Widevine L1 keys have leaked fairly regularly though and many piracy groups have private L1 keys to allow them to get clean webrips from streaming services. These keys get dumped from a vulnerable device and then don't need to be updated unless that device gets breached publically down the line.