Nearly 4,000 Roblox creators had their personal information leaked.
Spotted first by PC Gamer, those who attended the Roblox Developer Conference between 2017 and 2020 had sensitive information, such as email and IP addresses, dates of birth, phone numbers, and even T-shirt sizes, exposed.
Have I Been Pwned, a website that reports on data breaches, said the original data breach dates back to December 18, 2020, with the information becoming publicly available on July 18. The breach impacts 3,943 accounts.
Troy Hunt, an engineer for Have I Been Pwned, chronicled the data breach on Twitter on July 18 when the information became public. Hunt noted Roblox had reached out to those impacted and promised victims that were more seriously affected would receive one year of identity protection.
“Roblox is aware of a third-party security issue where there were indications of unauthorized access to limited personal information of a subset of our creator community.
“Roblox is aware of a third-party security issue where there were indications of unauthorized access to limited personal information of a subset of our creator community. We engaged independent experts to support the investigation led by our information security team,” a Roblox spokesperson told IGN in an email. “Those who were impacted have received an email communicating the next steps we are taking to support them. We will continue to be vigilant in monitoring and vetting the cyber security posture of Roblox and our third-party vendors.”
While payment information was not exposed, personal information such as email addresses can be used for phishing campaigns to obtain further information, such as hacking into online accounts or payment details. Sensitive information being publicly exposed can also leave individuals susceptible to identity theft.
Taylor is a Reporter at IGN. You can follow her on Twitter @TayNixster.