The motherboard reports that a hacker had bribed a Roblox insider to access the data of more than 100 million users.
“I only did it to prove a point to them,” the hacker told Motherboard during an online chat. The motherboard has granted anonymity to the hacker to speak more frankly about a criminal incident.
Beyond simply viewing user data, the hacker was also able to reset passwords and modify user data. […] The hacker said he changed the password for two accounts and sold his items. One of the screenshots appears to show the successful modification of two-factor authentication settings […]
Prove a point my a **. This person attempted to claim a bug premium from Roblox. They denied it because he / she acted “with more malice than a legitimate security researcher”. He soiled the accounts after the denial, so his point was revenge.
Update: A Roblox spokesperson informed me that only a small number of customers were affected, not 100 million, and immediate steps were taken to resolve the problem. In addition, he was a Roblox insider and not an employee.