Troy Hunt, the engineer behind haveibeenpwned, said the leak was posted in 2021 but according to an unnamed source didn’t spread outside of niche Roblox communities, while at the time the company did not publicly disclose the leak or alert anyone affected. The leak then appeared on a public forum a few days ago.
“Roblox has now contacted everyone affected," said the company in a statement sent to Hunt. >>>
So they definitely knew about it, and definitely weren’t going to do anything about it, until it became more widely known. Yet another reason to hate this horrible, stupid company. I so wish I could convince my daughter to drop Roblox. I’ve even offered to pay for a private Minecraft server for her and all her friends.
I’m no expert but, in my brief searching shows that in California where Roblox is incorporated, it seems they are required to notify any California residents if their data was breached, and the state Attorney General if it was 500+ residents.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
So they definitely knew about it, and definitely weren’t going to do anything about it, until it became more widely known. Yet another reason to hate this horrible, stupid company. I so wish I could convince my daughter to drop Roblox. I’ve even offered to pay for a private Minecraft server for her and all her friends.
Isn’t it illegal to not disclose about a potential data breach?
I’m no expert but, in my brief searching shows that in California where Roblox is incorporated, it seems they are required to notify any California residents if their data was breached, and the state Attorney General if it was 500+ residents.
Searching the AG’s website turns up nothing for Roblox.
I guess it’s entirely possible no CA residents were involved but, given the conference was held in San Francisco, I find that very implausible.
Why on earth would there be a minimum person count? So it’s totally cool to not let 499 people know that their data was stolen? California, man!
No - they have to let any CA resident know, but ALSO the AG if it’s 500 or more.
Thanks for clarifying.