Roblox, a prominent gaming platform, experienced a significant data breach where personal information, including addresses, of attendees at the Roblox Developer Conference between 2017 and 2020 was exposed. The breach affected almost 4,000 individuals and included sensitive details such as names, phone numbers, email addresses, dates of birth, physical addresses, and even t-shirt sizes. The leak occurred on December 18, 2020, but the information became publicly available on July 18, 2023.
A spokesperson for Roblox acknowledged the breach and stated that unauthorized access to limited personal information of a portion of their creator community had occurred. The company engaged independent experts to investigate the issue and is taking steps to support those impacted. However, concerns have been raised about the platform's data security measures, especially considering the potential for identity theft and scams due to the extensive amount of leaked data.
Roblox did not publicly disclose the breach when it initially happened, and the leaked information remained confined to certain Roblox communities until recently when it was posted on a public forum. The implications of the leak are severe for those affected, with risks of identity impersonation and other malicious activities.
As a response to the breach, Roblox has contacted all impacted users. Less severely affected individuals received an apology email, while those more seriously affected were offered a year of identity protection along with an apology. The company has not provided any further comments on the matter via their official accounts. Concerned users are advised to check if their information was compromised using the haveibeenpwned website and implement additional security measures, such as enabling two-factor authentication and closely monitoring bank transactions.