• DeltaTangoLima@reddrefuge.com
    link
    fedilink
    arrow-up
    12
    ·
    1 year ago

    Troy Hunt, the engineer behind haveibeenpwned, said the leak was posted in 2021 but according to an unnamed source didn’t spread outside of niche Roblox communities, while at the time the company did not publicly disclose the leak or alert anyone affected. The leak then appeared on a public forum a few days ago.

    “Roblox has now contacted everyone affected," said the company in a statement sent to Hunt. >>>

    So they definitely knew about it, and definitely weren’t going to do anything about it, until it became more widely known. Yet another reason to hate this horrible, stupid company. I so wish I could convince my daughter to drop Roblox. I’ve even offered to pay for a private Minecraft server for her and all her friends.

      • DeltaTangoLima@reddrefuge.com
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        I’m no expert but, in my brief searching shows that in California where Roblox is incorporated, it seems they are required to notify any California residents if their data was breached, and the state Attorney General if it was 500+ residents.

        Searching the AG’s website turns up nothing for Roblox.

        I guess it’s entirely possible no CA residents were involved but, given the conference was held in San Francisco, I find that very implausible.

        • Anticorp
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Why on earth would there be a minimum person count? So it’s totally cool to not let 499 people know that their data was stolen? California, man!

  • Smatt@lemmy.ca
    link
    fedilink
    arrow-up
    10
    ·
    1 year ago

    Including t-shirt sizes! That’s a new one. Identity theft mannequins with accurate bellies?!?

    ???

    Profit!

  • GorgeousDumpsterFire@lemmy.world
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    The website haveibeenpwned says the original breach date was 18 December 2020, with the information becoming available on 18 July 2023, with a total of 3,943 compromised accounts. The site notes that as well as all the above information, the leak even includes each individual’s t-shirt size.

    Looks like someone in charge of organizing that event got phished. This seems like the type of info that can fit into an excel sheet.