More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date.
Between October 2025 and January 2026, the hacking group is said to have compromised over 610,000 Roblox accounts, including at least 357 high-value “elite” accounts, making around $225,000 from selling access to them. The hackers distributed infostealing malware disguised as game-enhancement tools, harvested login credentials from infected devices, and sold accounts through a Russian website and closed online communities based on their value.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Royal Mail’s recovery from ransomware attack will cost business at least $12M
November 16, 2023
Royal Mail’s parent International Distributions Services has revealed for the first time the infrastructure costs associated with its January ransomware attack.… LockBit’s attack has driven costs up across various areas of the Brit business, but improvements to the corporation’s Heathrow Worldwide Distribution Centre – the target of the attack – will cost the biz £10 million ...
- Investigating the New Rhysida Ransomware
November 15, 2023
The Rhysida group was first identified in May 2023, when they claimed their first victim. This group deploys a ransomware variant known as Rhysida and also offers it as Ransomware-as-a-service (RaaS). The group has listed around 50 victims so far in 2023. The investigation conducted by the FortiGuard IR team and MDR team uncovered some of ...
- 9 million patients had data stolen after US medical transcription firm hacked
November 15, 2023
Close to nine million patients had highly sensitive personal and health information stolen during a cyberattack on a U.S. medical transcription service earlier this year, representing one of the worst medical-related data breaches in recent times. The medical transcription company, Perry Johnson & Associates, or PJ&A, is a Henderson, Nevada-based company that provides transcription services to ...
- Executing from Memory Using ActiveMQ CVE-2023-46604
November 15, 2023
Huntress Labs, Rapid7, and ArticWolf all recently published reports of threat actors exploiting ActiveMQ CVE-2023-46604 to drop ransomware onto the victim host. The attackers used CVE-2023-46604 to invoke cmd.exe followed by curl.exe or msiexec.exe in order to download and execute their ransomware. The attackers were very obvious and caught the aforementioned companies’ attention, all of which ...
- #StopRansomware: Rhysida Ransomware
November 15, 2023
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the MultiState Information Sharing and Analysis Center (MS-ISAC) are releasing this joint CSA to disseminate known Rhysida ransomware IOCs and TTPs identified through investigations as recently as September 2023. Rhysida – an emerging ransomware variant – has predominately been deployed against the education, ...
- Over two million users hit by top US pharmacy provider data breach
November 15, 2023
Truepill, formerly known as Postmeds, suffered a data breach that resulted in sensitive data on more than 2.3 million patients being stolen. The US Department of Health and Human Services Office for Civil Rights breach portal listed Truepill (or rather Postmeds) as being under investigation for a data breach that affected a total of 2,364,359 people. Read ...