A Roblox hacker bribed his way into the backend of the game, gaining access to personal information on more than 100 million monthly active users. The company claims that only a "very small amount of customers" were impacted by this and that they have been contacted by the company.
Vice spoke with the hacker in question. According to this anonymous individual, the hacker began with paying insiders to do user data lookups. From there, the hacker targeted a customer support representative — the sort of person who would naturally have access to an awful lot of confidential user information.
The best evidence to date shows that this wasn't the result of any kind of technical vulnerability. Rather, this was a social engineering attack; the targeted employee was either deceived or convinced to grant access to the Roblox backend.
Are You Affected by the Roblox Hacker?
If you're wondering whether or not you may have been affected by the Roblox Hacker, you can probably rest easy. According to a spokesman for the company, only a handful of people were actually affected.
"We immediately took action to address the issue and individually notified the very small amount of customers who were impacted," a company representative told Vice.
While the number of people who were actually affected is quite small, it doesn't change the fact that access to customer data was available to an unauthorized person for an unknown amount of time. It's a good idea to change your passwords every now and again anyway, so you probably should change your Roblox password as well (and keep an eye on your credit card statement and in-game inventory) just to be safe.
What do you think of the Roblox hacker? Do you think companies can do better at defending against social engineering attacks? Let us know in the comments below!