A hacker bribed a Roblox ‘insider’ to sell sensitive information from users of the platform, including youtubers and children.
We are unaccustomed to seeing classic hackers on duty in American movies using science fiction breakthrough techniques. But sometimes a hacker doesn’t need to break through security barriers by hitting random keys on a keyboard. Only sometimes do you need to talk to the right person.
This is what has happened with a massive leak of Roblox user data , one of the most popular video games among children today.
A hacker explains on Motherboard that he bribed an ‘insider’ – a person with privileged access to the platform – to get hold of sensitive data.
Important data with an important incentive: control over them.
Thanks to the bribery, the hacker was able to access the video game’s customer service panel, and thus see email addresses, remove 2-factor authentication of users, change passwords and even ban players.
A Robloxhacker was in control
According to the hacker to Motherboard , he simply had to bribe a representative specialized in customer service.
The hacker has turned out to be white collar, since he himself admits that he did not intend to make a malicious use of this data, but simply to prove “a theory”.
He has provided photos proving the leak that have also made it clear that the hacker took advantage of multiple players.
He tried to claim a reward for discovering this “bug” and seeing that this was not going to happen, he changed passwords, sold in-game items, and disabled 2-step verifications for multiple accounts.
A Roblox spokesperson was quick to address the issue and inform affected players. “We immediately took steps to address the issue and individually notified the very small number of customers that were affected,” he explained.
It is true that the hacker caused little damage, but it brought to the table the debate of whether the human barrier is sufficient to contain these kinds of leaks.
Is a human barrier enough?
The Roblox spokesperson involved has assured that steps will be taken “to address the issue and notify the very small number of affected customers individually.” However, while the extent of the leak is unclear, the issue was largely based on money.
And this is where the problem lies.
The hacker had no shame when it came to “taking advantage” of the system, that’s true, but let’s remember that he didn’t have to circumvent any type of security control.
You simply had to pay someone to search for user data and have them redirect you to a customer service representative. After a failed attempt to collect a reward for bugs (which do not exist), he acted maliciously.
Therefore, we are not facing a software problem or anything like that, but a poorly paid worker.
These workers have inevitably become a line of defense against this type of hackers, and poor working conditions can directly affect users involved in a service if the conditions that precisely have led to leaks like these are met.
The Roblox spokesperson has assured that he will also request an investigation for this hacker to HackerOne. However, Roblox’s biggest concern is that the tactic of bribing workers with access to sensitive data will become the norm;
Last year, a hacker compromised a Microsoft customer support account, something that the firm did not admit until it was discovered that it could read Hotmail and Outlook accounts without problems.