Allegedly stolen Roblox credential trove with 50M records offered for sale

Cybernews reports that online gaming platform Roblox was noted by cybersecurity firm Brinztech to have a database with 50 million login records allegedly pilfered directly from its users peddled for $777 on the dark web.

Aside from including cleartext or poorly hashed user credentials, the data trove was also claimed to include direct URL login paths that could be exploited to circumvent security checks, according to Brinztech researchers. While Roblox has yet to acknowledge the threat actor's claims, such an incident comes after cybersecurity researcher Jeremiah Fowler reported the exposure of 149 million login credentials from Facebook, TikTok, X, Roblox, and other apps believed to have been sourced from information-stealing malware logs. Roblox users and developers have been warned of significant risks stemming from the credential leak.

"Compromising a developer account can lead to the theft of thousands of dollars in pending earnings and the injection of malicious code into popular 'experiences,'" said Brinztech, which advised the immediate implementation of multi-factor authentication and password rotation to prevent potential compromise.