• About
  • Advertise
  • Careers
  • Contact
Monday, March 20, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Data Breach

Roblox hacker enabled by insider threats; expert offers tips to curb rogue employees

by Cyber360 News
May 6, 2020
in Data Breach
0
Roblox hacker enabled by insider threats; expert offers tips to curb rogue employees
0
SHARES
3
VIEWS
Share on FacebookShare on Twitter

A hacker reportedly used both bribery and social engineering to gain unauthorized access to a customer support system operated by the popular video game Roblox — illustrating why companies must be on the lookout for employees who fit the mold of an insider threat.

The unnamed hacker told Motherboard that they paid one insider to perform user data lookups for them, and then later phished an unwitting customer support representative in order to access the back-end system. The actor reportedly backtracked at one point and blamed their access on an exploited vulnerability, but Roblox later stated that social engineering was, indeed, involved.

By entering the system, the hacker reportedly had the ability to view gamers’ email address, change their passwords, remove two-factor authentication protections, ban users and more. The individual reportedly demonstrated this by changing the password for two accounts and selling off their items.

These developments are especially concerning because Roblox is a highly popular online game platform and game creation system with 100 million monthly active users, many of whom are children looking for entertainment while stuck at home due to the COVID-19 pandemic.

Unfortunately, the actions of two Roblox employees apparently helped the hacker expose these users. While it can be difficult stopping insiders from causing security breaches, one expert advised SC Media on steps companies can take to reduce the risk of employees being bribed or phished.

“In terms of quantity, phishing attacks are much more common than bribery. However, you would be surprised how often [bribery is] happening,” said It is especially common with outsourced developers, third-party contractors and employees who are new to an organization,” said Matt Radolec, director of security architecture and incident response at data security and insider threat detection company Varonis Systems. “In one case, we identified an outsourced developer who accepted a bribe to modify a single API query to exfiltrate the information from the query both to the maker of query and to organization doing the bribing.”

To guard against these incidents, “Organizations should track employee performance and satisfaction to monitor for insider threats. From our experiences, insiders will have more than one warning indicator that they are susceptible to a bribe,” Radolec continued. “For instance, accessing large amounts of data they wouldn’t typically, trying to access executive mailboxes or pay/salary information.”

If these preventative measures don’t help pinpoint potentially dangerous or negligent employees, then there are also safeguards companies can introduce to detect harmful behaviors more quickly. Radolec suggested that companies leverage behavior analytics in order to get a sense of which files, folders, sensitive data and devices employees typically use, and how users consumer perimeter resources.

Per Motherboard, a Roblox spokesperson commented on the hack, stating: “We immediately took action to address the issue and individually notified the very small amount of customers who were impacted.” The spokesperson also noted that the incident was reported to Roblox’s official vulnerability disclosure platform provider HackerOne, after the hacker tried to claim a bug bounty for performing the systems intrusion.

The hacker reportedly told Motherboard that they did it to “prove a point” and only tinkered with user accounts after the bug bounty attempt failed. SC Media contacted HackerOne for its take on the incident, and the company declined to comment.

Cyber360 News

Cyber360 News

Next Post
‘Kaiji’ Malware Targets Linux Servers, IoT Devices Via DDoS Attacks

‘Kaiji’ Malware Targets Linux Servers, IoT Devices Via DDoS Attacks

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In