Internal Roblox documents posted online after employee phishing scam

pcgamesn.com:

A hacker has posted four gigabytes of internal documents that reveal personal information about Roblox creators after a successful phishing scam, Vice’s Motherboard reports. Roblox said a group of cyber criminals targeted a specific employee as part of an extortion attempt against the platform, which is valued at over $68 billion and, at the end of 2021, had approximately 50 million active users daily.

The documents appear to share personal information connected to Roblox creators, such as email addresses, though Roblox did not disclose how much the perpetrators are demanding in return or how the company plans to address the issue.

“These stolen documents were illegally obtained as part of an extortion scheme that we refused to cooperate with,” a Roblox representative told Motherboard. “We acted quickly upon learning of the incident, engaged independent experts to complement our information security team and have tuned our systems to seek to detect and prevent similar attempts.”

The statement also said the hackers used “highly personalized scare tactics” to obtain the documents, which reportedly totaled 4GB.

This breach comes in the wake of ongoing conversations about safety in the metaverse, including Roblox’s own efforts to keep its users – most of whom are children, a report from Reuters shows – safe. These usually revolve around curating in-game interactions, but the company has shared less information about steps it takes to protect its creators.

Because Roblox allows users to create their own in-platform experiences, many Roblox creators are young, aspiring developers. However, the teams behind the platform’s biggest experiences are significantly larger, and some of these experiences can earn as much as $50 million