34 Million Roblox Credentials Exposed on Dark Web in Three Years

Written by

Between 2021 and 2023, 34 million credentials from the Roblox gaming platform have been exposed on the dark web, marking a significant increase in cybercriminal activity targeting the platform. 

Notably, the number of compromised accounts has steadily risen, surging by 231% over the past three years, from approximately 4.7 million in 2021 to 15.5 million in 2023.

The figures come from the latest Kaspersky Digital Footprint Intelligence report, which also suggested the average count of compromised accounts across 11 diverse gaming platforms – including Twitch, Electronic Arts, Sony PlayStation and Steam – has surged by 112% since 2021.

According to the security experts, cybercriminals often employ deceptive methods, such as hiding infostealers within cheat code files or sharing malicious download links on popular platforms like YouTube, exploiting the trusting nature of young gamers.

“In some cases, this deception may appear genuine, as malicious download links can be posted on legitimate and popular social media platforms like YouTube. As a result, a significant number of compromised accounts have emerged from a game targeted at children,” explained Yuliya Novikova, a security expert at Kaspersky.

The dynamics of Roblox account compromises in 2021-2023. Source: Kaspersky Digital Footprint Intelligence.
The dynamics of Roblox account compromises in 2021-2023. Source: Kaspersky Digital Footprint Intelligence.

While Roblox account compromises are prevalent, they are not always the primary target for cybercriminals on the dark web. The Kaspersky report suggests that accounts from platforms like Steam, offering the potential for real-money theft, are often more appealing. 

“Criminals target game accounts to steal valuable items, such as real money, in-game currency, and various in-game items, such as expensive skins. Steam accounts seem to be more appealing to cybercriminals due to the potential to find and steal real money on them,” Novikova added.

Read more on these attacks: ChromeLoader Malware Poses as Steam, Nintendo Game Mods

However, Roblox accounts remain susceptible to exploitation for in-game currency and valuable items.

“Roblox accounts can be exploited to steal in-game currency Robux, or to pilfer in-game items, or to gain access to premium accounts that allow items to be transferred to other accounts,” Novikova said. “While users must exercise caution, platform owners can bolster protection by tracking and promptly blocking compromised accounts through specialized services.”

To mitigate the risks associated with password leaks, individuals and organizations are advised to adopt various security measures, including using unique passwords for each service, implementing two-factor authentication where possible and utilizing reliable security solutions.

Image credit: Sergei Elagin / Shutterstock.com

What’s hot on Infosecurity Magazine?