American video game giant Roblox has reported a data breach stemming from a third-party service provider that helps host its annual Developer Conference. Result? Data related to its in-person and online attendees registered through the third-party’s platform in the last two years leaked.
Roblox Corp. is an American video game developer based in San Mateo, California. Founded in 2004 by David Baszucki and Erik Cassel, the company is the developer of Roblox, which was released in 2006. As of December 2023, the company employs over 2,400 people.
The gaming company has an average monthly user base of 214 million players and makes around $7 million per day from a user base that is primarily youngsters below the age of 16 years. In fact, 21% of its users are aged between 9 and 12 years.
Roblox Developers Conference Data Leak
Roblox on Friday notified all developers who registered on its FNTech platform about a recent data breach. FNTech is advertised on its website as a one-stop shop for everything related to in-person, virtual and hybrid events.
Roblox said an “unauthorized” actor intruded its third-party’s systems and accessed a subset of user information from a Roblox Developer Conference registration list from there. Roblox said the details compromised likely contained the Developer Conferences users full names, email addresses and IP addresses that were possibly collected for users attending the conference via the hybrid option.
Roblox did not confirm if any other data or if its own systems were affected in a supply chain-type attack but said it has “made efforts to ensure this type of incident is avoided in the future.” What measures were implemented remains unclear. The Roblox Developer Conference 2024 will be hosted in San Jose, California on September 6-7.
Gamers often have valuable virtual assets and in-game purchases linked to their accounts. Hackers exploit vulnerabilities in servers and platforms to steal the data, which can be sold in the underground market.
Recently, two prominent online gaming platforms in India, Teenpatti.com and Mobile Premier League (MPL.live), allegedly experienced data breaches. Similarly, Fortnite and Insomniac games also experienced breaches from ransomware actors, which shows a steady interest by threat actors in the gaming sector that has largely been off the radar until now.