Roku Data Breach
| Company | Roku |
|---|---|
| Breach Date | January 4, 2024 |
| Disclosure Date | April 12, 2024 |
| Records Affected | 591,000 |
In early 2024, Roku disclosed two separate credential stuffing incidents that compromised approximately 591,000 user accounts. Attackers used credentials stolen from other breaches to access Roku accounts, and in some cases made unauthorized purchases.
What Happened
Roku identified two credential stuffing attacks in early 2024. In the first incident disclosed in March, approximately 15,000 accounts were compromised. A second, larger incident revealed in April affected roughly 576,000 additional accounts. Attackers used usernames and passwords obtained from third-party data breaches to log into Roku accounts. In fewer than 400 cases, the attackers made unauthorized purchases of streaming subscriptions or Roku hardware using stored payment methods. Roku clarified that its own systems were not compromised.
What Data Was Exposed
- Roku account credentials
- Stored payment method information (in some cases)
- Streaming subscription details
- Account settings and preferences
- Purchase history
Who Is Affected
Approximately 591,000 Roku account holders were affected. Users who reused passwords from other breached services were most vulnerable. About 400 accounts had unauthorized purchases made.
How to Check If You Were Affected
Roku notified affected users directly and reset passwords for compromised accounts. If your password was reset by Roku, your account was affected. Log into your Roku account at my.roku.com and review recent activity and purchases. Check HaveIBeenPwned.com to see if credentials you use elsewhere have been exposed in other breaches.
What You Should Do Now
- Change your Roku password to a strong, unique password
- Enable two-factor authentication on your Roku account
- Review your account for unauthorized purchases or subscription changes
- Check stored payment methods and remove any you do not actively use
- Request refunds for any unauthorized charges through Roku support
- Stop reusing passwords across multiple services
- Use a password manager to generate unique passwords
Last updated: February 10, 2026