Roku City used to be a safe and welcoming place filled with picturesque purple sunsets and nostalgia-fueled movie references. Now it’s just a glorified commercial. But this is how most cities evolve, so we shouldn’t be surprised. What is surprising is that the company is not very good at discouraging hackers from taking a quick vacation to Roku City, where they subsequently compromised nearly 15,000 accounts. Gotham sure looks like the preferred fictional city right about now.
The Hollywood Reporter revealed that 15,363 Roku accounts were compromised between December 28, 2023 and February 21, 2024. Filings in California and Maine indicate that hackers obtained login data from another source to try and purchase streaming subscriptions.
A company spokesperson told The Hollywood Reporter:
Roku’s security team recently detected suspicious activity that indicated a limited number of Roku accounts were accessed by unauthorized actors using login credentials obtained from third-party sources (e.g., through data breaches of third-party services that are not related to Roku). In response, we took immediate steps to secure these accounts and are notifying affected customers. Roku is committed to maintaining our customers’ privacy and security, and we take this incident very seriously.
Bleeping Computer also reported that the stolen accounts were being sold for as little as $0.50 per account.
While it sounds scary, the company assured customers that the hackers did not gain access to “social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification.” It seems like they really just wanted to log in to Hulu and see what Shogun is all about.