Roblox security breach: what it means, scams and everyone affected
This security issue will affect approximately 4,000 users and developers who attended the Roblox Developer Conference between 2017 and 2020.
The popular online gaming platform Roblox has suffered a major data breach, exposing the personal information of nearly 4,000 developers who attended the Roblox Developer Conference between 2017 and 2020. The leaked information includes names, phone numbers, email addresses, dates of birth, and physical addresses, including each person’s T-shirt size.
Roblox’s response to the data breach
The breach was first reported by the website haveibeenpwned. The site says that the original date of the breach was December 18, 2020, and that the information became available on July 18, 2023. So far, Roblox has acknowledged the data breach, but has not provided any details about how it occurred. The company has said that it “engaged independent experts to support the investigation” and that it “will continue to be vigilant in monitoring and vetting the cyber security posture of Roblox and our third-party vendors.”
“Roblox is aware of a third-party security issue where there were indications of unauthorized access to limited personal information of a subset of our creator community,” said a Roblox spokesperson via email (via PC Gamer). “We engaged independent experts to support the investigation led by our information security team. Those who are impacted will receive an email communicating the next steps we are taking to support them. We will continue to be vigilant in monitoring and vetting the cyber security posture of Roblox and our third-party vendors.”
Investigation about this, Troy Hunt, the engineer behind the site haveibeenpwned, found that this leak has been around since 2021, but had remained within the Roblox communities. However, this leak appeared on a public forum a few days ago. Hunt received an email from Roblox stating that “Roblox has now contacted everyone affected. Minimally affected users just got a sorry email. For more seriously affected users they got a year of identity protection and an apology for everyone else. Attached are screenshots of those emails.”