People who have attended Roblox developer conferences over the past three years have just seen their sensitive data leaked onto the dark web.
Roblox is a gaming and game development platform used by around 200 million people. Every year, Roblox hosts the Roblox Developer Conference (RDC), where developers and players come together to share experiences, learn, and have fun. To register attendees for conference events, Roblox turned to FNTech, an event planning service provider.
Now, this company has apparently been hacked and the sensitive data it possessed has been stolen. Roblox confirmed the news via a short announcement posted on X, BleepingComputer found it.
New addresses
“A Roblox vendor recently notified us that some Roblox user information from a registration list for the 2022-2024 Roblox Developer Conference had been accessed unauthorized via its website,” the announcement reads.
The identities of the hackers are currently unknown, but the company confirmed that they had obtained people’s full names, email addresses, and IP addresses. This information has since been added to HaveIBeenPwned?, a data breach reporting service. The service states that it has added 10,386 unique email addresses, suggesting that this is also the number of people affected by the breach.
Nearly two-thirds of those addresses (63%), 6,500, are new and have not been exposed before. They belong to the 2022, 2023 and 2024 participants.
To be fair, stealing “just” names and email addresses isn’t the most devastating breach, but it can still be useful for hackers. Knowing that their targets are likely to be younger people interested in gaming and game development, hackers can run very convincing phishing campaigns, deploying malware and various infostealers.
Gamers are also often interested in cryptocurrencies. By deploying an infostealer, hackers can also empty people’s wallets, especially those connected to their browser, such as MetaMask.