Roblox users warned: 50 million login records are up for sale on the dark web
A threat actor claims to be selling a trove of Roblox credentials, likely harvested by infostealer malware from users directly. The database, which allegedly contains 50 million records, is listed for $777, according to Brinztech, a cybersecurity firm.
Brinztech’s cybersecurity intelligence identified the “high-priority listing” on March 8th, 2026. The cybercriminals are selling account credentials, claiming that the passwords and usernames are in cleartext or weakly hashed.
The other data also allegedly includes direct URL login paths that can be used to bypass certain basic security checks.
The leak hadn’t been officially confirmed yet. Cybernews has reached out to Roblox and will include its response.
“This incident follows a massive January 2026 infostealer leak – uncovered by researcher Jeremiah Fowler – which exposed nearly 150 million unique logins across multiple platforms, including millions of Roblox accounts,” reads the Brinztech report on 50 million login records allegedly for sale.
The researchers explain the “significantly low price point” as a tactic often used by threat actors to achieve rapid “burn sales” of fresh data, before security teams can force platform-wide resets.
If the claims are true, Roblox's largely young user base could face significant risks, the most severe of which is the mass hijacking of accounts and theft of virtual assets with real-world monetary value.
Roblox developers – game creators – earn real-world income on the platform and are high-value targets for attackers.
“Compromising a developer account can lead to the theft of thousands of dollars in pending earnings and the injection of malicious code into popular ‘experiences,’” the report warns.
Brizintech also warns players that scammers who possess usernames and login URLs are likely to launch highly convincing phishing attacks.
“A child is significantly more likely to trust a notification regarding a ‘gift of 10,000 Robux’ if the message correctly identifies their specific account details,” the report reads.
The hackers might also attempt to reuse leaked credentials to hijack other accounts, such as Google, Netflix, or others.
The security firm recommends immediate password rotation, signing out of all other sessions, enforcing multi-factor authentication, and treating any unsolicited communication related to Roblox with extreme caution.
The data might originate from users themselves
In January, Fowler uncovered a data leak with 149 million logins and passwords. In a report shared with ExpressVPN, the security researcher detailed that a massive 96GB data chest contained credentials for Facebook, Instagram, TikTok, X, as well as other popular apps, including Roblox.
“The database appeared to store keylogging and ‘infostealer’ malware, a type of malicious software designed to silently harvest credentials from infected devices,” Fowler said.
The infostealer logs were left completely unprotected and publicly accessible on a cloud database.
Unlock more exclusive Cybernews content on YouTube.
