Roblox Breach

Incident Overview       

On 16 June 2025, a file labelled “Roblox Breach - Jan 1 2022” began circulating on multiple leak-sharing forums.        
The archive lists 71,692 account rows and appears to be an export from Roblox’s internal user-lookup system rather than public-profile scraping.       
Twitter user @Dynabroth reports the dump was initially sold behind a paywall, then reposted for free, and that it focuses on high-value accounts (≥ 100 k RAP traders and “Epic Face” owners).        
       
       

Discovery and Containment       

Because the records are time-stamped 1 Jan 2022 yet surfaced in mid-2025, the actual compromise likely occurred years earlier.        
Multiple dark-web posts claim a threat actor bribed customer-support staff to run privileged queries against Roblox’s private user-lookup API, then hoarded the data until now.        
Roblox Corp. has not confirmed that narrative or described containment steps such as password resets or session revocations.       
       

Impact on Players       

• Credential takeover & reuse - If passwords (hashed or plaintext) are included, attackers can seize Roblox accounts and other services where the same login is reused.        
• Targeted phishing - Email addresses tied to high-value inventories enable convincing fake security-alert or trade-offer scams.        
• Social engineering - Moderation status or Robux balance data helps attackers craft believable support impersonation chats.       
         

Roblox’s Ongoing Investigation       

Roblox has yet to confirm the leak’s authenticity or scope.        
       

What you should do now       

1. Change your Roblox password immediately-and anywhere else you reused it.        
2. Enable Two-Step Verification (Settings → Security).        
          
   This brief will be updated as Roblox releases additional technical details or remediation guidance.