July 8, 2024 at 10:01AM
Roblox disclosed a data breach affecting attendees of its 2022-2024 Developer Conferences. The breach involved vendor FNTech’s systems being compromised, revealing attendees’ full names, email addresses, and IP addresses. Though not immediately risky, the exposed data raises phishing attack potential. Roblox has taken measures to prevent future breaches, acknowledging previous hack attempts due to its large user base.
Based on the meeting notes, the key takeaways are:
1. Roblox suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer Conference events, with unauthorized access to conference attendee information from FNTech’s systems, including full names, email addresses, and IP addresses.
2. The breach has resulted in approximately 10,386 unique email addresses being exposed, with 63% being new email addresses not previously exposed, as reported by Have I Been Pwned (HIBP).
3. It’s noted that a previous data breach in July 2023 exposed nearly 4,000 Roblox developer accounts from older RDC events, which included data leaked on a hacker forum from a 2021 breach impacting RDC attendees between 2017 and 2020.
4. While the latest data breach does not immediately put impacted Roblox developers at risk, it heightens the potential for targeted phishing attacks.
5. Roblox has taken steps to ensure that similar data exposures will not occur in the future, and the company has been targeted by hackers in the past, including instances such as the installation of a malicious Chrome extension containing credential-stealing code for Roblox accounts in November 2022.