Roblox is one of the most grossing and popular games ever created. It has more than 115 million monthly active users and more than 1.5 billion hours of monthly activity. Back in February, the company raised $150 million to use it in technology and infrastructure development. Lately, a hacker was able to access the game’s user data by bribing a Roblox insider, based on a report by Vox Motherboard. He was able to see personal user’s information and modify it the way he wants.
The hacker was able to see email addresses and change passwords
The anonymous hacker was able to see users’ email addresses and disable two-factor authentication. Furthermore, he had many privileges such as changing passwords, ban users, grant virtual in-game currency, and more. The hacker shared many screenshots with Motherboard that contained users’ personal information. He also accessed popular users account such as the YouTuber Linkmon99 who has about 450K subscriber and popular in the game’s community. Talking to Motherboard, the YouTuber said that his email is secret and only used in Roblox. “There’s no way anyone could’ve found it or other private info regarding my account”, Linkmon99 said. The hacker was able to gain access to the back end customer support panel and shared the following picture.
The hacker said they changed the password for two accounts and sold their items. A spokesman from Roblox told Motherboard that “We immediately took action to address the issue and individually notified the very small amount of customers who were impacted”. In case you are wondering how the hacker did it, he first paid an insider to perform user data lookups for them and then targeted a customer support representative themselves.
He did it to prove a point to Roblox
Roblox said that the hacker also tried to claim a bug bounty from them. The company denied his request because there’s no indication such a vulnerability existed. Furthermore, the company named it as a social engineering attack. Roblox is massively popular between children and exposing their information is a big risk.
