Hackers Are Selling Off Stolen Roku Accounts With Credit Card Details For 50 Cents Each

roku compromised accounts sold online
Account credentials and personal data are hot commodities online, which often going up for sale at low prices so shady characters can move thousands of accounts quickly. This is reportedly what has happened to just over 15,000 Roku customers who had their accounts compromised due to credential stuffing attacks that occurred from December 28th, 2023, to February 21st, 2024. Thankfully, these attacks were detected and eventually halted, but not before threat actors made off with some valid information, allowing malicious data buyers to access the compromised accounts.

On January 4th this year, Roku detected and observed suspicious activity, indicating that some accounts may have been accessed without authorization. This triggered an investigation into the compromise, which found that threat actors were seemingly leveraging third-party sourced breach data and spraying those credentials against Roku to see what would work in a credential-stuffing attack. Of all the accounts attempted, 15,363 people had used the same email and password with Roku and whatever other platform was breached to gain the credentials.

The data breach notice explains that “after gaining access, [threat actors] then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions.” Subsequently, Roku has moved to re-secure the compromised accounts and is stopping any unauthorized purchases or subscriptions made on the account. However, it would seem that Roku’s security team may not have caught some of these accounts, as Bleeping Computer reports that some are still available to purchase online for as low as $0.50 per account.

As such, the breach notice recommends that Roku users review all subscriptions on, and devices linked to, their accounts. Further, using a strong and unique password for accounts is good to prevent this sort of thing from happening elsewhere. If you believe you were compromised, it is also good security hygiene to monitor your credit accounts and other information just in case your identity is stolen or compromised.

(Hero Image Source: Roku)