People who attended Roblox developer conferences over the past three years have just had their sensitive data leaked onto the dark web.
Roblox is a game development platform used by about 200 million people. Every year, the Roblox Developer Conference (RDC) is held, where developers and players come together to share experiences, learn, and have fun. To register attendees for the conference events, Roblox hired FNTech, an event planning service provider.
Now, this company was apparently the victim of a security breach and its sensitive data was stolen. Roblox confirmed the news through a brief announcement posted on X. Computer beeping found.
New directions
“We were recently notified by a Roblox vendor that there was unauthorized access to a subset of Roblox user information from a 2022-2024 Roblox Developer Conference registration list via their website,” the announcement reads.
The identity of the hackers is not known at this time, but the company confirmed that they obtained people's full names, email addresses, and IP addresses. This information was added to HaveIBeenPwned?, a data breach notification service. This service claims to have added 10,386 unique email addresses, suggesting that this is also the number of people affected by the breach.
Nearly two-thirds of these addresses (63%), 6,500, are new and have not been previously exhibited. They belong to attendees in 2022, 2023 and 2024.
Truth be told, stealing “just” names and email addresses isn’t the most devastating breach, but it can still prove useful to hackers. Knowing that their targets are most likely young people interested in gaming and game development, hackers can run very convincing phishing campaigns, deploying malware and different information stealers.
Gamers are also often interested in cryptocurrencies, and by deploying an info stealer, hackers could also empty people's wallets, especially those connected to their browsers, such as MetaMask.