Troy Hunt, the engineer behind haveibeenpwned, said the leak was posted in 2021 but according to an unnamed source didn’t spread outside of niche Roblox communities, while at the time the company did not publicly disclose the leak or alert anyone affected. The leak then appeared on a public forum a few days ago.
“Roblox has now contacted everyone affected," said the company in a statement sent to Hunt. >>>
So they definitely knew about it, and definitely weren’t going to do anything about it, until it became more widely known. Yet another reason to hate this horrible, stupid company. I so wish I could convince my daughter to drop Roblox. I’ve even offered to pay for a private Minecraft server for her and all her friends.
Isn’t it illegal to not disclose about a potential data breach?
I’m no expert but, in my brief searching shows that in California where Roblox is incorporated, it seems they are required to notify any California residents if their data was breached, and the state Attorney General if it was 500+ residents.
Searching the AG’s website turns up nothing for Roblox.
I guess it’s entirely possible no CA residents were involved but, given the conference was held in San Francisco, I find that very implausible.
Why on earth would there be a minimum person count? So it’s totally cool to not let 499 people know that their data was stolen? California, man!
No - they have to let any CA resident know, but ALSO the AG if it’s 500 or more.
Thanks for clarifying.
Including t-shirt sizes! That’s a new one. Identity theft mannequins with accurate bellies?!?
???
Profit!
The website haveibeenpwned says the original breach date was 18 December 2020, with the information becoming available on 18 July 2023, with a total of 3,943 compromised accounts. The site notes that as well as all the above information, the leak even includes each individual’s t-shirt size.
Looks like someone in charge of organizing that event got phished. This seems like the type of info that can fit into an excel sheet.