Hacker Bribes Roblox Worker For User Account Access To Prove A Point To The Company

Hacker Bribes Roblox Worker For User Account Access To “Prove A Point To The Company”

A hacker attacked some of the richest members of the Roblox community to “prove a point” about the game’s functionality.



You Are Reading :Hacker Bribes Roblox Worker For User Account Access To Prove A Point To The Company

A hacker has struck the highly popular free to play game, Roblox, using bribery of a worker to gain access to account login and email information, in game currency, and other personal information. With more than 100 million active monthly users, equating to more than a billion hours of gameplay each month, the implications here are striking.

This invasion began with the hacker initiating contact, and providing payment to an insider to look up information about users. This step was only the beginning of the attack. The next step was to use that information, and reach out to a customer service representative, to get Roblox to provide access to the accounts. From there, everything from two factor authentication settings to in-game currency to full account control and information was available.

What would be the motivation for such an attack? In an anonymous interview with VICE, the hacker said this was done, “…only to prove a point to them.” Roblox, like many corporations, offer bug bounties to those who identify vulnerabilities that can be fixed, to prevent actual aggressive attacks that could harm or breach users. The hacker did attempt to seek a bug bounty for this attack. Unlike many so-called white hat hackers, this hacker went on to change the passwords of prominent accounts such as Linkmon99 (The richest player in Roblox), and sold items. The hacker elaborated their motivations to actually cause these account changes and selling the items happened only after they, “had a feeling the bounty sh*t was gonna go south.”

See also  Pokémon Unites Winter Event Will Add Frosty Map & Dragonite

Strong passwords? Unique email addresses. Two factor authentication? All of these did not protect users, highlighting an unfortunate threat via hackers to seek valuable personal information and in game items. This was a complex phishing attack, beginning not by a common insider acquaintance, but via the professional social media site LinkedIn. After bribing the employee (and keeping screenshot records of this discussion), the attack resumed. While common, and even important to have an updated LinkedIn profile, users with access to protected information of others are in an especially vulnerable position to be phished in a similar fashion.

Roblox gave an official statement on the incident, noting that the very small number of users who were affected were notified, and action was taken to address the issue. The team at Roblox went on to elaborate that the issue was escalated to HackerOne, their official bug research program to identify vulnerabilities to protect users.

Source: Vice



Link Source : https://www.thegamer.com/hacker-bribes-roblox-employee-account-access/

Leave a Reply

Your email address will not be published. Required fields are marked *