Roku Customers Advised to Check Credit Card Statements After Data Breach

More than 15,000 accounts were hacked in a credential stuffing attack that saw stored credit cards used for purchases.

If you have a Roku account, you might want to check your credit card statement, as the streaming service was reportedly breached, with accounts being used to make purchases.

The online world has become inundated with security breaches over the last few years, with everything from user data to financial information being compromised. The culprit is typically lax security on the part of big corporations, resulting in customers being at risk.

This appears to be the case for Roku, with a security breach leading to some serious consequences for its many users.

Roku Accounts Hacked in Breach

According to a security breach notice from Roku, the company was breached at the beginning of the year, giving hackers access to more than 15,000 user credentials. Even worse, the credentials were then sold to third-party services for as little as $0.50 per account.

The hackers in question then used a credential stuffing attack to gain access to accounts, where they were privvy to passwords, email addresses, and shipping addresses. Fortunately, they didn’t get everything.

“However, access to the affected Roku accounts did not provide the unauthorized actors with access to social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification.” – Roku breach notification

Still, access to the accounts allowed hackers to make purchases on the account with stored credit card information, which resulted in fraudulent charges being found on account holder statements.

What Is a Credential Stuffing Attack?

A credential stuffing attack is a kind of cyber-attack that typically follows a security breach that sought to steal user credentials from a particular service. It describes the practice of using the stolen credentials to spam the service in question to gain access to accounts.

It’s a bit more complicated than just a person inputting stolen information, though. In most cases, the process is automated, with a bot being fed the stolen user information and having it try to login in with it as often as possible.

Surfshark logo🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special offer.See deal button

More frustrating is the fact that, because credential stuffing attacks use legitimate user information to access accounts, there aren’t a lot of indicators that the account has been hacked, leading to even more lost data and money.

Check out our online safety guide for more information about hacks

How to Protect Yourself Online

Security breaches like this are frustrating, because there isn’t a lot that individual users can do to protect themselves. This breach is largely the fault of Roku, and it allowed hackers to access thousands of user records, which were then used to steal financial information and make purchases. Even worse, Roku doesn’t allow for two-factor authentication, so you wouldn’t have been able to secure your account any further to keep this from happening.

However, you can take steps to be safer online, even if it won’t save you every time. Password managers are a good place to start, allowing you to store all your credentials in an encrypted vault. They aren’t infallible, of course, but they can help you shore up your online security with complex, unique passwords across your dozens, if not hundreds, of accounts.

The reality is, though, that additional security measures like two-factor authentication are the best way to keep these kinds of attacks at bay. Subsequently, our recommendation for avoiding hacks in the future is to avoid services that don’t allow you to enable the advanced security measure. Otherwise, you’re at the whim of companies like Roku who clearly don’t value your online privacy enough to offer proper security protocols.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Conor is the Lead Writer for For the last six years, he’s covered everything from tech news and product reviews to digital marketing trends and business tech innovations. He's written guest posts for the likes of Forbes, Chase, WeWork, and many others, covering tech trends, business resources, and everything in between. He's also participated in events for SXSW, Tech in Motion, and General Assembly, to name a few. He also cannot pronounce the word "colloquially" correctly. You can email Conor at
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals