Roku Faces Another Major Security Breach of 2024 Impacting Over 500,000 Users

Maryan Duritan
Maryan Duritan
IT Writer
Last updated: May 10, 2024
Why Trust Us
Our editorial policy emphasizes accuracy, relevance, and impartiality, with content crafted by experts and rigorously reviewed by seasoned editors for top-notch reporting and publishing standards.
Purchases via our affiliate links may earn us a commission at no extra cost to you, and by using this site, you agree to our terms and privacy policy.

Roku, the streaming platform has reported yet another security breach, its second big incident of the year, affecting around 576,000 customers. This recent breach saw hackers gaining unauthorized access to a significant number of Roku user accounts.

Second major security breach

Roku has recently confirmed a significant security breach, impacting around 576,000 user accounts. This breach, which involved a technique known as credential stuffing, occurred when hackers used usernames and passwords previously stolen from other data breaches. They then applied these credentials to gain unauthorized access to Roku accounts.

The hackers were able to get into Roku’s systems and see information about users’ accounts, such as payment methods. Hackers used this data breach to buy streaming service subscriptions and Roku streaming players without the owner’s knowledge. Roku found unauthorized activities in around 400 cases including the usage of partial credit card numbers.

Roku reassured its users that even though the breach was significant, it didn’t do too much damage. The hackers didn’t get full credit card numbers, addresses, or other very private information about people. The company is currently taking steps to improve security and stop hacks from happening again.

Credential stuffing hack

hacker with the computer, with purple color

Hackers employ a technique known as credential stuffing. Using stolen usernames and passwords from other hacks is one way to get into different services without permission. Roku suspects that these credentials may have been leaked by third-party sources. This is not the first time that Roku has been attacked in this way. In March, hackers got into the accounts of 15,000 users and stole their payment information.

Because of the most recent hack, Roku has taken steps to protect user accounts. The company has reset the passwords for the accounts that were hacked. Roku also promised to refund or undo any transactions that were made without the affected users’ permission using their payment methods.

Roku’s previous security breach

In a prior breach, reported by Bleeping Computer, Roku disclosed that 15,363 accounts had been compromised. The breach exposed credit card information, resulting in unauthorized purchases of streaming subscriptions on sites such as Netflix, Hulu, and Disney+.

Hackers also got into these accounts by using “credential stuffing.” Once they were inside, the attackers changed the login information, which gave them full control of the accounts and let them make deals without permission. It was also reported that on the dark web, the information of these hacked accounts was being sold for as little as 50 cents each.

Roku introduces two-factor authentication for all users

Two-factor authentication (2FA) is a big step that Roku has taken to make its 80 million active accounts safer. This measure is now used by all of its users, not just those who were directly affected by the recent breach. Users will get a verification link from the company that will tell them how to set up this extra security measure.

Roku wants to make it harder for people to get in without permission, especially by using methods like credential stuffing. This is why they are adding an extra step to the login process. This improvement is part of Roku’s larger plan to improve its security procedures and better shield user data from possible cyber threats.

Strengthening digital security

Recent security issues with Roku accounts show how important it is to have strong digital security. Even though these breaches were controlled, they show how important it is to be careful when keeping your digital assets safe.

Roku recommends the following steps to help keep your account safe:

  • Make your password strong: You must use at least eight characters, which should include numbers, symbols, letters, and capital and small letters. 
  • Stay alert: Be wary of messages that look like they came from Roku that you don’t trust. Contacting Roku Customer Support directly is always the best way to make sure that requests for personal information are real.
  • Keep up-to-date: Check your Roku emails often, log in to your account to see what charges you have, and read Roku’s blog and help pages for the latest security updates.

You can better protect your account from possible threats if you follow these tips. For more details on keeping your Roku account secure, refer to Roku’s support page.

In short

Roku has revealed that there was another major security breach that affected 576,000 users. This is the second such incident in 2024. The breach, which mostly happened because of “credential stuffing,” allowed unauthorized access to user accounts without permission and led to fraudulent purchases. Hackers got in by using stolen passwords and taking advantage of multiple accounts’ weak security. As a response, Roku reset the passwords for the accounts that were breached, promised to refund any purchases that were made without permission, and made two-factor authentication mandatory for all users to improve security and stop future hacks. The breach makes it clear that digital security is still not completely safe and that strong protections are needed.

Posted in :

Related terms

Related articles

About XPS's Editorial Process

XPS's editorial policy focuses on providing content that is meticulously researched, precise, and impartial. We adhere to rigorous sourcing guidelines, and every page is subject to an exhaustive review by our team of leading technology specialists and experienced editors. This method guarantees the integrity, pertinence, and utility of our content for our audience.

Maryan Duritan
Maryan Duritan
Maryan Duritan, a seasoned U.S.-based copywriter and SEO specialist, excels in making complex ideas accessible. She crafts compelling website content, blogs, articles, ebooks, press releases, and newsletters, tailoring tone and voice to match client goals and audience needs. Her creative precision transforms ideas into impactful content.

Why Trust Us

Our editorial policy emphasizes accuracy, relevance, and impartiality, with content crafted by experts and rigorously reviewed by seasoned editors for top-notch reporting and publishing standards.

Purchases via our affiliate links may earn us a commission at no extra cost to you, and by using this site, you agree to our terms and privacy policy.

Latest articles

Most popular

Latest articles

Popular categories

Artificial intelligence

Artificial Intelligence (AI) is a branch of computer science focused on creating systems that emulate human intelligence.


Cryptocurrency is a digital currency secured by cryptography and operates without a central authority.


Latest developments in technology, including new gadgets, software updates, industry trends, and breakthroughs in science and innovation.


Covers updates and developments in the video game industry, including new game releases, updates, reviews, and events.


Cybersecurity is protecting computer systems and data from digital attacks and unauthorized access.


Provides updates on financial markets, stock performances, economic trends, and investment strategies.


Updates on VPN technology, security features, service providers, privacy issues, and changes in regulations affecting VPN usage.


Networking connects computers and devices to share resources and information using hardware and software.