Roku data breach compromises 15,363 accounts. Here's what to know

In certain cases, the hackers accessed accounts' stored financial information and purchased subscriptions.

More than 15,000 Roku accounts were compromised in a data breach that, in some cases, gave "unauthorized actors" access to customers' stored financial information.

The company disclosed the attack in filings with the Maine and California attorney generals' offices Friday, noting it discovered and investigated the breach from Jan. 1 to Feb. 21. However, the breach began on Dec. 28, 2023.

In a notice to impacted customers, Roku said hackers had seemingly obtained thousands of logins from third-party sources where the same username and password combinations were used. That means it wasn't a hack on the Roku system itself but was likely the result of hackers finding credentials exposed in other company data breaches and checking for the same login uses on Roku.

After gaining access, the company said the hackers changed the affected customers' login information and attempted to purchase streaming subscriptions with the stored credentials in certain cases.

Bleeping Computer, which first reported the breach, said the financial information wasn't just taken to purchase a Netflix account, though. The publication says it found hackers were selling some stolen information for as little as $0.50 per account on a hacking marketplace, giving buyers access to the stored financial data on each profile.