Sensitive information that identifies thousands roblox creators was exposed after a data breach that affected conference attendees for roblox developers, reportedly undisclosed by the company for at least two years. As reported by PC gamerdoes the leak contain personal information of people using the roblox Developer Conference between 2017-2020, including names, usernames, date of birth, physical addresses, email addresses, IP addresses, phone numbers, and even T-shirt sizes.
“roblox is aware of a third party security issue where there was evidence of unauthorized access to restricted personal information of a subset of our creator community,” said a roblox spokesperson PC gamer. “We engaged independent experts to support the investigation led by our information security team. Those affected will receive an email detailing the next steps we are taking to support them. We will remain vigilant in monitoring and vetting the cybersecurity posture of roblox and our third-party suppliers.”
Troy Hunt, creator of the Have I Been Pwned website, brought the leak to attention July 18 after “several people” informed him that the private details had been published online. According to one of Hunt’s sourcesthe first data breach dates back to 2021, but did not spread beyond “niche cheating communities within roblox.The source also claims that an unknown number of “high-profile users” affected by the leak started receiving malicious phone calls, texts and emails. As noted by PC gamer, the leaked identifying data exposes individuals to all kinds of scams and harassment, including identity theft.
Am I pwned reports that the original breach may have occurred even earlier, on December 18, 2020, and that 3,943 roblox accounts have been compromised. roblox made the breach public only this week. “roblox has now contacted all concerned,” the company said in a statement to Hunt. “Minimally affected users just received a sorry email. For more severely affected users, they got a year of identity protection and an apology for everyone else.”
We’ve reached out roblox to clarify when the first breach occurred and whether the company had previously notified individual account holders affected by the breach. We’ll update this story if we hear anything.
Given the sensitive nature of the leaked data, the impact could be particularly damaging when you consider that children as young as 13 may participate robloxDeveloper program. The game platform is not specially designed for children, but it is extremely popular with minors. According to the company Q1 earnings report by 2023, 43 percent of the platform’s 66.1 million daily active users will be under the age of 13.