If you have attended the Roblox Developers Conference between 2017 and 2020, your data has likely been breached. As reported, the RDC data breach exposed personally identifiable information of the conference attendees. Notably, the incident remained hidden for about two years, only to grab attention lately.
Breached Data Affecting Roblox Developers Conference Remained Undetected
In a recent tweet, Troy hunt of HaveIBeenPwned disclosed a data breach incident affected the Roblox Developers Conference.
Hunt basically shared a message that he received from one of the conferences’ attendees, who mentioned about receiving a WhatsApp message from a random person who found his details via his username.
Hi folks, anyone seen any commentary about this @Roblox incident? I have the data and have been contacted by multiple people about it, DM me if you have a link to any further discussion on it (or other info). pic.twitter.com/giBH1UBrXn
— Troy Hunt (@troyhunt) July 18, 2023
In a subsequent tweet, Hunt revealed that the breached data includes details of thousands of developers who attended the Roblox Developers Conference 2017-2020. It turned out that he received separate messages from different individuals reporting this data breach.
Email from a different person on this. Looks like the data appeared on a forum, was grabbed by a bunch of people then disappeared. Nearly 4k addresses by my count. pic.twitter.com/fwfeENcAT4
— Troy Hunt (@troyhunt) July 18, 2023
While the actual account of affected individuals remains unclear, Hunt estimates nearly 4000 accounts (precisely, 2943 accounts) to have suffered the incident.
According to the details put up on HIBP website, the list of attendees appeared on a forum containing PII data of the developers (usernames, full names, email address, birth dates, phone numbers, IP addresses, physical addresses, and even the T-shirt sizes.
The email shared in Hunt’s tweet also explained that the incident remained unreported for years, until recently when the breached data list reappeared on a forum and caught attention.
Consequently, the news compelled Roblox to acknowledge the incident and report the affected individuals about it via emails. The firm assured Hunt about informing the affected individuals following his report about the breach. Hunt also shared Roblox’s emails in his tweet while sharing the statement provided to him (mentioned below).
Roblox has now contacted everyone affected. Minimally affected users just got a sorry email. For more seriously affected users they got a year of identity protection and an apology for everyone else.
Looks like @Roblox has now disclosed, sent to me with the following explanation:
“Roblox has now contacted everyone affected. Minimally affected users just got a sorry email. For more seriously affected users they got a year of identity protection and an apology for everyone… pic.twitter.com/0bNji72Wwv
— Troy Hunt (@troyhunt) July 19, 2023
Affected individuals must check for their details to have appeared in this breach and take necessary protection measures. Specifically, users – including developers – must practice caution when sharing their personal details online. Moreover, users must monitor their financial statements for any suspicious activities.
Let us know your thoughts in the comments.
