A hacker reportedly used both bribery and social engineering to gain unauthorized access to a customer support system operated by the popular video game Roblox -- illustrating why companies must be on the lookout for employees who fit the mold of an insider threat.
The unnamed hacker told Motherboard that they paid one insider to perform user data lookups for them, and then later phished an unwitting customer support representative in order to access the back-end system. The actor reportedly backtracked at one point and blamed their access on an exploited vulnerability, but Roblox later stated that social engineering was, indeed, involved.
By entering the system, the hacker reportedly had the ability to view gamers' email address, change their passwords, remove two-factor authentication protections, ban users and more. The individual reportedly demonstrated this by changing the password for two accounts and selling off their items.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.