Leading gaming platform Roblox suffered a massive data breach, leaking personal information including addresses of people who attended Roblox developer conferences between 2017 and 2020. The leaked information included approximately 4,000 names, phone numbers, email addresses, dates of birth, and physical addresses. Such identifying information is a goldmine for malicious actors and raises serious questions about the data security of one of the world's largest gaming platforms.

"Roblox is aware of a third-party security issue where there were indications of unauthorized access to limited personal information of some of our creator community," a Roblox spokesperson said in an email. 'We have hired independent experts to assist in the investigation led by our information security team. We will be sending an email to those affected informing them of the next steps we are taking to assist them. We will remain vigilant in monitoring and vetting the cybersecurity posture of Roblox and our third-party vendors."

Now, it doesn't appear that Roblox was particularly vigilant here: according to the haveibeenpwned site, the original breach date was December 18, 2020, and the information became available on July 18, 2023, for a total of 3,943 compromised accounts The site has been working with the public to determine the date of the breach. The site notes that the information includes all of the above as well as the size of each individual's T-shirt that was leaked.

For those affected, the implications extend to identity theft and fraud, and the volume of data is particularly worrisome. Other than the above statement, Roblox has made no further comment, and this impact is expected to continue for some time. Those who are concerned should search haveibeenpwned and enable two-factor authentication on all accounts (and be especially careful with banking transactions for a while).

According to Troy Hunt, an engineer at haveibeenpwned, the leak was posted in 2021, but according to unnamed sources, it did not spread outside the niche Roblox community. The leak was posted on a public forum a few days ago.

"Roblox has now contacted all those affected," the company said in a statement sent to Hunt. 'Users who were only slightly affected have received an email apology. For the more severely affected users, there was a one-year identity protection and an apology to the rest." There has been no comment yet from the official Roblox account or the Roblox developer account.