Roblox hacked by employee scam

Today one of the largest video game communities belongs to Roblox. The number of players enjoying the multiplayer platform where users create and share scenarios is estimated to be around 100 million active per month. A large part of the virtual population of the game is children, although the program has fans of all ages.
The security of Roblox when taking into account the massiveness that the game created by David Baszucki has obtained is without a doubt something that must be taken care of and give it attention. We all find ourselves as accustomed users (and sometimes with some annoyance) to create passwords, configure two-step security confirmation, or save secret security questions and answers. In the universe of Roblox players there are all kinds, there are those who do not believe that the account with which they play is important or it is possible to have users with really valuable profiles both for the objects they hold (remember that within the game you can carry out fictitious money transactions (which are obtained with real currency) or by the number of followers they may have. Regardless of who is behind that player profile, any information you share on the internet is sensitive by many factors.
One of the latest news about Roblox is part of the sensitive field of computer security but in this particular case with a methodology that is not what attackers usually work with. The hacker who decided to act in this popular world of cooperative creation decided to achieve his goal through the human factor instead of looking for a fault or generating some kind of malicious code. According to the access door to the information of Roblox users, it was a member of the company staff who was bribed by the intruder.

An unusual attack

Generally speaking, when information about security damages is leaked on the Internet, the words that make up the news and reports refer to elements of systems, malicious codes or what is known as “bugs”. In the attack on Roblox, which from the same company they have admitted, the points on which the hacker leaned to obtain access to the information of millions of users were nothing more than employees of the company.
The attacker got off the ground by paying a Roblox member to provide information and access to user settings panels. Once the act was done, the hacker contacted a customer service representative to bribe him with filtering the information and harm users if he was not paid a specific amount of money. Upon the refusal of the company member, the hack was carried out.
By gaining access to the configuration panels, the attacker was able to view users' emails, obtain and modify passwords, disable two-step verification, sell in-game items, and ban profiles (i.e. remove them from the system). The hacker shared screenshots of the configuration panels of various users, including some of great value (due to the amount of followers and objects they accumulate) such as Linkmon99, the "richest" player in the Roblox world.
From the company based in the United States they reported that a small number were the affected accounts, that they had already been notified of the situation and that from the company they decided to report the actions of the individual to HackerOne (a platform of cybersecurity researchers) to start to an investigation.

The human factor

The protagonist of what will undoubtedly be one of the novelties of Roblox in 2020 stated that the cyber attack he organized did so with the aim of "proving a point". Although the platform represents a world and a virtual system with the best computer security systems, the failure that allowed access to the sensitive information of the players was enabled through a variable that today the machines cannot control, the people issue.
When bribery cases arise for employees who receive money in exchange for harming the workplaces in which they work, they tend to think that the conditions in which they work are not the best and lead them to carry out malicious activities. Another objective may be to want to seek fame or feel important by harming a virtual population as large and important as Roblox. In any case, being people who were part of the attack, it is difficult to decipher the motives that may be behind them, since they can be very varied and unexpected.

By considering that all the systems, games and websites that are used are moderated by humans, the Roblox hack hints at the importance of everyone keeping up to date with security methods to protect themselves and understand that not everything what happens behind the screens is automatic.