Roblox devs and fans may have had their emails leaked on the dark web

best Roblox games: a Roblox avatar in his own theme park
(Image credit: Roblox Corp., Den_S)

UPDATE: A Roblox spokesperson told us, “Roblox is aware of a third-party security issue where there was unauthorized access to limited personal information of a subset of our creator community. Our information security team quickly engaged the vendor to investigate and contain the issue. Those who were impacted have received an email communication. We will continue to be vigilant in monitoring and remain committed to protecting the privacy of our users.”

Attendees at Roblox developer conferences over the last three years may have had their sensitive data leak on the dark web.

The annual Roblox Developer Conference (RDC) allows developers and players to gather and share experiences, learn, and have fun. To register the attendees for conference events, Roblox brought in FNTech, an event planning service provider.

"A Roblox vendor recently notified us that there had been unauthorized access to a subset of Roblox user information from a 2022-2024 Roblox Developer Conference registration list via its website," a short announcement posted on X said.

New addresses

The identity of the hackers is not known at this time, but the company confirmed that they grabbed people’s full names, email addresses, and IP addresses. This information has since been added to HaveIBeenPwned?, a data breach notification service. This service states it added 10,386 unique email addresses, suggesting that this is also the number of people affected by the breach.

Almost two-thirds of those addresses (63%), 6,500, are new and have not been previously exposed. They belong to the 2022, 2023, and 2024 attendees. 

Truth be told, stealing “just” names and email addresses isn’t the most devastating of breaches, but it can still prove useful to hackers. Knowing their targets are most likely younger people interested in gaming and game development, hackers can run very convincing phishing campaigns, deploying malware and different infostealers. 

Gamers are also often interested in cryptocurrencies, and by deploying an infostealer, hackers could also empty people’s wallets, especially those connected to their browsers, such as MetaMask.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.