Delicate data figuring out hundreds of Roblox creators has been uncovered following an information breach impacting attendees at a convention for Roblox builders, which allegedly remained undisclosed by the corporate for not less than two years. As reported by PC Gamer, the leak accommodates private data from individuals who attended the Roblox Developer Convention between 2017-2020, together with names, usernames, date of start, bodily addresses, e-mail addresses, IP addresses, telephone numbers, and even T-shirt sizes.
“Roblox is conscious of a third-party safety subject the place there have been indications of unauthorized entry to restricted private data of a subset of our creator neighborhood,” mentioned a Roblox spokesperson to PC Gamer. “We engaged impartial specialists to help the investigation led by our data safety crew. Those that are impacted will obtain an e-mail speaking the following steps we’re taking to help them. We’ll proceed to be vigilant in monitoring and vetting the cyber safety posture of Roblox and our third-party distributors.”
Troy Hunt, creator of the web site Have I Been Pwned, introduced consideration to the leak on July 18th after “a number of folks” notified him that the personal knowledge had been printed on-line. In keeping with one in every of Hunt’s sources, the preliminary knowledge breach dates again to 2021, however didn’t unfold past “area of interest dishonest communities inside Roblox.” The supply additionally claims that an undisclosed variety of “high-profile customers” impacted by the leak have began receiving malicious calls, texts, and emails. As famous by PC Sportr, the figuring out knowledge leaked opens up people to all types of scams and harassment, together with id theft.
Have I Been Pwned reports that the unique breach might have occurred even earlier on December 18th, 2020, and that 3,943 Roblox accounts have been compromised. Roblox didn’t publicly disclose the breach till this week. “Roblox has now contacted everybody affected,” mentioned the corporate in an announcement despatched to Hunt. “Minimally affected customers simply bought a sorry e-mail. For extra severely affected customers they bought a 12 months of id safety and an apology for everybody else.”
We’ve reached out to Roblox to make clear when the preliminary breach occurred, and if the corporate had beforehand notified particular person account holders impacted by the leak. We’ll replace this story ought to we hear again.
Given the delicate nature of the leaked knowledge, the influence of this may very well be particularly nefarious when you think about that youngsters as young as 13 are permitted to hitch Roblox’s Developer program. The gaming platform isn’t designed particularly for kids, but it surely is extremely popular with minors. In keeping with the corporate’s Q1 earnings report for 2023, 43 p.c of the platform’s 66.1 million each day energetic customers are underneath 13.