More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date.
Between October 2025 and January 2026, the hacking group is said to have compromised over 610,000 Roblox accounts, including at least 357 high-value “elite” accounts, making around $225,000 from selling access to them. The hackers distributed infostealing malware disguised as game-enhancement tools, harvested login credentials from infected devices, and sold accounts through a Russian website and closed online communities based on their value.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- “.Zip” top-level domains draw potential for information leaks
June 13, 2023
As a result of Google’s announced sale of new TLDs that are also popular file extension formats, there is an increased risk with the deployment of the “.zip” domain that threat actors will develop new vectors for compromising victims. In early May 2023, Google released eight new TLDs, marketing the “.zip” domain as a way ...
- Two Prudential companies in Malaysia affected by MOVEit data-theft attack
June 13, 2023
Prudential Assurance Malaysia Bhd (PAMB) and Prudential BSN Takaful Bhd (PruBSN) have confirmed that they have been affected by the global MOVEit data-theft attack, “where a zero-day vulnerability was exploited.” The two insurance companies said that as soon as they became aware of the breach, “we took action to isolate the affected server while the incident ...
- MOVEit Vulnerabilities: What You Need to Know
June 12, 2023
Extortion actors have been actively exploiting a recently patched vulnerability in MOVEit Transfer, a file-transfer application that is widely used to transmit information between organizations. The nature of the software affected means that attackers can exploit unpatched systems to mount a supply chain attack against multiple organizations. While the original vulnerability (CVE-2023-34362) was patched on May ...
- UK media watchdog Ofcom data downloaded in cyber-attack
June 12, 2023
Media watchdog Ofcom has confirmed that it is a victim of a cyber-attack by hackers linked to a notorious Russian ransomware group. Confidential data about some companies regulated by Ofcom, and personal information from 412 employees was downloaded during the mass hack. A number of firms, including British Airways, the BBC and Boots, have been affected ...
- Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency
June 12, 2023
Stealing cryptocurrencies is nothing new. For example, the Mt. Gox exchange was robbed of many bitcoins back in the beginning of 2010s. Attackers such as those behind the Coinvault ransomware were after your Bitcoin wallets, too. Since then, stealing cryptocurrencies has continued to occupy cybercriminals. One of the latest additions to this phenomenon is the multi-stage ...
- Ireland: Fresh cyber attack impacts HSE
June 9, 2023
The Health Service Executive (HSE) has been impacted by a fresh cyber attack. Work is ongoing to determine the impact on HSE data following the attack which has been as criminal in nature and international in scale. But no patient data is believed to have been accessed at this stage. Read more… Source: The Irish News