Roku revealed that a breach compromised 15,363 streaming user accounts, stating that unauthorized individuals accessed these accounts.
Roku is a leading digital media and streaming content provider known for its range of products, including streaming sticks, boxes, home automation kits, sound bars, light strips, and TVs equipped with its proprietary operating system. The platform enables users to access popular streaming services such as Netflix, Hulu, and Amazon Prime Video.
In response to the breach, Roku took measures to safeguard the affected accounts, requiring registered users to reset their passwords. The company also conducted a thorough investigation into account activity to identify and rectify any unauthorized charges or subscriptions.
Although over 15,000 accounts were compromised, this represents only a fraction of Roku’s extensive user base, which stood at 80 million active accounts by the end of 2023. Roku beat Wall Street’s fourth-quarter revenue forecasts, boasting over 80 million active accounts globally and streaming over 100 billion hours in 2023. Despite this, shares fell as the company warned of tough times ahead in media and entertainment spending for 2024. Q4 revenue reached $984.4 million, up 14 percent, with a net loss of $78.3 million, or 55 cents per share, compared to a $237.1 million loss the previous year. Analysts had expected revenue of $968.2 million and a net loss of 54 cents per share. Roku’s guidance for Q4 was revenue of $955 million and a net loss of $85 million.
“We take our viewers’ privacy and security seriously and, as part of our commitment to those values and protecting your information, we are writing to notify you about a recent event that may have affected your Roku account,” the statement read.
According to Roku’s notification to customers, suspicious activity was detected by their security team, indicating potential unauthorized access to certain accounts. Investigation revealed that the perpetrators likely obtained usernames and passwords from third-party sources unrelated to Roku. These credentials were then used to access individual Roku accounts, where login information was altered, and in some cases, attempts were made to purchase streaming subscriptions.
“It appears likely that the same username/password combinations had been used as login information for such third-party services as well as certain individual Roku accounts. As a result, unauthorized actors were able to obtain login information from third-party sources and then use it to access certain individual Roku accounts.”
Importantly, Roku clarified that the breached accounts did not expose sensitive personal information such as Social Security numbers or full payment account details.
To address customer concerns, Roku advised affected users to reset their passwords through their website and provided additional guidance on creating secure passwords.
This incident underscores the ongoing challenges companies face in safeguarding user data and highlights the importance of robust security measures to protect against unauthorized access.
