October 3, 2023

Roblox has suffered a major data breach, leading to the release of personal information, including addresses from those who attended the Roblox Developer Conference between 2017-2020.

The leak contains almost 4,000 names, phone numbers, email addresses, dates of birth, and physical addresses. Such identifying information is gold dust for bad actors and raises serious questions about the data security of one of the largest gaming platforms around.

Roblox is aware of a third-party security issue where there were indications of unauthorized access to limited personal information of a subset of our creator community. We engaged independent experts to support the investigation led by our information security team. Those who are impacted will receive an email communicating the next steps we are taking to support them. We will continue to be vigilant in monitoring and vetting the cyber security posture of Roblox and our third-party vendors.

Roblex Statement

The website haveibeenpwned that the original breach date was 18 December 2020, with the information becoming available on 18 July 2023, with a total of 3,943 compromised accounts. The site notes that as well as all the above information, the leak even includes each individual’s t-shirt size.


Troy Hunt, the engineer behind haveibeenpwned, said the leak was posted in 2021 but according to an unnamed source didn’t spread outside of niche Roblox communities, while at the time the company did not publicly disclose the leak or alert anyone affected. The leak then appeared on a public forum a few days ago.

Roblox has now contacted everyone affected,” said the company in a statement sent to Hunt. “Minimally affected users just got a sorry email. For more seriously affected users, they got a year of identity protection and an apology for everyone else.” There’s been no further comment on the official Roblox or Roblox developer accounts.

Leave a Reply

%d bloggers like this: