Roblox Corp has apparently suffered a major data breach that leaked the personal details of nearly 4000 past and present workers – including names, addresses, dates of birth, and IP addresses.
According to reporting from PC Gamer and details shared by Have I Been Pwned’s Troy Hunt, this data leak comes from information gathered for a Roblox Developer’s Conference and has been circulating for a while; it was first detected by Have I Been Pwned in December 2020 and made the rounds in Roblox-centered spaces in 2021. However, it was only a few days ago when those details resurfaced once again on an undisclosed random hacker forum.
The forum post has since been taken down, but it looks like the damage has already been done. Hunt has also shared an email from a dev who reports that high-profile users have started receiving malicious calls, texts, and emails, along with other devs’ details being used in “targeted social engineering schemes.”
In response, Roblox Corp is providing coverage to affected employees by giving them a year of identity protection, along with an apology email to those who were minimally affected. Whether that’s enough of a response is certainly up for debate, particularly since this breach has been out in the wilds long enough to likely cause incredible amounts of harm to employees.
Looks like @Roblox has now disclosed, sent to me with the following explanation:
“Roblox has now contacted everyone affected. Minimally affected users just got a sorry email. For more seriously affected users they got a year of identity protection and an apology for everyone… pic.twitter.com/0bNji72Wwv
— Troy Hunt (@troyhunt) July 19, 2023
