Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
Leaving Website

You are now leaving and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

Hackers Steal Almost 600,000 Account Records of Streaming Service Giant Roku

Cable-TV cord cutters should take steps to protect their data

spinner image roku image on a tv
Tiffany Hagler-Geard/Bloomberg via Getty Images

TV streaming giant Roku disclosed April 12 that around 576,000 additional customers' accounts had been hacked, just about a month after it said more than 15,000 users' data had been compromised.

Last year, Roku said adults 50 and older were watching 40 percent of its total minutes streamed as of May 2022, and that age group was growing faster than any other. 

spinner image Image Alt Attribute

AARP Membership— $12 for your first year when you sign up for Automatic Renewal

Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP the Magazine.

Join Now

During the initial breach, stolen credit card data was used to purchase streaming subscriptions in some cases and stolen account records were sold for as little as 50 cents each, according to the online information security and technology news site BleepingComputer. Roku notified the California Department of Justice on March 8, saying the data breach occurred between Dec. 28 and Feb. 21.

In the latest incident, “there is no indiction that Roku was the source of the account credentials used in these attacks or that Roku’s systems were compromised in either incident,” the company said.

Are you using unique passwords? Hackers will check

The bad guys unleashed what security pros refer to as a “credential stuffing” attack in which they use stolen usernames and passwords from one platform to try to log into accounts elsewhere. The attack can be effective since many consumers reuse the same or similar login credentials across multiple services, considered a security no-no.

The San Jose company is a leading name among cord cutters, who use Roku-branded televisions or plug-in streaming devices to connect to Amazon Prime, Apple TV+, Hulu, Netflix and all the popular streaming services. Roku also operates its own channel with free TV shows and movies.

Just this week, Roku announced a new lineup of Pro Series televisions and a new backlit remote control so customers can use it in the dark.

Back in March, Roku emailed a statement to AARP that said its “security team recently detected suspicious activity that indicated a limited number of Roku accounts were accessed by unauthorized actors using login credentials obtained from third-party sources (e.g., through data breaches of third-party services that are not related to Roku).” Roku added that, “in response, we took immediate steps to secure these accounts and are notifying affected customers.” 

As part of that investigation, the company determined that once gaining access to the stolen account credentials, the criminals “changed the Roku login information for the affected individual Roku accounts, and in a limited number of cases, attempted to purchase streaming subscriptions.”

No Social Security numbers, birth dates imperiled, Roku says

Roku claims that the hackers were not able to access customer Social Security numbers, full payment account numbers, dates of birth or other sensitive personal information. It also says it is continuing to monitor for signs of suspicious activity.

The company reset passwords on any accounts where evidence suggested those accounts were part of the breach. To log in after a company password reset, go to and use the Forgot password? option on the sign-in page.

Technology & Wireless

Consumer Cellular

5% off monthly fees and 30% off accessories

See more Technology & Wireless offers >

Roku is refunding or reversing the charges on accounts where hackers purchased streaming subscriptions or Roku hardware.

“We also want to reassure customers that these malicous actors were not able to access sensitive user information or full credit card information,” Roku said.

Roku has more than 80 million active accounts, so the number of consumers apparently affected is less than 1 percent. Still, given this latest announcement, customers should not assume they evaded the crack in Roku’s security.

What can you do?

As always, practice robust digital security hygiene.

Create strong passwords that are not repeated across any of your other online accounts. Roku recommends a mix of at least eight characters, including numbers, symbols, and upper- and lower-case letters.

Review the subscriptions and devices linked to your Roku account, which you can see on your account dashboard. Periodically review statements for all your accounts.

Remain vigilant and report any suspicious activity to Roku and other companies you do business with.

Contact Roku with questions about the incident by calling 816-272-8106 or emailing

Consider obtaining your credit reports from one or more among Equifax, Experian and TransUnion. You can also obtain a free credit report online at or by calling 877-322-8228.

Think about a credit freeze on your file to prevent new credit cards from being opened in your name.

Report other suspicious activity to the Federal Trade Commission, your state’s attorney general office or law enforcement.

This story, originally published March 12, 2024, has been updated with the news of a second Roku breach.

Discover AARP Members Only Access

Join AARP to Continue

Already a Member?