How to know if you've been hacked as Roku accounts are sold on the dark web

Thousands of streaming service accounts belonging to Roku members have been hacked, with them now making their way on to the dark web where they're being offered up for sale.

Last Friday (8 March), the American company issued a letter explaining that more than 15,000 of its members had had their details leaked after data breach at the firm.

What is Roku and what have they said about the hacking?

The company has more than 70 million users across the world, with Roku devices used to stream content from the likes of Netflix, Prime Video, and ITVX.

Confirming the hack, Roku said criminals behind it had tried customers' login details while also trying to buy subscriptions to other streaming services with debit and credit card details stored on accounts.

And in a more sinister development, BleepingComputer reports that accounts are being sold on the dark web for as little as 50 cents (36 pence) each.

Screenshots from one dark web marketplace showed 439 accounts up for grabs, according to the images posted on the website.

Rafael Henrique/SOPA Images/LightRocket via Getty Images

This would then allow whoever buys the account to use the stored card information to make illegal purchases.

How many Roku accounts have been affected?

In total, 15,363 accounts were hacked in what is called a 'credential stuffing attack'. Web developer Cloudflare says this is a 'cyber attack in which credentials obtained from a data breach on one service are used to attempt to log in to another unrelated service'.

In a notice confirming the data breach, Roku said: "It appears likely that the same username/password combinations had been used as login information for such third-party services as well as certain individual Roku accounts. As a result, unauthorised actors were able to obtain login information from third-party sources and then use it to access certain individual Roku accounts.

"After gaining access, they then changed the Roku login information for the affected individual Roku accounts, and, in a limited number of cases, attempted to purchase streaming subscriptions."

The company said it was taking the attack 'very seriously'.

Getty Stock Images

How to know if your Roku account was hacked

Roku should have contacted you.

The company said: "When we identified potentially impacted Roku accounts, we secured the accounts from further unauthorised access by requiring the registered account holder to reset the password, we investigated account activity to determine whether the unauthorised actors had incurred any charges, and we took steps to cancel unauthorised subscriptions and refund any unauthorised charge."

Therefore you should have had an email from Roku if you were impacted.

Didn't get one? It's safe to assume your account remains secure but we wouldn't blame you if you wanted to change your details anyway.