Roblox Refuses To Negotiate In Major Extortion Case
"Roblox" is one of the most popular games in the world, and for good reason. It's mainly marketed towards children, but the system offers nearly endless customization and the capability to create games within the game. For example, players quickly helped "Squid Game" make its video game debut in the world of "Roblox," recreating its tortuous games for an online audience. Some creators dedicate entire YouTube channels to "Roblox" content, and professional content creators like Brianna Arsement say that "Roblox" really does it all by encouraging players to unleash their creativity. Over 47 million players log on to "Roblox" daily (via VideoGamesStats). In other words, it's a big business — and one that contains a lot of sensitive player information.
Now, some of that private information has been taken by hackers and used to leverage threats against Roblox Corporation. That might seem like a brilliant hacker plan, considering that many corporations will go to extreme lengths to protect both company information and player data, but Roblox has stated that it doesn't want to engage with those who would try to extort it. The future is unclear for what will happen to Roblox's data, but it's not the only company caught up in the whirlwind. Here's how Roblox responded to the recent data breach, and what was compromised in the attack.
Roblox would not give in
News of the "Roblox" hack began to hit the internet when the apparent hacker uploaded a ton of internal documents from Roblox Corporation online. In light of this, Vice reached out to Roblox for a comment, and received a somewhat surprising answer. "These stolen documents were illegally obtained as part of an extortion scheme that we refused to cooperate with," a Roblox representative said. They continued, explaining that Roblox had hired independent cyber security consultants in addition to its regular security team. While these steps will surely help protect gamers in the future, it's unclear what Roblox plans to do about the present attack. The company hasn't commented on its social media pages or blog about the attack.
According to Vice, the hackers began sharing Roblox's information in retaliation for the company's refusal to comply with their extortion demands. The documents contain personal information of some of the biggest creators in the "Roblox" community, including email addresses and information about how much creators are paid by Roblox to promote its content. Because Roblox refused to negotiate with the hackers, the information was released online, which could result in undue harassment of the creators and employees whose information was leaked.
While some of the documents leaked reveal personal information or sales figures, other alleged internal memos present instructions on how to be a "Roblox" moderator. These list what sort of language is considered discriminatory, along with some examples of potentially offensive language and a numbered chart to rate the severity of the language.
And believe it or not, "Roblox" is not the only game or game developer affected by recent leaks. Here's what we know about other companies affected by recent hacks.
Hacking isn't uncommon, unfortunately
While it's currently unclear who was behind the "Roblox" attack, ALPHV, a.k.a. BlackCat, has made waves in the gaming community by using ransomware to obtain companies' data and use it as leverage in extortion deals. Bandai Namco recently confirmed that it was hacked, revealing that future "Elden Ring" DLC would examine the barbarians mentioned briefly in the game. Bandai Namco also said that some customer information might have been compromised, but it wasn't sure of the extent of the damage done.
It appears that customer data wasn't part of the "Roblox" hack (aside from some sponsored creator information), but it does seem that the hackers used personal threats to obtain internal documents. In Vice's report, a Roblox Corporation spokesperson explained that hackers had used social engineering and personal threats against a specific employee to obtain data. In some ways, the fact that the "Roblox" breach was so specific to an individual makes it more personal and terrifying: a real person was the victim of manipulation.
Data breaches are nothing new in the gaming community, but the fact that a company as huge as Roblox was successfully targeted could cause pause for companies facing similar circumstances in the future. The company has refused to discuss terms with hackers, but ultimately some of its top creators suffered the consequences by having their information leaked.
Of course, not all hacks are inherently malicious. Last year, a group hacked "Apex Legends" for a bizarre reason: to share that "Titanfall" was in cyber danger and resources should be directed to it. However, hat incident also ended up causing even more trouble for the developers the hacker was apparently trying to help.