More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date.
Between October 2025 and January 2026, the hacking group is said to have compromised over 610,000 Roblox accounts, including at least 357 high-value “elite” accounts, making around $225,000 from selling access to them. The hackers distributed infostealing malware disguised as game-enhancement tools, harvested login credentials from infected devices, and sold accounts through a Russian website and closed online communities based on their value.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- DNA testing biz vows to improve infosec after criminals break into database it didn’t know it had
February 20, 2023
A DNA diagnostics company will pay $400,000 and tighten its security in the wake of a 2021 attack where criminals broke into its network and swiped personal data on over two million people from a nine-year-old “legacy” database the company forgot it had. The genetic testing firm, DNA Diagnostics Center (DDC) reached a settlement deal with ...
- Royal Ransomware expands attacks by targeting Linux ESXi servers
February 20, 2023
Ransomware actors have been observed to expand their targets by increasingly developing Linux-based versions. Trend Micro predicted in September 2022 that ransomware groups will would increasingly target Linux servers and embedded systems in the coming years after detecting a double-digit year-on-year (YoY) increase in attacks on these systems in the first half of 2022. In May ...
- GoDaddy joins the dots and realizes it’s been under attack for three years
February 20, 2023
Web hosting and domain name concern GoDaddy has disclosed a fresh attack on its infrastructure, and concluded that it is one of a series of linked incidents dating back to 2020. The business took the unusual step of detailing the attacks in its Form 10-K – the formal annual report listed entities are required to file ...
- Suffolk County starting to restore online services amid months-long cyberattack
February 18, 2023
Suffolk County has been suffering through a massive cyberattack for months, but progress has been made to restore security. Social security numbers of 26,000 county employees and drivers license numbers of 470,000 were exposed or accessed. Read more… Source: MSN News
- Norway finds a way to recover crypto North Korea pinched in Axie heist
February 17, 2023
Norwegian authorities announced on Thursday that they had recovered $5.9 million of cryptocurrency stolen in the Axie Infinity hack – an incident widely held to have been perpetrated by the Lazarus Group, which has links to North Korea. The Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime (Økokrim) has called the seizure ...
- Frebniis: New Malware Abuses Microsoft IIS Feature to Establish Backdoor
February 16, 2023
Symantec, by Broadcom Software, has observed a new malware that abuses a feature of Microsoft’s Internet Information Services (IIS) to deploy a backdoor onto targeted systems. The malware, dubbed Frebniis (Backdoor.Frebniis), was used by a currently unknown threat actor against targets in Taiwan. Read more… Source: Symantec