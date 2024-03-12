Key Takeaways Over 15,000 Roku accounts were breached due to credentials stuffing, not strictly the fault of Roku itself.

If you received an email urging you to change your password, do it immediately for account security.

Using a password manager can prevent unauthorized access to your accounts by generating secure passwords.

Have you used Roku in the past? If you did, did you use the same password for the service as you do for other online accounts? If you do, you might want to double-check them. Over 15,000 Roku accounts have been breached, and the hackers have been selling the accounts online for as little as $0.50 each.

Roku users suffer account leaks due to credential stuffing

As reported by Bleeping Computer, 15,363 Roku accounts were leaked online and sold for others to use. However, before you draw your ire toward Roku itself, it's worth noting that these accounts were leaked through what's called "credentials stuffing." This is when a hacker takes previously leaked account credentials and tries them on other platforms in hopes that they score a hit. It mostly affects people who use the same username and password on every website; once a hacker gets their hands on those credentials, it becomes a "skeleton key" for that user's accounts across the web.

In the data breach notice, Roku goes into detail on what these hackers were doing with the details:

"As a result, unauthorized actors were able to obtain login information from third-party sources and then use it to access certain individual Roku accounts. After gaining access, they then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions."

The importance of using a different password for each website

Roku went on to state that it forced a password reset on every breached account. As such, if you receive an email from Roku stating you should change your password, be sure to do so with a brand new password you don't use elsewhere. Also, double-check your bank statements to ensure a hacker didn't purchase a subscription without your knowledge. And if you did use your Roku password on your other accounts, you should change those ASAP before a hacker uses credentials stuffing to breach those, too.

In the future, you can avoid this problem using a password manager. These can generate secure passwords for you and store them so you don't need to remember them all. That way, if someone does get their hands on one of your accounts, they can't re-use the password to unlock your other accounts.