Major U.S. streaming TV service provider Roku had accounts from 15,363 customers compromised following a credential stuffing attack between late December and late February, according to The Record, a news site by cybersecurity firm Recorded Future.
After achieving initial account access through username and password combinations stolen from previous data breaches, threat actors proceeded to modify Roku login details, while some of the impacted accounts were subjected to streaming subscription purchase attempts, said Roku in breach notification letters. "However, access to the affected Roku accounts did not provide the unauthorized actors with access to social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification," said Roku, which also proceeded to implement forced account resets and refund affected accounts while canceling unauthorized charges. No further details were provided on how the illicit charges were identified.