More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date.
Between October 2025 and January 2026, the hacking group is said to have compromised over 610,000 Roblox accounts, including at least 357 high-value “elite” accounts, making around $225,000 from selling access to them. The hackers distributed infostealing malware disguised as game-enhancement tools, harvested login credentials from infected devices, and sold accounts through a Russian website and closed online communities based on their value.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA, FBI, and NSA Release Conti Ransomware Advisory To Help Organizations Reduce Risk Of Attack
September 22, 2021
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory today regarding increased Conti ransomware cyberattacks. The advisory includes technical details on the threat and mitigation steps that public and private sector organizations can take to reduce their risk to this ransomware. CISA ...
- Phishing-as-a-service operation uses double theft to boost profits
September 22, 2021
Microsoft says BulletProofLink, a large-scale phishing-as-a-service (PhaaS) operation it spotted while investigating recent phishing attacks, is the driving force behind many phishing campaigns that have targeted many corporate organizations lately. The threat actor behind BulletProofLink (also known as BulletProftLink and Anthrax) provides cybercriminals with various services, ranging from selling phish kits and email templates to providing ...
- RaidForums data marketplace accidentally exposes private staff page
September 22, 2021
Underground marketplace and hacker forum, RaidForums, recently exposed internal pages from its website, meant for staff members only. RaidForums is a data breach marketplace where threat actors often sell or leak illicitly obtained data dumps. Read more… Source: Bleeping Computer
- Epik Confirms Hack, Gigabytes of Data on Offer
September 21, 2021
Epik, the domain registrar known for hosting several large right-wing organizations, has confirmed a hack of its systems, a week after attackers branding themselves with the Anonymous hacktivist collective label said that the group had obtained and leaked gigabits of data from the hosting company, including 15 million email addresses. “On September 15, we confirmed that ...
- Malicious PowerPoint Documents on the Rise
September 21, 2021
McAfee Labs have observed a new phishing campaign that utilizes macro capabilities available in Microsoft PowerPoint. In this campaign, the spam email comes with a PowerPoint file as an attachment. Upon opening the malicious attachment, the VBA macro executes to deliver variants of AgentTesla which is a well-known password stealer. These spam emails purport to be ...
- VoIP.ms phone services disrupted by DDoS extortion attack
September 20, 2021
Threat actors are targeting voice-over-Internet provider VoIP.ms with a DDoS attack and extorting the company to stop the assault that’s severely disrupting the company’s operation. VoIP.ms is an Internet phone service company that provides affordable voice-over-IP service to businesses around the world. Read more… Source: Bleeping Computer