Roblox

Roblox announced late last week that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer Conference attendees.

Roblox is an online gaming and game creation platform popular among younger audiences that design, create, and share games with a large community of over 200 million active users.

The company hosts an annual Roblox Developer Conference (RDC) event that helps developers network, learn, and share knowledge with others through workshops and new tool presentations.

The gaming platform recently learned that FNTech, the vendor handling the registration process for those conference events, had been breached, with someone gaining unauthorized access to its systems.

“A Roblox vendor recently notified us that there had been unauthorized access to a subset of Roblox user information from a 2022-2024 Roblox Developer Conference registration list via its website,” reads a notice published on X.

Roblox notice
Roblox notice
Source: X

The data stolen from FNTech’s systems includes conference attendee’s full names, email addresses, and IP addresses.

The breach has also been added to the data breach notification service Have I Been Pwned (HIBP), which reports that 10,386 unique email addresses are included in the exposed set. HIBP says 63% (6,500) of the compromised email addresses are new (not exposed previously).

On a related note, in July 2023, HIBP added nearly 4,000 Roblox developer accounts who were, again, RDC attendees and whose data was leaked on a hacker forum. However, that set appeared to come from an older 2021 breach, exposing RDC attendees between 2017 and 2020.

Although the latest data breach does not immediately put impacted Roblox developers at risk, the exposed information elevates the potential for targeted phishing attacks.

Roblox concludes its statement by saying that it has taken steps to ensure that a similar data exposure will not occur in the future.

Due to its community size and lively economic activity, Roblox and its users have been targeted by hackers several times in the past.

In November 2022, over 200,000 users installed a malicious Chrome extension named SearchBlox, which contained credential-stealing code for Roblox accounts.

Source: www.bleepingcomputer.com