People who visited Roblox developer conferences in the last three years have just had their sensitive data leak on the dark web.
Roblox is a gaming and game development platform used by some 200 million people. Every year, it holds the Roblox Developer Conference (RDC), where devs and players gather to share experiences, learn, and have fun. To register the attendees for conference events, Roblox brought in FNTech, an event planning service provider.
Now, this company was apparently breached, and sensitive data it held was stolen. Roblox confirmed the news via a short announcement posted on X, BleepingComputer found.
New addresses
"A Roblox vendor recently notified us that there had been unauthorized access to a subset of Roblox user information from a 2022-2024 Roblox Developer Conference registration list via its website," the announcement reads.
The identity of the hackers is not known at this time, but the company confirmed that they grabbed people’s full names, email addresses, and IP addresses. This information has since been added to HaveIBeenPwned?, a data breach notification service. This service states it added 10,386 unique email addresses, suggesting that this is also the number of people affected by the breach.
Almost two-thirds of those addresses (63%), 6,500, are new and have not been previously exposed. They belong to the 2022, 2023, and 2024 attendees.
Truth be told, stealing “just” names and email addresses isn’t the most devastating of breaches, but it can still prove useful to hackers. Knowing their targets are most likely younger people interested in gaming and game development, hackers can run very convincing phishing campaigns, deploying malware and different infostealers.
Gamers are also often interested in cryptocurrencies, and by deploying an infostealer, hackers could also empty people’s wallets, especially those connected to their browsers, such as MetaMask.
More from TechRadar Pro
- Huawei ramps up R&D spending in mobile push
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now