Yes. The Roku breach occurred on January 4, 2024, affecting 591,000 records.

What data was exposed in the Roku breach?

Roku's 2024 credential stuffing attacks compromised 591,000 accounts. Learn what happened and how to secure your account.

What should I do if I was affected by the Roku data breach?

Check if your data was exposed using our free tool, change your passwords, enable two-factor authentication, and monitor your accounts for suspicious activity.

Roku Data Breach

Medium Severity 591,000 records affected Published February 10, 2026

Company	Roku
Breach Date	January 4, 2024
Disclosure Date	April 12, 2024
Records Affected	591,000

In early 2024, Roku disclosed two separate credential stuffing incidents that compromised approximately 591,000 user accounts. Attackers used credentials stolen from other breaches to access Roku accounts, and in some cases made unauthorized purchases.

What Happened

Roku identified two credential stuffing attacks in early 2024. In the first incident disclosed in March, approximately 15,000 accounts were compromised. A second, larger incident revealed in April affected roughly 576,000 additional accounts. Attackers used usernames and passwords obtained from third-party data breaches to log into Roku accounts. In fewer than 400 cases, the attackers made unauthorized purchases of streaming subscriptions or Roku hardware using stored payment methods. Roku clarified that its own systems were not compromised.

What Data Was Exposed

Roku account credentials
Stored payment method information (in some cases)
Streaming subscription details
Account settings and preferences
Purchase history

Who Is Affected

Approximately 591,000 Roku account holders were affected. Users who reused passwords from other breached services were most vulnerable. About 400 accounts had unauthorized purchases made.

How to Check If You Were Affected

Roku notified affected users directly and reset passwords for compromised accounts. If your password was reset by Roku, your account was affected. Log into your Roku account at my.roku.com and review recent activity and purchases. Check HaveIBeenPwned.com to see if credentials you use elsewhere have been exposed in other breaches.

What You Should Do Now

Change your Roku password to a strong, unique password
Enable two-factor authentication on your Roku account
Review your account for unauthorized purchases or subscription changes
Check stored payment methods and remove any you do not actively use
Request refunds for any unauthorized charges through Roku support
Stop reusing passwords across multiple services
Use a password manager to generate unique passwords

Last updated: February 10, 2026