Business, News, Security

Info from 4000 Roblox devs left exposed for two years in data breach

Robin-Leigh Chetty

21st July 2023

The personal information of more than 4 000 Roblox developers were left exposed in a recently discovered data breach.
The breach steams from data that was left exposed from the Roblox Developer Conference between 2017 to 2020.
The information included names, usernames, dates of birth, physical addresses, email addresses, IP addresses, phone numbers, and T-shirt sizes.

If you’re a Roblox developer or creator, it may be worth noting where you were between 2017 to 2020. This as a recently discovered data breach relating to the wildly popular kid’s game has seen the data of more than 4 000 developers exposed.

The personal information is linked to the Roblox Developer Conference, specifically between 2017 to 2020, with said data reportedly left undisclosed for two years.

According to PC Gamer, the breadth of personal information that was left exposed is rather extensive, including, names, usernames, dates of birth, physical addresses, email addresses, IP addresses, phone numbers, and attendees’ T-shirt sizes too.

As the publication notes, this data breach brings into question the types of security measures that are in place, especially given the young demographic of users that play Roblox.

“Roblox is aware of a third-party security issue where there were indications of unauthorized access to limited personal information of a subset of our creator community,” an unnamed spokesperson told PC Gamer in an email.

“We engaged independent experts to support the investigation led by our information security team. Those who are impacted will receive an email communicating the next steps we are taking to support them. We will continue to be vigilant in monitoring and vetting the cyber security posture of Roblox and our third-party vendors,” they added.

For all intents and purposes then, the company believes the data breach has been resolved, but given how strictly such instances are monitored by regulators these days, it will be interesting to see whether any legal action or fines will come into effect.

Hi folks, anyone seen any commentary about this @Roblox incident? I have the data and have been contacted by multiple people about it, DM me if you have a link to any further discussion on it (or other info). pic.twitter.com/giBH1UBrXn
— Troy Hunt (@troyhunt) July 18, 2023

HaveIBeenPwned’s Troy Hunt was also been some investigating into this breach, discovering that the original date breach was on 18th December 2020, while the information became available on 18th July 2023, and as many as 3 943 accounts were compromised as a result.

While it is unclear what the fallout from this will be from this incident, as a general rule of thumb, those concerned should check out the HaveIBeenPwned site to check whether this breach, or any other recent one, has impacted them.

If you do have a Roblox account, it is also a good idea to update your passwords, and implement two-factor authentication were possible on your account.

About Author

Robin-Leigh Chetty

Editor of Hypertext. Covers smartphones, IoT, 5G, cloud computing and a few things in between. Also a keen photographer and dabbles in console games when not taking the hatchet to stories.