Roku, the popular TV streaming platform, has become the latest victim of a significant data breach, affecting 15,363 users across the United States, particularly in California and Maine. The breach, which took place from December 28, 2023, to February 21, 2024, saw cybercriminals hijacking Roku accounts to make unauthorized streaming subscription purchases. The hackers exploited login/password combinations previously leaked in third-party service hacks, targeting users who reused their credentials across multiple sites.Upon discovering the account hijackings in January, Roku promptly identified and secured the affected accounts, resetting passwords and canceling any unauthorized subscriptions. Additionally, refunds were issued for fraudulent purchases. Despite the breach, Roku assures that no sensitive payment data, birth dates, or Social Security numbers were compromised. The company has heightened its monitoring for suspicious activity to protect customer data.Interestingly, the breach disclosure follows closely on the heels of Roku introducing new dispute-resolution terms, requiring users to opt-in to continue using their devices. This move has sparked discussion, although Roku clarifies that the data breach disclosure is unrelated to these terms. The incident underscores the ongoing challenges of digital security and the importance of using unique passwords for online accounts. However, concerns have been raised about Roku's lack of two-factor authentication options, which could enhance security against such breaches.