Motherboard reports that a hacker had bribed a Roblox insider to access the data of over 100 million users.
“I did this only to prove a point to them,” the hacker told Motherboard in an online chat. Motherboard granted the hacker anonymity to speak more candidly about a criminal incident.
Beyond just viewing user data, the hacker was able to reset passwords and change user data too […] The hacker said they changed the password for two accounts and sold their items. One of the screenshots appears to show the successful change of two-factor authentication settings […]
Proving a point my a**. This person tried to claim a bug bounty from Roblox. They denied it because he/she acted “more maliciously than a legitimate security researcher.” He messed with the accounts after denial, so his point was revenge.
Update: A Roblox spokesperson informed me that only a small amount of customers were affected, not 100 million, and immediate action was taken to address the issue. Additionally, it was a Roblox insider and not an employee.
Check It Out: Hacker Bribed Roblox Insider to Access Kids’ Data