A hacker bribed a Roblox worker to gain access to the back end customer support panel of the massively popular online video game, giving them the ability to lookup personal information on over 100 million active monthly users and grant virtual in-game currency.
With this access, the hacker could see users' email address, as well as change passwords, remove two-factor authentication from their accounts, ban users, and more, according to the hacker and screenshots of the internal system. The screenshots shared with Motherboard include the personal information of some of the most high profile users on the platform.
Beyond just viewing user data, the hacker was able to reset passwords and change user data too, according to screenshots of the customer support panel the hacker shared with Motherboard. The hacker said they changed the password for two accounts and sold their items. One of the screenshots appears to show the successful change of two-factor authentication settings, an extra form of security beyond just a password, on an account, with the panel reading, "Two Step Verification settings updated."