If history is anything to go by, the initial report is often the tip of the iceberg.
I wouldn’t be surprised if they announce next month that oh, actually, all 80 million were compromised.
And then they’ll come back a month later and say “oh, and another 500 million users, who don’t have an account with us and didn’t even know we were tracking them, yeah they were also compromised”.
Of course, that doesn’t happen every time, but it’s pretty common. I wouldn’t trust Roku to fully know what’s going on yet. There’s a good chance they are assuming it was credential stuffing but don’t actually have proof of that. Hackers usually try to cover their tracks which makes any investigation difficult.
To provide perspective. Let’s pretend this title isn’t misleading (it is, but we’re playing Pretend), as of the fourth quarter of 2023, Roku reported a total of around 80 million active accounts worldwide. 15k accounts amount to 0.019% of active users.
If history is anything to go by, the initial report is often the tip of the iceberg.
I wouldn’t be surprised if they announce next month that oh, actually, all 80 million were compromised.
And then they’ll come back a month later and say “oh, and another 500 million users, who don’t have an account with us and didn’t even know we were tracking them, yeah they were also compromised”.
Of course, that doesn’t happen every time, but it’s pretty common. I wouldn’t trust Roku to fully know what’s going on yet. There’s a good chance they are assuming it was credential stuffing but don’t actually have proof of that. Hackers usually try to cover their tracks which makes any investigation difficult.