Roblox hacker posts stolen documents online
The company said that it has been investigating a phishing incident in which an employee was targeted through social engineering
A hacker has reportedly posted several internal documents online stolen from a Roblox employee, which the company said were stolen by cyber criminals through social engineering tactics.
The documents appear to contain personal information of multiple individuals and relate to some of the most popular games and creators on the platform, as reported by Motherboard.
The hacker behind the attack released a 4GB archive of documents and posted a selection of images in a Roblox forum post. The files include email addresses, identification documents, and spreadsheets which appear to relate to creators from Roblox.
RELATED RESOURCE
Roblox is a platform that allows users to create and design their own games or worlds and play other users’ games while deploying microtransactions to monetise them. It’s worth around $68 billion and the company has claimed in the past that half of all children in the US play it in some form.
“Roblox has been actively investigating a phishing incident, which involved a Roblox employee being targeted by cyber criminals through social engineering tactics and using highly personalised scare tactics,” a Roblox spokesperson told IT Pro. “These stolen documents were illegally obtained as part of an extortion scheme that we refused to cooperate with. We acted quickly upon learning of the incident, engaged independent experts to complement our information security team and have tuned our systems to seek to detect and prevent similar attempts.”
This isn’t the first time the gaming platform has been targeted by hackers, as in 2020 a hacker bribed a Roblox employee to gain access to its back-end customer support panel. This allowed them to look up the personal information of over 100 million users and grant virtual in-game currency. The hacker was able to see users’ email addresses and change their passwords too. They could also ban users and remove two-factor authentication from their accounts.
Meanwhile, Bandai Namco, a video gaming giant, confirmed last week it had been the victim of a cyber attack. The organisation confirmed that several of its companies in Asian regions were breached by a third party on 3 July 2022. Some reports claimed that a ransomware group, that uses the names AlphV and BlackCat, were behind a large ransomware attack on the gaming company.
-
Google issues warning over ShinyHunters-branded vishing campaignsNews Related groups are stealing data through voice phishing and fake credential harvesting websites
-
Thousands of Microsoft Teams users are being targeted in a new phishing campaignNews Microsoft Teams users should be on the alert, according to researchers at Check Point
-
Microsoft warns of rising AitM phishing attacks on energy sectorNews The campaign abused SharePoint file sharing services to deliver phishing payloads and altered inbox rules to maintain persistence
-
Warning issued as surge in OAuth device code phishing leads to M365 account takeoversNews Successful attacks enable full M365 account access, opening the door to data theft, lateral movement, and persistent compromise
-
Amazon CSO Stephen Schmidt says the company has rejected more than 1,800 fake North Korean job applicants in 18 months – but one managed to slip through the netNews Analysis from Amazon highlights the growing scale of North Korean-backed "fake IT worker" campaigns
-
Complacent Gen Z and Millennial workers are more likely to be duped by social engineering attacksNews Overconfidence and a lack of security training are putting organizations at risk
-
Hackers are abusing ConnectWise ScreenConnect, againNews A new spear phishing campaign has targeted more than 900 organizations with fake invitations from platforms like Zoom and Microsoft Teams.
-
The Allianz Life data breach just took a huge turn for the worseNews Around 1.1 million Allianz Life customers are believed to have been impacted in a recent data breach, making up the vast majority of the insurer's North American customers.
