More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date.
Between October 2025 and January 2026, the hacking group is said to have compromised over 610,000 Roblox accounts, including at least 357 high-value “elite” accounts, making around $225,000 from selling access to them. The hackers distributed infostealing malware disguised as game-enhancement tools, harvested login credentials from infected devices, and sold accounts through a Russian website and closed online communities based on their value.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- This new type of DDoS attack takes advantage of an old vulnerability
May 15, 2018
A newly-uncovered form of DDoS attack takes advantage of a well-known, yet still exploitable, security vulnerability in the Universal Plug and Play (UPnP) networking protocol to allow attackers to bypass common methods for detecting their actions. Attacks are launched from irregular source ports, making it difficult to determine their origin and blacklist the ports in order ...
- Ex-CIA man named as suspect in Vault 7 leak
May 15, 2018
A former CIA employee has been named as the prime suspect in last year’s dump of thousands of documents on the agency’s hacking practices. A report from The Washington Post cites court documents that name Joshua Adam Schulte as the person authorities think to be behind the massive Vault7 data dump. Read more… Source: The Register
- Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers
May 15, 2018
An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when they’ve uploaded a weaponized PDF file to a public malware scanning engine. The zero-days where spotted by security researchers from Slovak antivirus vendor ESET, who reported the issues to Adobe and Microsoft, which in turn, had them patched within two months. Anton Cherepanov, ...
- Hackers Steal Millions From Mexican Banks Via Fake Transfers
May 14, 2018
The incident may have been orchestrated by organised criminals, says Mexico’s central bank Cyber-thieves have made off with hundreds of millions of pesos from Mexican banks using the country’s domestic electronic transfer system. The attack is similar to earlier ones that have used the international SWIFT network, prompting the Belgium-based organisation to bring in new security measures. Read more… Source: ...
- GandCrab Ransomware Found Hiding on Legitimate Websites
May 10, 2018
The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns. What’s interesting is that GandCrab payload was found hiding on legitimate but compromised websites. These, when analyzed, were found to be riddled with vulnerabilities stemming from outdated software, highlighting one ...
- 5 Powerful Botnets Found Exploiting Unpatched GPON Router Flaws
May 10, 2018
Well, that did not take long. Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have spotted 5 botnet families, including Mettle, Muhstik, Mirai, Hajime, and Satori, ...