View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 19, 2022updated 05 Aug 2022 6:55am

Roblox user data leaked online after failed extortion attack

Popular platform says it has refused to meet demands of hackers who leaked information on gamers.

By Claudia Glover

Roblox has seen user data leaked online after a failed data extortion attack by an unknown cybercriminal. The leak of four gigabytes of documents apparently from the gaming company includes emails and spreadsheets on several games on the platform, as well as personal data of individual users. Roblox says it has not complied with the hacker’s demands for payment to return the information.

Roblox hack
Roblox is one of the world’s biggest gaming platforms (Photo by Imgorthand/iStock)

A selection of the stolen data has been posted by the hacker on a dark web forum, which was obtained from a Roblox employee in a social engineering attack, according to a report by Vice.

“These stolen documents were illegally obtained as part of an extortion scheme that we refused to cooperate with,” Roblox said. “We acted quickly upon learning of the incident, engaged independent experts to complement our information security team and have tuned our systems to seek to detect and prevent similar attempts.”

Roblox is one of the world’s largest gaming platforms, with more than 37 million daily users. It allows creators to develop their own games within the company’s universe, which can be monetised through microtransactions between gamers using the company’s digital currency, Robux. The company generated revenue of $1.9bn in 2021.

Roblox hack: other gaming platforms targeted

Gaming companies have long been a popular target for online criminals. In 2011, one of the biggest data breaches of all time hit users of Sony’s PlayStation Network online system, with the personal information of 77m gamers being leaked following a cyberattack. It led to a 23-day outage for the service.

Indeed, Roblox itself has been hit by hackers before. In 2020, Vice reported that one of the company’s employees had been bribed by a cybercriminal to allow them access to the company’s back-end system, where they could find information on users.

Earlier this month gaming giant Bandai Namco, creator of titles including PacMan, Tekken and Dark Souls, suffered a data leak similar to that experienced by Roblox. Bandai Namco said it “experienced an unauthorised access by a third-party to the internal systems of several group companies in Asia (excluding Japan)”. It added that investigations into the extent of the leak were ongoing.

Ransomware gang ALPHV, also known as BlackCat, took credit for Bandai Namco’s hack a week later, posting the name of the company to its dark web blog.

Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit NSMG.live.

Read more: How AI will extend the scale and sophistication of cybercrime

Topics in this article:
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU