Hackers have reportedly gained unauthorized access to credit card information from approximately 15,000 Roku accounts, according to a disclosure from the media streaming company. With a user base exceeding 80 million active accounts, Roku has become a prime target for cybercriminals.
The breach notification, submitted to the California Office of the Attorney General, confirmed that the attackers were successful in obtaining credit card data. Roku’s security teams determined that the breach occurred within the Roku Channel and TV operating system, spanning from December 28 of the previous year to February 21 of the current year. However, the breach was only identified in February.
While financial details were compromised in the attack, sensitive personal information such as social security numbers, account numbers, and dates of birth remained secure.
All affected individuals have been notified of the data breach, and Roku is advising its customers to change their passwords and monitor their credit card statements for any suspicious activity.
This incident recalls a similar cyber attack on Plex, a competitor in the streaming content industry, in 2022. In that breach, hackers accessed email addresses, usernames, and hashed passwords of over 30 million users, but no financial information was compromised.
While the exposure of email addresses and passwords can pose long-term risks for users, potentially enabling access to sensitive data like medical records, the exposure of credit card details can directly threaten victims’ financial security if the breach goes undetected or unreported.
