More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date.
Between October 2025 and January 2026, the hacking group is said to have compromised over 610,000 Roblox accounts, including at least 357 high-value “elite” accounts, making around $225,000 from selling access to them. The hackers distributed infostealing malware disguised as game-enhancement tools, harvested login credentials from infected devices, and sold accounts through a Russian website and closed online communities based on their value.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- U.N. cybercrime treaty faces new scrutiny
July 29, 2024
U.N. member states meet Monday seeking to finalize an international treaty on the fight against cybercrime, a text strongly opposed by an unlikely alliance of human rights groups and big technology companies. The “United Nations Convention Against Cybercrime” originated in 2017 when Russian diplomats sent the world body’s secretary-general a letter outlining the initiative. Two years ...
- Millions more victims exposed in debt collection agency data breach
July 29, 2024
It seems that the data breach at the debt collection agency Financial Business and Consumer Solutions (FBCS) was a lot bigger than initially thought. After first reporting some 1.9 million victims, the company now says that more than 4.2 million were actually affected. In late April, it was reported that FBCS suffered a cyberattack two months ...
- Georgia: Columbus hit by data breach, officials say not considered ransomware incident
July 29, 2024
Columbus experienced a data breach last Wednesday, the same day as an internet outage, city officials say. The only information believed to have been accessed are employees’ names, work emails and passwords, according to Mike Richardson, the city’s director of security and risk. He said no employee’s personal financial information was compromised. All employee passwords were ...
- Guernsey: Warning after spike in cyber-attacks
July 25, 2024
Authorities have warned organisations to take extra measures to protect their IT systems after a spike in cyber-attacks in Guernsey. The Office of the Data Protection Authority (ODPA) said some Microsoft 365 systems had been compromised by phishing attacks, where someone is tricked into giving out information over email. It warned criminals were becoming increasingly adept ...
- Onyx Sleet uses array of malware to gather intelligence for North Korea
July 25, 2024
On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet. Microsoft Threat Intelligence collaborated with the Federal Bureau of Investigation (FBI) in tracking activity associated with Onyx Sleet. Microsoft will continue to closely monitor Onyx Sleet’s activity to assess ...
- Pentagon contractor Leidos hit by data breach Internal documents leaked on cybercrime forum
July 25, 2024
Hackers have reportedly leaked internal documents stolen from Leidos Holdings Inc., a company with a significant contract portfolio including the US Defense Department, Homeland Security, and NASA. A person with knowledge of the matter told Bloomberg News that the company believes the documents leaked by hackers were stolen during a previously disclosed breach at Diligent Corporation. ...