Kaspersky security expert explains gaming platform Roblox leaked documents

Gaming platform Roblox has recently discovered its users’ data being leaked online following its refusal to give in to an online extortion effort by an unknown cybercriminal. The leaked documents (totaling up to 4 gigabytes) apparently include spreadsheets and emails as well as users’ personal data.

Roblox has admitted not complying with the hacker’s payment demands for the latter to return the inappropriately obtained information. The hacker recently posted the information on a dark web forum.

Roblox is among the biggest gaming platforms globally. It has over 37 million daily users. It allows creators to create their own games within the Roblox universe and eventually monetize those. Thus, it has become a popular gaming venue for gamers (most are minors or children) and developers alike.

Kaspersky Online Child Safety Department Head Andrey Sidenko

In line with this issue, a security expert at Kaspersky has issued a statement to discuss how cyber threats can affect users, especially children in the gaming space, and how users can possibly protect their selves. Kaspersky’s Andrey Sidenko (Online Child Safety Department Head) shares insights:

“Roblox is an online gaming platform that allows users to create their own game simulations and virtual locations, where they can play in different locations themselves or invite other users. There are both harmless and very popular locations, where users can choose a pet and take care of it, or go through an obstacle course with their characters. The genres of such games are almost unlimited and the number of daily active users was 50 million by the end of 2021, most of which were school-aged children.


However, in the game world they may also meet fraudsters, who can either be members of the selected playthrough or even be its authors. Threats from them can come both inside the game world – they often show aggression, deception or intimidation. For example, the theme of the Roblox game world might be used to create phishing resources in order to steal login and password from the account and further withdraw funds from the victim; or under the guise of in-game currency (Robux) users can be offered to register with a real name or pay for a “no-lose lottery,” participation in which will bring nothing but loss of money.


Although Roblox has a system of content moderation, you should not rely on it completely. It can be especially dangerous for school children, who due to their lack of experience may not be aware of many cybersecurity rules.


Here are a few rules to help not only protect your data, but also not to find yourself in a location that can harm you or your children psychologically.


1. Do not share your real name, place of residence, school, or other personal information that can help attackers identify you in the real world;


2. Only chat with those users who you know personally; do not chat with strangers in Roblox or anywhere else;


3. Use a complex and unique password and always end the session at the end of the game, especially if you choose to connect from an unfamiliar device. Don’t forget to use two-factor authentication;


4. Roblox is using internal content monitoring system and if you come across any unwanted ads, cheating, online grooming, different types of harassment, or aggression towards you or other users you should report it to the moderators;


5. Critically evaluate the information you encounter in the game world. Abusers may use a variety of techniques, including social engineering. For example, they may offer you a reward in the form of in-game currency (Robux) for detailed information about yourself. If someone offers you this, then in all likelihood it’s cheating and the fraudster clearly has “own interests”.


6. Use antivirus solutions and parental control programs to be sure that your child can use the Internet safely.”