A hacker has posted what appears to be a cache of internal documents stolen from an employee who works for the massively popular gaming platform Roblox, according to the material reviewed by Motherboard. The publication of the documents is part of an extortion effort against Roblox, according to the forum post and a statement from Roblox.
The documents themselves appear to relate to some of the most popular games and creators on the platform, and also include personal information of multiple individuals.
“These stolen documents were illegally obtained as part of an extortion scheme that we refused to cooperate with. We acted quickly upon learning of the incident, engaged independent experts to complement our information security team and have tuned our systems to seek to detect and prevent similar attempts,” Roblox told Motherboard in a statement.
Do you know anything else about this hack or the documents? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email email@example.com.
Roblox is a gaming juggernaut, valued at around $68 billion and which half of all children in the U.S. play in some form. The platform lets creators make their own games and virtual worlds on the Roblox platform and then implement microtransactions to monetize them.
The hacker released a 4GB archive of documents and posted a selection of images in the forum post itself. They include email addresses, identification documents, and spreadsheets that appear to relate to Roblox-focused creators.
Motherboard has previously reported on hackers that have targeted the Roblox company and its workers, including one who bribed a Roblox insider to then access user data. Motherboard has also reported extensively on the ecosystem of hackers and traders around Roblox that steals in-game items and then pedals them for a profit.
This latest breach falls more squarely into the first camp. Roblox’s statement added that “Roblox has been actively investigating a phishing incident, which involved a Roblox employee being targeted by cyber criminals [through social engineering tactics/using highly personalized scare tactics].”
This post has been read 67 times!