What Happened
In July 2016, Roblox suffered a data breach when hackers compromised a staff account to access the customer service admin panel on a test site, which contained a full copy of the production database from 2012, exposing data on approximately 100,000 users (with around 50,000-52,500 records publicly leaked). The stolen information included email addresses, usernames, IP addresses from login logs, Robux account balances, and transaction logs (excluding full credit card numbers). Roblox detected the intrusion, halted it, issued a security update, temporarily shut down the in-game economy, forced password resets for affected users, and introduced two-factor authentication for the first time. The leaked data later enabled account takeovers and other exploits.
