Roblox data leak exposes sensitive user information of about 4,000 developers

Popular gaming platform Roblox has suffered a major data leak resulting in almost 4,000 developers’ personal, identifiable information being made publicly available.

The information reportedly includes the names, phone numbers, email addresses, dates of birth, and physical addresses of attendees of the Roblox Developers Conferences held between 2017 and 2020.

“Roblox is aware of a third-party security issue where there were indications of unauthorized access to limited personal information of a subset of our creator community,” a Roblox Corporation spokesperson said in a statement issued to PC Gamer.

“We engaged independent experts to support the investigation led by our information security team. Those who are impacted will receive an email communicating the next steps we are taking to support them. We will continue to be vigilant in monitoring and vetting the cyber security posture of Roblox and our third-party vendors.”

According to a source who contacted the website haveibeenpwned, the data breach occurred in 2021 but seemingly didn’t spread beyond niche Roblox communities until it was republished on a forum this month.

The leak reportedly includes varying degrees of information on all invitees and attendees of the Roblox developer conferences over a four-year period, some of whom have since been victims of targeted social engineering attacks using the data.

It’s unclear when Roblox first became aware of the data breach and how soon it began disclosing the leak to those who were affected.

“Roblox has now contacted everyone affected,” it said in a statement to haveibeenpwned creator Troy Hunt. “Minimally affected users just got a sorry email. For more seriously affected users they got a year of identity protection and an apology for everyone else.”