900K Roblox accounts may be on sale. Here’s what we know

Last updated: 22 April 2025
kid playing Roblox
Image by Shutterstock.

Nearly a million Roblox accounts have allegedly been leaked on a cybercriminal forum.

Nearly 900,000 Roblox accounts have allegedly been leaked on a known cybercriminal forum. Roblox is a massive game platform where users, primarily kids and teenagers, create, share, and explore user-generated 3D games. Over 85 million users log in to the platform daily, many of whom are children.

The dump supposedly comes from “stealer logs” – a byproduct of infostealing malware that quietly siphons sensitive data from infected machines, often targeting crypto wallets and login sessions.

ADVERTISEMENT

Infostealers are fast-spreading malware, often sold as malware-as-a-service (MaaS) on cybercriminal channels.

Once they infect a system, usually through a malicious download or phony game mod, they scrape everything from browser credentials to Discord tokens, or, as may have happened in this case, Roblox logins.

vilius Gintaras Radauskas Ernestas Naprys Paulina Okunyte
Don’t miss our latest stories on Google News
Google News Follow us

Then, the data is packaged into a “stealer log,” a compressed folder filled with ready-to-use digital loot, and shipped off to an attacker’s command-and-control server.

Stealer logs are sold, traded, or dumped en masse, often labeled by target and date. So when someone says “900K Roblox accounts were leaked,” it likely means they were scraped from infected users and dumped together, and not coming from any systemic hack of Roblox infrastructure.

Still, it’s dangerous. If proven to be true, such a dataset would be a goldmine. Many players link their accounts to payment methods, purchase in-game currency (Robux), or connect with friends across games and servers – all of which can be monetized or abused.

Cybernews has not been able to independently verify the leaked data. A comment from Roblox has yet to be received.

Be careful, infostealers are everywhere

Infostealers have become the malware of choice for cybercriminals who want fast, scalable payouts. They don’t need elite hacking skills – just a bit of social engineering to lure victims into downloading and executing free cheats, pirated games, and software, or fake Chrome extensions.

A report by cybersecurity firm Flashpoint reveals that 75% (2.1 billion) of the 3.2 billion credentials stolen in 2024 were harvested via infostealers.

ADVERTISEMENT

What you can do if you play Roblox (or your kids do)

  • Use antivirus software that can detect and remove stealers.
  • Avoid downloading game mods or cheats from unofficial sources.
  • Create strong passwords with tools such as a password generator.
  • Scan your system for malware if you’ve downloaded sketchy stuff in the past.
  • Check your credentials on leaked data tracking tools such as personal data leak check or password leak check
Share
Post
Share
Share
Share
More from Cybernews
Thousands of Node developers compromised by malware in popular npm packages
Accessing public WiFi with iOS 19 might become a little easier
Russia’s aviation personnel's health data leaked en masse
“Hello pervert” sextortion scam: how not to react
German DPA orders Meta to halt AI training with EU user data
Mexico sues Google over “Gulf of America”
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked