Massive Roku security incident compromises over 500,000 accounts — what to do now

A Roku remote in hand in front of a TV with the Roku home page.
(Image credit: Tom's Guide)

Following a recent data breach, Roku has now revealed that it has discovered even more compromised accounts online and this time around, with over half a million users are affected.

Last month, the streaming giant announced that as many as 15,000+ customers could have had their passwords, usernames and credit card information stolen by hackers. To make matters worse, the hackers responsible then used these stolen credentials to buy access to other streaming platforms as well streaming gear from Roku’s website. From there, they then went on to sell the stolen Roku accounts they acquired for $0.50 a pop on the dark web.

According to a new blog post from the company, the hackers used credential stuffing as a means to gain access to these now compromised accounts. This is one of the main reasons why you want to avoid password reuse at all costs.

Now though, Roku has provided new information on how it identified a second incident in which approximately 576,00 additional accounts were also compromised. Here’s everything you need to know along with some helpful tips on how you can keep your own Roku account safe from hackers.

Proactive instead of reactive

With major data breaches and other security incidents, most companies tend to only take action once their brand or customers are at risk. However, Roku took a different approach following its recent security incident.

While investigating last month’s security incident, the company discovered another similar occurrence in which 500k+ additional accounts were compromised by hackers. Just like with the first one, Roku’s investigation showed that there was “no indication that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident.”

Instead, the credentials used in both attacks were likely taken from another source, perhaps from a previous data breach or even a data leak. Roku thinks that once again, password reuse is to blame. As for the hackers responsible for this second security incident, they also used their newly acquired Roku accounts to make unauthorized purchases of streaming services and streaming hardware.

Fortunately though, they didn't gain access to any sensitive financial information like full credit card numbers from these stolen accounts.

How to keep your Roku account safe from hackers

A woman looking at a smartphone while using a laptop

(Image credit: Shutterstock)

If you’re a Roku user like myself, the news of what seems to be two back-to-back security incidents might have you concerned about your own account. Good thing there are some easy steps and precautions you can take right now to protect your Roku account.

The company has already reset the password for all of the affected accounts and it has also begun notifying customers directly about this incident. Likewise, Roku is refunding or reversing any charges made to a small number of accounts by unauthorized hackers. 

At the same time, the company has enabled two-factor authentication (2FA) for all Roku accounts, including those that aren’t affected by this incident. As such, the next time you log into your account you will need to find a verification link in your email before you can access it. 

If you’re still concerned about your Roku account though, you’re going to want to make sure that you are using a strong and unique password for it. While you can come up with one on your own or use a free password generator online to make one, all of the best password managers include this functionality plus they let you safely and securely store all of your passwords in one place.

Even though Roku has taken plenty of action on its end, you still want to carefully check your account as well as your bank statements for any suspicious activity. There could also be a chance that the hackers responsible try to use the information they’ve stolen to launch targeted phishing attacks. For this reason, you want to be very careful when opening or interacting with any emails purporting to come from Roku. Make sure to check the sender’s address to see if it’s genuine or not and you also want to avoid clicking on any links or downloading any attachments emails claiming to come from Roku may contain.

We’ll likely hear more about this incident from Roku once it completes its second investigation. In the meantime, though, stay vigilant online and contact Roku’s customer support department directly if you’re worried about whether or not an email from the company is legitimate.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.