This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Roblox Developer Conference

Summary

Roblox announced on 24 July 2024 that attendees of the 2022, 2023, and 2024 Roblox Developer Conference were impacted by a data breach at FNTech, the third-party vendor handling conference registrations. The breach exposed names, email addresses, and IP addresses of 10,386 conference attendees after someone gained unauthorized access to FNTech's systems. The breach was first reported by Have I Been Pwned on 4 July 2024.

What Happened

FNTech, the vendor responsible for handling registration for Roblox Developer Conferences from 2022-2024, suffered a security breach that exposed attendee registration data. An unauthorized party gained access to FNTech's systems and exfiltrated conference registration information. The breach was specific to the conference registration data held by the third-party vendor and did not impact Roblox's main gaming platform systems or user accounts.

Impact on Individuals

The breach exposed conference attendee information including:

  • Complete names
  • Email addresses
  • IP addresses

According to Have I Been Pwned, 63% of the 10,386 exposed email addresses (approximately 6,500) had never been in a data breach before. Affected individuals should:

  • Be alert for phishing emails targeting game developers
  • Watch for targeted attacks using knowledge of their attendance at developer conferences
  • Be cautious of scam attempts exploiting their connection to Roblox development
  • Monitor for potential use of their information in social engineering attacks

The exposure of IP addresses combined with names and emails could enable geolocation and more targeted attacks against game developers.

Organisational Response

Roblox engaged independent experts to support the investigation led by their information security team. The company notified affected conference attendees and emphasized that the breach was isolated to the third-party registration vendor (FNTech) and did not affect Roblox's main platform systems. While Australian developers may have attended these conferences, the incident primarily affected the international Roblox developer community.

Verification Source: View original statement