Kaspersky cybersecurity experts have discovered 34 million stolen credentials for the online game platform Roblox on the dark web. Identity theft and credential hacks via infostealer attacks continue to increase.
Between 2021 and 2023, almost 34 million login details for the online game Roblox were stolen and published on the dark web. Overall, the number increased by 231 percent from around 4,7 million in 2021 to 15,5 million in 2023. Taken together, data leaks from entertainment platforms such as Twitch, Electronic Arts, Sony PlayStation and Steam increased by 112 percent in the three years to.
Bulk credentials for resale
“The large number of stolen Roblox accounts is explained by the fact that cybercriminals particularly like to target children, as they are very susceptible to various types of social engineering. In order to deceive young players, cybercriminals hide infostealers in cheat code files, for example. Since some malicious download links are also shared on popular social media platforms like YouTube, they appear more credible. As a result, numerous compromised accounts of a game aimed at children have emerged,” explains Yuliya Novikova, Head of Kaspersky Digital Footprint Intelligence.
“The compromised credentials come from infostealers, a special type of malware that steals user access for cyberattacks, dark web sales, or other malicious activities. Infostealers can infect corporate and private devices using, among other things, phishing emails or websites and public web pages with malicious content. Efficient security solutions that protect against infostealer attacks and other malware are therefore becoming increasingly important for private individuals and companies.”
Accounts popular merchandise
“Cybercriminals target gaming accounts to steal valuables such as real money, in-game currencies and various in-game items such as expensive skins. Steam accounts seem to be attractive to cybercriminals because they can steal real money from them. Roblox accounts, on the other hand, can be misused to steal the in-game currency Robux or in-game items, or to access premium accounts that can be used to transfer items to other accounts. Although users should always be vigilant, platform operators can also improve their protection by tracking and quickly blocking compromised accounts using specialized services,” adds Yuliya Novikova.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/