Content

Events
About

Roblox data breach exposes developer data

Olivia Powell | 07/24/2023

Note: The title of this article has been changed to reflect that Roblox's creator and developer community was impacted by the data leak, not its employees.

Attendees of the Roblox Developer Conference between 2017-2021 may have had their personal data leaked.

News of the data breach was broken on X (previously known as Twitter) by Troy Hunt, creator of the site Have I Been Pwned. Have I Been Pwned allows users to search their name and details to see if they have been leaked in any data breaches. 

In an anonymous message sent to Hunt, a source said that all those who attended the Roblox Developer Conference had their data leaked. According to the source, the data accessed during the cyber attack included full names, birth dates, email, home and IP addresses and phone numbers. The source also said that the data had been posted online.

The source said they discovered the leak when “some Turkish person” contacted them via Whatsapp after searching their username. They checked Have I Been Pwned to see if they had been the victim of a data leak, but it did not appear they had been. Following this, the source contacted Hunt to ask him to include details of the data breach on the site.

Another source contacted Hunt about the data leak. The source backed up information already sent to Hunt, while also alleging that Roblox never publicly or internally disclosed the data leak, meaning those affected were not informed about the cyber attack. 

The source said the leak had been re-published online recently, where it had been garnering “significant attention” from both malicious and non-malicious parties. The source alleged that this re-publishing of stolen data had seen “high-profile users” receive “malicious calls, texts and emails”. 

On July 20, Roblox addressed the data leak, saying to Hunt that the company had contacted everyone affected.  

Concerning the data leak notifications, Roblox said that: “Minimally affected users just got a sorry email. For more seriously affected users they got a year of identity protection and an apology for everyone else.” 

On July 24, a Roblox spokesperson reached out to Cyber Security Hub regarding the data leak, saying: "Roblox is aware of a third-party security issue where there were indications of unauthorised access to limited personal information of a subset of our creator community. We engaged independent experts to support the investigation led by our information security team.

"Those who were impacted have received an email communicating the next steps we are taking to support them. We will continue to be vigilant in monitoring and vetting the cyber security posture of Roblox and our third party vendors."

Upcoming Events


Digital Identity Week

09 - 10 September, 2025
Sydney, Australia
Register Now | View Agenda | Learn More

MORE EVENTS