More than 34 million Roblox passwords are stolen via “infostealers”: what they are and how to protect yourself

This was discovered by the research team of the cybersecurity company Kaspersky 34 million passwords stolen from the video game Roblox, one of the most popular in the world and widely played by kids. Furthermore, in 2023, the number of passwords stolen from OpenIA, the company that owns ChatGPT, the most used chatbot in the world, has already multiplied by 33.

According to Kaspersky Digital Footprint experts, the passwords were stolen infostealera type of malware designed to steal user logins and passwords that infect personal and corporate devices through phishing and other methods.

Roblox, which has approximately 216 million monthly active users, is a game that lets you create other games and servers so that players can not only interact through the game but also hang out, chat, and chat.

“The sale of login credentials to compromised accounts occupies an important part of the dark web market. Cybercriminals usually buy and sell them from various online platforms and services,” Kaspersky explained.

“The credentials in question originate from infostealer activity, a specialized form of malware designed to steal user passwords for cyberattacks, dark web sales, or other malicious activity,” added Yuliya Novikova, head of Kaspersky Digital Footprint Intelligence.

What is an “infostealer”

As the name indicates, an infostealer is a program that steals information. Typically, depending on the type of attack the threat actor is carrying out, they target sensitive information to either steal financial resources or access systems. They have been popularized in recent years by ransomwarea type of malware that encrypts files to make them inaccessible and demands a ransom in return.

“An infostealer is malware that was originally an add-on to ransomware, where not only data was encrypted, but a lot of information was also exfiltrated from the target. [víctima] wanted. It was used as a double extortion: you pay me and I give you the key to decrypt the files. But since many times the affected person had a backup, the cybercriminal applied a second step involving publishing the information to damage the image and cause reputational damage,” he explained to Clarion Joaquín Rodríguez Varela, co-founder and security researcher at Patagonia Security.

Now, the theft of personal information is very useful beyond this extortion technique: there is data that has value in itself. “This information also serves to obtain other benefits, which is why it is often sold on the dark web. What is usually stolen are the login credentials because they are very useful; cookies, because they can terminate started sessions and control accounts; wallets of bank accounts and what is usually more interesting are company accounts, access to company networks,” adds the specialist of the offensive cybersecurity company.

The best known on the black market are Raccoon and RedLine Stealer, but as researchers find new information, new information appears. For example, this week, Cisco Talos uncovered a new campaign that began in November last year in Mexico, called “Timbre Stealer,” a “broad-spectrum” infostealer. That is, he steals information of all kinds.

“A lot of the stories you see in the media have to do with credentials purchased on the black market. Nowadays, if you have corporate credentials and can access the VPN, that means game over. For the attacker it is very valuable because it serves many purposes. Ultimately, cybercriminals monetize information theft as much as possible, compromise a victim with ransomware, and then monetize the stolen information in clandestine forums,” concludes Rodríguez Varela.

Roblox, a very attacked target

According to Kaspersky research, “between 2021 and 2023, nearly 34 million Roblox accounts on the dark web, making the game a very fruitful target for cybercriminals who use malware to steal information. Worryingly, the number of compromised accounts for this popular children’s game has been progressively increasing every year: in the last three years, this figure has increased by 231%, going from around From 4,700,000 in 2021 to 15,500,000 in 2023”.

For the period considered, many of these keys may have already been changed, although generally, password hygiene It’s not something the average user takes into account, and even when compromised, many leave it the same.

Overall, the average number of compromised accounts across a combination of 11 other platforms or random popular games (Twitch, Electronic Arts, Game station and Steam, among others) increased by 112% compared to 2021they add.

“The reason there is so much login theft associated with Roblox is that children are among the most vulnerable audiences, as they are susceptible to various types of social engineering. For example, cybercriminals can hide login-stealing programs information in files containing cheat codes to deceive young players. In some cases, this deception may appear genuineas malicious download links can be posted on legal and popular social media platforms such as YouTube,” adds Yuliya Novikova.

Now, why are video games like Roblox being hacked? The number of users this platform has is a first point in favor of the attacker, who, they explain, “targets gaming accounts to steal valuables, such as real money, in-game currency and various in-game items, such as expensive leathers“

“Steam accounts appear to be more attractive to cybercriminals due to the possibility of finding and stealing real money within them. Roblox Accounts can be exploited to steal Robux, the in-game currency, to obtain items or to access premium accounts that allow you to transfer items to other accounts. While users must take extreme precautions, platform operators must strengthen protection by quickly tracking and blocking compromised accounts through specialized services,” concludes the head of Kaspersky Digital Footprint Intelligence.

Artificial intelligence, in the attackers menu

The investigation also revealed that the credentials of AI services, such as image editing, translation, text adaptation, chatbots or voice generatorsit has also gained popularity among attackers.

“In the last three years, for example, more than one million application user credentials (logins and passwords) from the online graphic design tool canvasdriven TO THE, have been compromised by malware capable of stealing data. Furthermore, data from Kaspersky Digital Footprint Intelligence showed that these credentials appeared on dark web forums and Telegram channels. To another popular writing assistant bitr IA, Grammaticalthey stole some 839,000 user passwords between 2021 and 2023,” they explained.

OpenAIwidely used massively thanks to the popularity of ChatGPT, it was also the protagonist of a leak following the activities of cyber criminals: almost 688,000 credentials for company services, including ChatGPT, were compromised between 2021 and 2023 and found in underground channels.

“Notably, in the last year of widespread chatbot adoption, the number of leaked logins and passwords increased nearly 33-fold in 2023 compared to the previous year, reaching approximately 664,000,” they explained.

For this reason, among the recommended measures to prevent our accounts from being compromised, we recommend:

• Since these are games that are widely played by children, the role of the family is crucial when it comes to explaining the risks of account compromise, from identity theft to loss of game progress.

• It is important to protect all devices used with a reliable security solution.

• Usage a different password for each service. Therefore, even if cyber criminals stole one of the accounts, it would not affect the rest. It’s best to use password managers instead of repeating the same password across all services.

• Whenever possible, secure accounts with two-factor authentication. If not, it is crucial to review your account settings.

• In an enterprise, organize proactive dark web monitoring to identify compromised accounts before they impact the cybersecurity of customers and employees.