Roblox employees are at risk of being cybercrime victims.
The popular online game platform for children suffered a major cybersecurity breach that leaked the data of around 4000 employees, exposing them to cyber-attacks and more.
Roblox is aware of the attack and is doing all it can to investigate how it happened and contact those impacted by it.
Roblox Data Breach Details
Roblox's data breach was first spotted by Troy Hunt, creator of the website Have I Been Pwned, which allows you to see if one's personal information was leaked online, per VG247. According to Hunt, who posted his findings on Twitter, the leak impacted the attendees of the Roblox Developer Conference (RDC) from 2017 to 2020 and was revealed on a now-deleted forum post.
Unfortunately, the post remained long enough for several bad actors to grab the info and do something with the ill-gotten data. According to PC Gamer, the data was stolen on Dec. 18, 2020, with the information becoming available on the forum on July 18. However, the data got spread around niche Roblox spaces around 2021, meaning that people have been sharing the leaked data since then.
In total, 3,943 accounts were compromised by the leak, which contained their full names, birthdate, mail, phone, address, and IPs, even their t-shirt size. Roblox never publicly disclosed any information about the leak or alerted those affected - an illegal act in California, where the company is based.
As a result of Roblox's decision, many people that went to the RDC from 2017 to 2020 were unaware that bad actors could access their personal addresses and phone numbers, turning them into victims of targeted social engineering schemes.
For those unaware, a social engineering scheme involves manipulation techniques that exploit human error to lure unsuspecting users into exposing data, spreading malware infections, or giving access to restricted systems, per Kaspersky.
Unfortunately, the amount and type of data leaked also allowed bad actors to impersonate someone online, opening them up to identity theft and scams. Hunt advises those who are affected to enable two-factor authentication on all their accounts and keep a close eye on their bank transactions for some time.
Roblox's Response
A Roblox spokesperson stated via an email to PC Gamer that the company is aware of a third-party security issue where there were "indications of unauthorized access" to limited personal information of a subset of its creator community. As such, it engaged independent experts to support the investigation led by the company's information security team.
The company has allegedly sent an email to the people affected by the leak that detailed the next steps it is taking to support them. The spokesperson added that Roblox will continue to be vigilant in monitoring and vetting its third-party vendors' and its own cybersecurity posture.
Interestingly enough, the company sent sorry emails to "minimally affected users," while those who were more seriously affected got a year of identity protection and an apology. Roblox has since made no further comment about the issue on the official Roblox or Roblox developer accounts.
Related Article : Meta Quest VR Headsets Will Start Support for Roblox Soon