Roblox Developers Conference Attendees’ Data Breached

If you have attended the Roblox Developers Conference between 2017 and 2020, your data has likely been breached. As reported, the RDC data breach exposed personally identifiable information of the conference attendees. Notably, the incident remained hidden for about two years, only to grab attention lately.

Breached Data Affecting Roblox Developers Conference Remained Undetected

In a recent tweet, Troy hunt of HaveIBeenPwned disclosed a data breach incident affected the Roblox Developers Conference.

Hunt basically shared a message that he received from one of the conferences’ attendees, who mentioned about receiving a WhatsApp message from a random person who found his details via his username.

In a subsequent tweet, Hunt revealed that the breached data includes details of thousands of developers who attended the Roblox Developers Conference 2017-2020. It turned out that he received separate messages from different individuals reporting this data breach.

While the actual account of affected individuals remains unclear, Hunt estimates nearly 4000 accounts (precisely, 2943 accounts) to have suffered the incident.

According to the details put up on HIBP website, the list of attendees appeared on a forum containing PII data of the developers (usernames, full names, email address, birth dates, phone numbers, IP addresses, physical addresses, and even the T-shirt sizes.

The email shared in Hunt’s tweet also explained that the incident remained unreported for years, until recently when the breached data list reappeared on a forum and caught attention.

Consequently, the news compelled Roblox to acknowledge the incident and report the affected individuals about it via emails. The firm assured Hunt about informing the affected individuals following his report about the breach. Hunt also shared Roblox’s emails in his tweet while sharing the statement provided to him (mentioned below).

Roblox has now contacted everyone affected. Minimally affected users just got a sorry email. For more seriously affected users they got a year of identity protection and an apology for everyone else.

Affected individuals must check for their details to have appeared in this breach and take necessary protection measures. Specifically, users – including developers – must practice caution when sharing their personal details online. Moreover, users must monitor their financial statements for any suspicious activities.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients