts used the same username and password combinations on third-party services and their individual Roku accounts. Roku is taking measures to address this issue and safeguard its users in the future.