More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date.
Between October 2025 and January 2026, the hacking group is said to have compromised over 610,000 Roblox accounts, including at least 357 high-value “elite” accounts, making around $225,000 from selling access to them. The hackers distributed infostealing malware disguised as game-enhancement tools, harvested login credentials from infected devices, and sold accounts through a Russian website and closed online communities based on their value.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Verizon notifies prepaid customers their accounts were breached
October 18, 2022
Verizon warned an undisclosed number of prepaid customers that attackers gained access to Verizon accounts and used exposed credit card info in SIM swapping attacks. “We determined that between October 6 and October 10, 2022, a third party actor accessed the last four digits of the credit card used to make automatic payments on your account,” ...
- Defenders beware: A case for post-ransomware investigations
October 18, 2022
Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team (DART) responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures (TTPs) as most network security postures increase. In this blog, DART researchers detail a recent ransomware incident in which the attacker used a ...
- The benefits of taking an intent-based approach to detecting Business Email Compromise
October 18, 2022
Business email compromise (BEC) is one of the most financially damaging online crimes. As per the internet crime 221 report, the total loss in 2021 due to BEC is around 2.4 billion dollars. Since 2013, BEC has resulted in a 43 billion dollars loss. The report defines BEC as a scam targeting businesses (not individuals) ...
- Malware dev claims to sell new BlackLotus Windows UEFI bootkit
October 17, 2022
A threat actor is selling on hacking forums what they claim to be a new UEFI bootkit named BlackLotus, a malicious tool with capabilities usually linked to state-backed threat groups. UEFI bootkits are planted in the system firmware and are invisible to security software running within the operating system because the malware loads in the initial ...
- Phishing works so well crims won’t bother with deepfakes, says Sophos chap
October 17, 2022
Panic over the risk of deepfake scams is completely overblown, according to a senior security adviser for UK-based infosec company Sophos. “The thing with deepfakes is that we aren’t seeing a lot of it,” Sophos researcher John Shier told El Reg last week. Shier said current deepfakes – AI generated videos that mimic humans – aren’t the ...
- Deadbolt ransomware: Police tricked ransomware gang into handing over its decryption keys. Here’s how they did it
October 17, 2022
Police tricked a ransomware gang into handing over decryption keys, providing victims with the ability to unlock their encrypted data for free. Working alongside cybersecurity company Responders.NU, the Dutch National Police obtained 150 decryption keys from ransomware group Deadbolt. With the decryption keys now in the hands of law enforcement, some victims of Deadbolt ransomware attacks can ...