Old Roblox Data Leak Resurfaces, 4000 Users’ Personal Information Exposed


A data breach affecting the online game platform Roblox has exposed sensitive information from thousands of users.

Troy Hunt, founder of the website ‘Have I Been Pwned,’ first alerted on Twitter on July 18, 2023, about a potential leak impacting attendees of the 2017-2020 Roblox Developers Conferences. He said he has “the data and have been contacted by multiple people about it.”

The next day, the Twitter account @Roblox_RTC also reported on the leak.

The leaked list was shared in CSV format and contained 4000 unique email addresses, alongside personal details such as names, usernames, dates of birth, phone numbers and physical and IP addresses.

One source told Hunt that the leak was initially posted in 2021 but “didn’t spread beyond niche cheating communities within Roblox” and that “Roblox never publicly disclosed this leak or alerted those affected.”

According to this source, the leak was recently re-published on a public hacking forum, where it gained much more attention. “Already, high-profile users have started receiving malicious calls, texts and emails due to the leak,” that person continued.

Contacted by Hunt, Roblox Corporation confirmed the leak on July 20 and said that it sent an email to all Roblox developers with the following message:

“Roblox was recently made aware that there was unauthorized access to select Roblox user emails from a 2017–2020 Roblox Developer Conference invitation list.

We want to let you know that your contact information below was included among the accessed data: Full Name, Address, Email, Phone number, Date of Birth & IP.

Out of an abundance of caution, we will provide you with a one-year subscription to an identity theft protection tool. In order to get started, please reply to this email.

Maintaining the security of your personal information is of utmost importance to us, and we have made efforts to ensure this type of incident is avoided in the future.”

Roblox also told Hunt that “seriously affected users got a year of identity protection.”





Source link