More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date.
Between October 2025 and January 2026, the hacking group is said to have compromised over 610,000 Roblox accounts, including at least 357 high-value “elite” accounts, making around $225,000 from selling access to them. The hackers distributed infostealing malware disguised as game-enhancement tools, harvested login credentials from infected devices, and sold accounts through a Russian website and closed online communities based on their value.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Estonia hit by ‘most extensive’ cyberattack since 2007 amid tensions with Russia over Ukraine war
August 17, 2022
Estonia was subject to “the most extensive cyberattack” since 2007, the Baltic state’s government said on Thursday, a day after it started removing Soviet-era war monuments from public areas in the wake of Russia’s February invasion of Ukraine. The Russia-based and pro-Russia hacker group Killnet said on the messaging app Telegram that it was responsible for ...
- Switching side jobs: Links between ATMZOW JS-sniffer and Hancitor
August 17, 2022
The hacker group ATMZOW and its JavaScript-sniffer became known in 2020, thanks to the Malwarebytes researchers, when the group installed a JS sniffer on a website that was collecting donations for victims of the Australia bushfires. However, based on a specific obfuscation technique used by the group, we can track its activities back to 2015 as ...
- BlackByte ransomware gang is back with new extortion tactics
August 17, 2022
The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit. After a brief disappearance, the ransomware operation is now promoting a new data leak site on hacker forums and through Twitter accounts the threat actor controls. The data leak site only includes one ...
- North Korean hackers use signed macOS malware to target IT job seekers
August 17, 2022
North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector. While it is no surprise that they’re targeting workers at Web3 companies, details about this specific social engineering campaign so far were limited to malware for the Windows ...
- Hackers attack UK water supplier but extort wrong company
August 16, 2022
South Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6 consumers daily, has issued a statement confirming IT disruption from a cyberattack. As the announcement explains, the safety and water distribution systems are still operational, so the disruption of the IT systems doesn’t impact the supply of safe water to its customers ...
- Attacker’s psychology: what to consider when defending against DDoS attacks
August 15, 2022
Although DDoS attacks are mainly carried out with bots, the initiators and coordinators of the attacks are humans. The nature of the attacks, their intensity and duration largely depend on their motivation and behaviors. According to StormWall researchers observations, attackers who launch DDoS attacks almost always want to ensure that their efforts have been successful and ...