cyber Breach

Roblox

May 11, 2023 1 min read
Roblox

A hacker bribed a Roblox worker to gain access to the back-end customer support panel.

Roblox is available across PC, Xbox, and mobile devices. Users can create their own games with their platform's engine or play others' creations. Roblox also leans heavily into microtransactions, with users able to buy game passes to access more powers and abilities, or they can purchase cosmetic items for their character with in-game currency.

Roblox game developers can also cash out and earn real money from their creations.

The hacker got the ability to look up personal information on over 100 million active monthly users and grant virtual in-game currency.

The hacker accessed users' email addresses, as well as change passwords, remove two-factor authentication from their accounts, ban users, and more.

The screenshots shared with Motherboard include the personal information of some of the most high-profile users on the platform.

Source: https://www.vice.com/en/article/qj4ddw/hacker-bribed-roblox-insider-accessed-user-data-reset-passwords

TPRM report: https://scoringcyber.rankiteo.com/company/roblox

"id": "rob1952291222",
"linkid": "roblox",
"type": "Breach",
"date": "05/2020",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Over 100 million active monthly '
                                              'users',
                        'industry': 'Gaming',
                        'name': 'Roblox',
                        'type': 'Company'}],
 'attack_vector': 'Social Engineering, Insider Threat',
 'data_breach': {'number_of_records_exposed': 'Over 100 million',
                 'personally_identifiable_information': ['Email Addresses'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Email Addresses',
                                              'Passwords',
                                              'Two-Factor Authentication '
                                              'Settings',
                                              'User Ban Status']},
 'description': 'A hacker bribed a Roblox worker to gain access to the '
                'back-end customer support panel, compromising personal '
                'information of over 100 million active monthly users and '
                'granting virtual in-game currency.',
 'impact': {'data_compromised': ['Email Addresses',
                                 'Passwords',
                                 'Two-Factor Authentication Settings',
                                 'User Ban Status'],
            'systems_affected': ['Customer Support Panel']},
 'initial_access_broker': {'entry_point': 'Bribed Employee',
                           'high_value_targets': ['High-Profile Users on the '
                                                  'Platform']},
 'motivation': 'Financial Gain, Unauthorized Access',
 'post_incident_analysis': {'root_causes': 'Insider Threat, Social '
                                           'Engineering'},
 'references': [{'source': 'Motherboard'}],
 'threat_actor': 'Unknown Hacker',
 'title': 'Roblox Customer Support Panel Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Human Vulnerability'}
Published by
Jeremy C
Jeremy C
You might also like
Ransomware cyber

IdeaLab

public 1 min read
IdeaLab, a California-based technology startup incubator, experienced a data breach in October 2024 where hackers accessed sensitive information. The Hunters…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.