Roblox hacker posts stolen documents online
The company said that it has been investigating a phishing incident in which an employee was targeted through social engineering


A hacker has reportedly posted several internal documents online stolen from a Roblox employee, which the company said were stolen by cyber criminals through social engineering tactics.
The documents appear to contain personal information of multiple individuals and relate to some of the most popular games and creators on the platform, as reported by Motherboard.
The hacker behind the attack released a 4GB archive of documents and posted a selection of images in a Roblox forum post. The files include email addresses, identification documents, and spreadsheets which appear to relate to creators from Roblox.
RELATED RESOURCE
Roblox is a platform that allows users to create and design their own games or worlds and play other users’ games while deploying microtransactions to monetise them. It’s worth around $68 billion and the company has claimed in the past that half of all children in the US play it in some form.
“Roblox has been actively investigating a phishing incident, which involved a Roblox employee being targeted by cyber criminals through social engineering tactics and using highly personalised scare tactics,” a Roblox spokesperson told IT Pro. “These stolen documents were illegally obtained as part of an extortion scheme that we refused to cooperate with. We acted quickly upon learning of the incident, engaged independent experts to complement our information security team and have tuned our systems to seek to detect and prevent similar attempts.”
This isn’t the first time the gaming platform has been targeted by hackers, as in 2020 a hacker bribed a Roblox employee to gain access to its back-end customer support panel. This allowed them to look up the personal information of over 100 million users and grant virtual in-game currency. The hacker was able to see users’ email addresses and change their passwords too. They could also ban users and remove two-factor authentication from their accounts.
Meanwhile, Bandai Namco, a video gaming giant, confirmed last week it had been the victim of a cyber attack. The organisation confirmed that several of its companies in Asian regions were breached by a third party on 3 July 2022. Some reports claimed that a ransomware group, that uses the names AlphV and BlackCat, were behind a large ransomware attack on the gaming company.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.
-
A new, silent social engineering attack is being used by hackers – and your security systems might not notice until it’s too late
News Security researchers have warned the 'FileFix' technique, which builds on the notorious 'ClickFix' tactic, is being used in the wild by threat actors.
-
The FBI says hackers are using AI voice clones to impersonate US government officials
News The campaign uses AI voice generation to send messages pretending to be from high-ranking figures
-
Employee phishing training is working – but don’t get complacent
News Educating staff on how to avoid phishing attacks can cut the rate by 80%
-
Russian hackers tried to lure diplomats with wine tasting – sound familiar? It’s an update to a previous campaign by the notorious Midnight Blizzard group
News The Midnight Blizzard threat group has been targeting European diplomats with malicious emails offering an invite to wine tasting events, according to Check Point.
-
This hacker group is posing as IT helpdesk workers to target enterprises – and researchers warn its social engineering techniques are exceptionally hard to spot
News The Luna Moth hacker group is ramping up attacks on firms across a range of industries with its 'callback phishing' campaign, according to security researchers.
-
Hackers are using Zoom’s remote control feature to infect devices with malware
News Security experts have issued an alert over a new social engineering campaign using Zoom’s remote control features to take over victim devices.
-
State-sponsored cyber groups are flocking to the 'ClickFix' social engineering technique
News State-sponsored hackers from North Korea, Iran, and Russia are exploiting the ‘ClickFix’ social engineering technique for the first time – and to great success.
-
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attack
Troy Hunt, the security blogger behind data-breach site Have I Been Pwned, has fallen victim to a phishing attack targeting his email subscriber list.