More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date.
Between October 2025 and January 2026, the hacking group is said to have compromised over 610,000 Roblox accounts, including at least 357 high-value “elite” accounts, making around $225,000 from selling access to them. The hackers distributed infostealing malware disguised as game-enhancement tools, harvested login credentials from infected devices, and sold accounts through a Russian website and closed online communities based on their value.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Multi-Gov Task Force Plans to Take Down the Ransomware Economy
April 29, 2021
Ransomware has reached crisis levels across business sectors and across the globe, but a public-private Ransomware Task Force aims to stem the tide of attacks by disrupting the crooks’ business model. The Institute for Security and Technology (IST) put together the coalition, which includes more than 60 members from software companies, government agencies, cybersecurity vendors, financial ...
- Chase Bank Phish Swims Past Exchange Email Protections
April 28, 2021
Threat actors are impersonating Chase Bank in two phishing attacks that can slip past Microsoft Exchange security protections in an aim to steal credentials from victims — by spoofing real-life customer scenarios. Researchers from Armorblox recently discovered the attacks, one of which claims to contain a credit card statement, while the other informs users that their ...
- Hello Ransomware Uses Updated China Chopper Web Shell, SharePoint Vulnerability
April 27, 2021
In January, Trend Micro researchers encountered a new ransomware using .hello as its extension in one of our cases that possibly arrived via a SharePoint server vulnerability. This appeared to be a new ransomware family dubbed as the Hello ransomware (aka WickrMe), named after the chat application that was used to contact the cybercriminals responsible. Previous ...
- FBI shares 4 million email addresses used by Emotet with Have I Been Pwned
April 27, 2021
Millions of email addresses collected by Emotet botnet for malware distribution campaigns have been shared by the Federal Bureau of Investigation (FBI) as part of the agency’s effort to clean infected computers. Individuals and domain owners can now learn if Emotet impacted their accounts by searching the database with email addresses stolen by the malware. Read more… Source: ...
- DC Police confirms cyberattack after ransomware gang leaks data
April 26, 2021
The Metropolitan Police Department has confirmed that they suffered a cyberattack after the Babuk ransomware gang leaked screenshots of stolen data. The Metropolitan Police Department, also known as the DC Police or MPD, is the primary law enforcement agency for Washington, DC, the US capital. In a statement to BleepingComputer, the DC Police stated that they are ...
- A specially crafted update is deleting Emotet botnet malware from infected PCs
April 26, 2021
A specially crafted update created by law enforcement has triggered the process of removing the Emotet botnet malware from 1.6 million infected computers around the world. Emotet was thought to be the world’s largest botnet, known for spewing millions of malware-laden spam emails each day. Law enforcement in the US, Canada and Europe conducted a coordinated ...