Three Arrested for Hacking Over 610,000 Roblox Accounts

News

Written by

Photo of Danny Palmer

Danny Palmer

Deputy Editor, Infosecurity Magazine

Police have arrested three people suspected of hacking the accounts of over 610,000 Roblox users.

The Prosecutor General’s Office of Ukraine said that a 19-year-old from Drohobych and a further two individuals aged 21 and 22 have been arrested for their suspected involvement involvement in the phishing and malware scheme.

According to the investigation, between October 2025 to January 2026, the hackers accessed over 610,000 online game platform Roblox accounts.

This access was used to check what in-game items and how much ‘Robux’ account users owned. Robux is the is the in-game currency of Roblox, which players can use real money to buy. Robux gift cards are available for purchase through official Roblox sources and can cost as much as $199.99.

Some of the rarest in-game items in Roblox are traded for thousands of dollars on third-party exchanges. That means that access to stolen accounts of those ‘elite’ users who own rare items could prove extremely lucrative to thieves.

As part of the scheme, the attackers identified at least 357 accounts as high-value elite accounts, and access to them sold on Russian websites in exchange for payments in cryptocurrency. Authorities believe that the group made over $225,000 from selling these accounts.

According to the National Police of Ukraine, the hackers used social engineering lures which claimed to offer Robox players in-game bonuses. However, what the players received was infostealer malware, which stole usernames, passwords and tokens, which provided the attackers with access to the accounts.

Working with the cyber police and the Security Service of Ukraine, the Prosecutors of the Lviv region conducted searches at 10 properties associated with those suspected of conducting the criminal activity.

These searches resulted in the seizure of computer equipment, storage devices, mobile phones, bank cards, handwritten notes, plus over €2,500 and nearly $35,000.

The investigation is ongoing and police said that analysis of the seized devices is underway.

If found guilty of distributing the malware and stealing accounts, the defendants face up to 15 years in prison.

Infosecurity has contacted Roblox for comment.

Image credit: Miguel Lagoa / Shutterstock.com

You may also like

  1. Red October cyber-espionage campaign used highly sophisticated infiltration techniques

    News

  2. Five Security “Gotchas” for MSPs

    Opinion

  3. Compromised WordPress Sites Deliver ClickFix Attacks in Global Infostealer Campaign

    News

  4. AI-powered Cyber-Attacks Up Significantly in the Last Year, Warns CrowdStrike

    News

  5. Emojis in PureRAT’s Code Point to AI-Generated Malware Campaign

    News

What’s Hot on Infosecurity Magazine?