Hacker Bribed Roblox Worker For Access To Users' Personal Data
The social engineering attack was carried out just to prove a point.
A hacker has been able to gain access to personal information in Roblox users' accounts, as well as disable two-factor authentication and change passwords, after bribing a Roblox worker for access to the customer support center.
Apparently only intending to point out the flaw in Roblox's security, the hacker shared screenshots and details of the attack with Vice's Motherboard. With Roblox enjoying huge popularity among children, any exploit with the potential to expose personal data is taken incredibly seriously.
Initially, the hacker paid an insider at the company to access the data for them, they claimed, but then targeted a customer support representative in order to gain access themselves. With that access gained, the hacker could view and change a user's data, including passwords and two-factor authentication.
While the hacker attempted to claim a bug bounty for this exploit, Roblox denied the request due to suspected malicious activity, including selling users' items.
In a statement sent to Motherboard, Roblox confirmed that the attack was an example of social engineering, and that it had reported the hacker to bug bounty platform HackerOne for investigation.
GameSpot may get a commission from retail offers.