The Times Roblox ACTUALLY Got Hacked

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] if you've been on Roblox YouTube for any amount of time you've probably come across videos with titles like this Roblox hacker is targeting me don't accept Roblox hackers friend requests this Roblox hacker died in real life scariest hacker group in Roblox the Roblox bun bun girls it seems like practically every week new videos are published warning Roblox players about the new Boogeyman of the week hell-bent on hacking Roblox we constantly see YouTube shorts featuring some random player with a dark outfit and creepy username promising to hack Roblox in seven days or hack your account if you say a certain phrase in game or do not go into this black cabin in this hackers game or your Roblox Apple get deleted trickcraft even has a whole series about it now if you're over the age of seven it should come as no surprise to you that all of these videos are fake or at least greatly exaggerated groups like team cool kid the block screws hackers did actually wreak havoc on Roblox but one they were only localized to certain Game servers which are much easier to do damage to than Roblox as a whole and two they weren't actually hacking the definition of hacking is widely varied across different sources but the main aspect of it that everyone seems to agree on is that it involves accessing data that you're not supposed to have access to what the people I just mentioned were doing was actually exploiting finding and using insecurities in games to do things they weren't supposed to do no data was ever actually accessed on a wide scale otherwise they could have changed the in-game data of any user that had data saved in the game like levels unlockables kill counts Etc Roblox is a platform worth tens of billions of dollars that host data from billions of people all over the world its security is not so less that it can be accessed by some random kid on Tick Tock who can't even spell hacker correctly but believe it or not for a platform of its size it's still relatively insecure and there have been a significant number of instances where it was actually hacked and while these real hackings don't have the creepy vengeful backstores that The Tick Tock kids would like you to believe they're still just as interesting if not more interesting than the fake ones in my opinion my goal today is to document as many of these real hackings as possible in one place so that if you have a little Timmy in your life who believes those Tick-Tock hacking stories you can sit them down put on this video and show them how unsafe Roblox really is so from mass revealings of passwords to a literal doomsday event that left the Roblox website nigh unusable for a day these are the times Roblox as a whole was actually hacked Now spoiler alert most of the hackings we're going to be talking about today are in some way related to data breaches people getting past Roblox security and stealing all sorts of info from accounts from passwords to financial details to security cookies which are basically a two-factor authentication bypassing master key to your account these can be very devastating depending on their scale and you might be wondering by this point how you can keep yourself safe from them well a really good way of doing that is with guardio the sponsor of this video guardio is essentially a cross-platform catch-all tool for keeping your private online information safe and secure if your email address is involved in any kind of data breach Roblox related or not it'll alert you immediately on any platform you have it on and you can change your passwords cancel your credit cards do whatever you need to keep yourself safe before the hackers can do anything also if you've seen my video on the history of Roblox scams you'll know that there is an absurd amount of them there are countless Shady free Robux websites out there and there are also cookie logger links which are links that look really similar to the Roblox website but in reality just give scammers that secure already cookie I mentioned earlier not only does Guardia find 100 times more of these links then and block these links long before Google which they've actually been featured on but it also prevents those links from doing anything on your device for even a second blocking secret downloads and logs and fake pop-ups these Shady scams can even come in the form of extensions just a couple months ago actually I accidentally installed a fake version of the Roblox plus extension which actually stole my security cookie I was able to secure a sign out in time because I thought to read the reviews but if I hadn't my account would be toast if I had had guardio though it would have prevented me from downloading the extension in the first place and I would have had nothing to worry about and that's not even close to everything they do to keep your account safe to find out more about all of the awesome features guardio has to offer and get completely protected in just 30 seconds visit my link guard.io Nitro Lord you'll be able to protect five different users and get a free complete security scan for each one of them a 7 day free trial of all the premium features and 20 off your monthly subscription after that what more could you want thanks so much to Guardia for sponsoring this video and now without further Ado let's get into our list of all the reasons why Roblox players need guardio aka the times that Roblox has actually been hacked because it's the oldest incident on this list and also the one that most of you probably already know about let's start out with the most egregious hacking that Roblox has ever gone through the April Fool's 2012 incident back in 2012 a user called elernate figured out how to access roblox's admin panels the tools that Roblox admins use to moderate things upload hats change things around on the website you know admin stuff [Music] he made an account on a public Roblox test website with the username of a Roblox admin copied the security cookie it generated and was able to use it to log into that admin's actual account because this was 2012 and 2012 cyber security stupid he and a couple of his friends the main two that people think were involved were Caleb 244 and I trapped though I can't really find any primary source confirmation on that so take it with a grain of salt decided to use their Newfound powers to play a little prank on April 1st 2012. April Fool's Day and by play a little prank I mean literally make the site unusable I'd like you to stop for a second and think about what you would do if you had complete and total admin control over the entire Roblox website got it okay cool these people did that they gave people tons of Robux They removed tons of Robux from people they banned accounts they unban previously banned accounts they uploaded whatever hats and faces they wanted most of which are actually still on the catalog to this day and some of which are extremely expensive and rare limit is now they made famous accounts say interesting things on the now defunct Roblox forums they change the site banners to say wacky slogans like The Annoying Orange banner and no tomato orange and much much more it was pretty much the wildest day Roblox had and has ever seen to date aside from the site literally being shut down everyone was freaking out about it on the forums proclaiming how it was the end of Roblox thousands of users were leaving the site it was chaos I'd honestly really like to interview someone who joined Roblox on that day to find out what they thought of it because if all that stuff happened to me on my first day joining a new website needed to be a core memory forever all of this culminated in the actual Roblox admins taking the website down until late that evening Eller Nate and Friends getting terminated and CEO David bazuki releasing a blog post the next day that reads with the most passive aggressiveness I've ever seen if tone of voice could kill elearnate would have been vaporized into dust upon reading this now something that I don't think a lot of people know is that shortly after all this happened Elder Nate actually released a now deleted but re-uploaded video on his YouTube channel of someone on the Roblox website messing around with the account of former admin ilta Lumi we know it's him because we see whoever's recording chatting with him I know it's hard to see because this video's resolution is in the single digits but trust me it's him this would be really elaborate and difficult for the average person to fake especially with 2012 technology so I'm willing to believe it's real and if it is it gives us a really interesting look at what things look like for admins in 2012 and it's quite probably the only footage of those admin panels out there I don't really have anything in particular to say about it but if you'd like to watch it yourself after you're done with this video which you definitely should I'll leave a link to it in the description [Music] so apparently Roblox admins didn't learn their lesson about preventing people from accessing areas of the website they shouldn't because in July of 2016 it happened again a band of unknown unauthorized users managed to gain access to a Roblox testing website which happened to contain a database full of sensitive user information from 2012 and earlier hosted on it bananas 288 the person who wrote the original Roblox Wiki article on the incident claimed that the test site was their customer service panel at gametest1. robloxlabs.com and that the hackers accessed it via compromised admin account whose information was leaked on the now defunct website leaked Source they also claimed that the data on the test site included transaction logs private messages Robux balances email addresses login logs and IP addresses however since they never cited any sources for most of these claims and leaked sources now defunct we can't really know any of this for sure all we do know for sure from a Roblox blog post made after the incident is that it caused a heck of a lot of old accounts to be compromised it's estimated that data from over a hundred thousand accounts was obtained many of these accounts owned high value limiteds and a lot of Robux and many were from 2006 and 2007. this was after all a database of users who had been making transactions on Roblox if were to believe bananas 288 not a bunch of random noobs much of this information was leaked on Black Market Roblox forums like Vermilion which is how we know roughly how many users were affected and the vultures began Sweeping in and picking the accounts off to prevent as much damage as possible Roblox decided to in state a security measure well known by account thieves today as account locking if you try to log into a locked account you'll be met with this screen which asks you to enter the email the account was verified with and reset its password if you don't know the email you have to ask Roblox support to reset it which since you're not the original owner of the account will get you nowhere Roblox applied this lock to as many of the accounts they thought were compromised as possible but unfortunately for many it was too late and tens of thousands of old valued accounts were still compromised [Music] late in the evening of January 18 2019 popular developer g-fink became aware of a rather pressing issue with his two most popular games doomsfire brick battle and the really easy hobby they were both private this was odd to say the least there was no reason for him or anyone with access to those games to have done that so he checked the audit logs for the group doomsfire brick battles hosted under and found this that's right two random throwaway accounts not even in his group that's why they're labeled as guests somehow managed to take admin action on his game and they had set it to private this happened to several other high-profile developers too most of the most popular games on Roblox at the time including natural disaster survival work at a pizza place welcome to bloxburg speed Simulator 2 and uh were affected they also changed the names of some of the places they had access to to the names of other popular games which may have been a side effect of whatever they were doing in just a few hours Roblox administrator Knight to galadeld informed the developers that affixed to the issue had been implemented and that they could feel free to set their games back to public No statement was ever released by Roblox explaining exactly what went wrong and how the hackers did this fortunately those observing the situation at the time were kind enough to take some Wayback machine snapshots of the throwaway accounts that were accessing these games and also one of them isn't terminated for some reason from the snapshots we can see that their status is read iscbb V 2.0 internal 1. this is a reference to a YouTube video demonstrating the capabilities of a now broken open source Roblox follower botting program called iscbb on the YouTube channel internal 1. according to internal 1 a user would obtain a bunch of accounts and use iscbb to make them follow whoever they wanted and the program would apply this status to all of the Bots as a sort of credit to itself back on the throwaway profile we also know notice upon looking at this particular account's followings count that it's weirdly High compared to its followers and Friends count we take a look at who it's following and yep it's all randos with mega inflated follower counts comprised mostly of bots and it was while trawling through this list of accounts this bot is following that I made what might be a rather significant Discovery there's an account here called sub to PewDiePie 426. his name is quite noobish and its Avatar is the default female bacon hair so it seemed a little weird to me that whoever's behind this account would even know about follow robots much less buy some for themselves and then I clicked on its profile and in its about section I found this weird phrase for my services go to a5g tve okay I Google search this odd string of characters and only one result came up a post on Vermilion offering cheap follower botting services from a user called cookie plucks so it seems at least possible to me that this guy owns some advertising throwaway accounts for his scummy service of botting people's followers for money using the free open source is CCB and as proof that what he did worked he followed by those very accounts which would mean that these two accounts were owned by him their names do seem to follow the naming scheme of all the other Bots following sub to PewDiePie a string of random characters the word premium and a two-digit number this would then imply that cookie plucks was behind the 2019 game privatizations this is all just speculation of course we have no definitive proof of it so please don't go contacting him about it or harassing him with questions I'm just saying seems a little sus to me of all of the Roblox hacking stories I've read about while researching for this video this has to be the stupidest one because the way the hacker did it was just by straight up bribing an employee to do the work for him specifically around May of 2020 according to vice's article on the subject quote the hacker said they first paid an Insider to perform user data lookups for them and then targeted a customer support representative themselves the hacker provided a series of screenshots showing alleged communication between them and The Insider on LinkedIn the worker is listed as having worked as an in-game support contractor for Roblox through this customer support worker the hacker was able to access roblox's back-end customer support panel making them the third person in this video to have done that honestly at this point Roblox should just store the controls to that panel in a locked safe underneath a volcano somewhere the hacker provided the vice subsidiary who interviewed him motherboard with several screenshots of their activity on the panel though for some reason Vice only elected to show one it apparently shows the private information of linkmon99 the fourth richest user on Roblox and lickman himself has confirmed that it's the hacker said that the reason he did this was that he wanted to quote prove a point to Roblox but it's worth noting that he also tried to claim a bounty for finding a bug in Roblox security when it became clear he wouldn't get one he blew off some steam by compromising and stealing from a few unnamed Roblox users before Vanishing Into the Night Never to be seen or heard from again this is definitely the most mysterious and undocumented entry on this list which means there's not a whole lot to say about it but here's what little we know in mid-august 2020 there was a big spike in incidents that involved the accounts of well-known Roblox celebrities getting hacked Russo plays Vox kaneko kitten Creek craft Roku the winner that key dominance from the Ready Player one event Crimson Force the co-developer of the popular game guesty and many more all reported within days of each other that their accounts had randomly been logged out and that their passwords had been changed even weirder all of these hacking experiences were slightly different from each other precraft said that when he got back into his account nothing at all had been changed while Crimson 4 said that the hackers had drained his group of over a million Robux in group funds many if not all of the affected users had two-step verification on and Roku at the very least had no third-party extensions running at the time of his hacking so that rules that possibility out kaneko kitten Who provided emails showing that stuff like this had actually been happening to him for a while theorized that these hacks were being accomplished through a combination of social engineering which in a Roblox context is basically hitting up Roblox support and fooling them into thinking you're the rightful owner of an account by showing them a leaked toy code or gift card code or receipt or something like that and roblox's insecure implementation of email two-factor authentication if you don't know email is a very insecure method of two-factor authentication and as of 2020 it and SMS authentication which is even more insecure were the only two options we had for 2fa 2fa through an authenticator app a much more secure method was only introduced in November of 2021. it's crazy to me that so many of these Super Famous accounts were straight up hacked and no one besides kaneko kit and really talked about it I'm curious to know if it was ever confirmed exactly what and or who caused this situation because I can't really find any further details about it so if you do know anything let me know in the comments just last year in July of 2022 documents containing sensitive information about some extremely popular Roblox developers were leaked onto an unspecified online Forum by unknown hacker according to roblox's statement given to motherboard on the matter this happened because an employee of theirs fell for a phishing attempt by said hacker after being lured in through social engineering and personalized Scare Tactics it's not known exactly what personal information was released and which developers were affected but it is known that the hack was part of an assortion attempt against Roblox quickly responded by quote engaging independent experts to complement their information security team and tuning their systems to seek to detect and prevent similar attempts although this one only happened very recently A lot of people seem to already have confused the details of it so I think it's important that we cover it search blocks was once a pretty popular Chrome extension with over 200 000 users created by a guy from Scotland by the name of Matthew Fripp better known as just Frip it let Roblox users type other Roblox users names into a search bar above a game servers list find the server the other user was in and join says server which made it pretty hated by famous robloxians who would constantly be joined in games against their wishes but aside from that no one really had a problem with it until on the fateful day of November 22nd 2022 all 200 000 users of the extension began noticing that their accounts were getting cleaned out through a hidden script installed in the extension's latest update they were being made to buy clothing with prices equivalent to all the Robux they had and they were being forced to accept trades that lost them all of their most valuable limiteds the clothing was owned by and the trays were sent by a throwaway account called Unstoppable Lucent and all the limiteds and Robux it got were likely sold and traded in Black Market private accounts which allegedly resulted in the owner of Unstoppable loosenet making off with over 13 000 real-life dollars many people think that all of this was the work of a once extremely rich user called CC font Unstoppable Lucent traded many high-valued limiteds to him and he was terminated soon after the incident however according to Cece font himself and several reputable rollamon's users purporting to be friends with him he was actually just another victim of the hack the only reason he received limiteds was so that Unstoppable Lucent could take even higher value limiteds from him all of the trades were low balls and he actually lost millions of robots when the dust cleared all Roblox SAW was that he now had stolen loadeds on his account and they terminated him for that some rollerman's users have also alleged that much of his wealth was USD bought and that he deserved the termination anyway but it seems that at least for this specific incident CC font is innocent which would place all the blame on this Frip guy and honestly after researching him for a while yeah it makes total sense that he would do this I'm not sure why anyone ever trusted him he has accounts on a few different black market forums including Vermilion where he's discussed and promoted all manner of shady things from exploiting to account selling and not just in Roblox his GitHub when it existed was almost completely Barren except for the search blocks repository with only four followers he also has a Reddit account that's only ever posted on the Roblox subreddit a couple times and after close to three hours of searching I could not find his main Roblox account the account Frip on Roblox was left online a month ago but it joined in 2009 and by the looks of its profile it hasn't actively participated in the Roblox Community since the early 2010s trip M Frip o and Matthew Frip which are names that he's used on other websites are also Duds and the accounts we know he used in this hack Unstoppable lucind and Hana aren't friends with or following anyone similar to those names the dude has little connection to Roblox at all he's just kind of generally an exploiter what he was doing creating a Roblox extension is beyond me maybe this was what he was planning on doing all along a rollerman's user by the name of RS Holdings who claims to know the people behind the hack has alleged that someone paid him even more real money to leak some info about CC font so that coupled with the 13k he said to gain would definitely be a more than sufficient motivation if it's all true foreign last but not least is an ongoing phenomenon on Roblox the mass leaking of the logins of Bot accounts throughout most of the history of Roblox there have been millions and millions of Bot accounts created for various different purposes some were created to farm the ticks you'd get every day you logged in when ticks were still a thing some to fill up people's followers and Friends lists some to spam scam ads and comments group walls and messages and more all Roblox accounts have to have a unique username and Bot generators have Unique Systems in place to create a different name for each bot but all passwords don't have to be unique and why would you waste time creating a system for generating unique passwords when you can just have them all be the same or at least very similar so that's exactly what they did most if not all Bots out there have passwords that use one very specific easily crackable format or are straight up the exact same as all the others in their batch if you can get one bot's password it's very likely that you've just gotten the key to the thousands of bots it was generated alongside the most popular example of this phenomenon is the 2010 tick spot dump there was a batch of over 300 170 000 Bots that were generated over the course of just a few days in November 2010 to take advantage of the automatic 10 ticks you would get every time you logged in in late September of 2022 however long after ticks had been discontinued it was discovered that all of these 2010 ticks box shared the same exact password l0l0l0l all lowercase soon enough documents containing the usernames of hundreds of thousands of tick spots found to be part of the batch began circulating Roblox exploiting communities and they're still regularly getting shared in these communities and getting accounts picked off of them to this day another example was the 2017 Bots this was another batch of bots most likely used for spam purposes whose passwords are just their username spelled backwards now unfortunately for those looking to score themselves free old accounts Roblox is well aware of this and they've locked the vast majority of them this means that pretty much the only way you can get into one of these accounts nowadays is by finding one of the small percentage of them that Roblox didn't lock and that no one else has changed the password to either which may seem like a daunting task but is actually weirdly common I tried getting a couple of of them myself for research purposes and was able to find logins that worked within like half an hour to an hour max it's debatable whether you can even call this an incident of Roblox getting hacked considering that all the hackers did was find one password but considering the massive amount of accounts that were compromised as a result that's what I'm calling it and I think that'll about do it for today's video once again remember to check out guardio at mylinkguard.io Nitro Lord which you can find in the description and make sure to share this with whoever you think needs to hear it I've been Nitro Lord and I will see you all next time bye [Music] thank you
Info
Channel: Nitrolord
Views: 311,856
Rating: undefined out of 5
Keywords: Hackers, Roblox, 2012, April Fools, Ellernate, Data Breaches, Guardio, Builderman, Telamon, Shedletsky, Binary, Python, Malware, Viruses, Toastedcherries, Crazytrain2015, Anonymous, John Doe, Guest 666, UnseenBones, Kreekcraft, Exposing, Mysteries, Video Essays, 2006, 2007, Old Roblox, Classic Roblox, Fun, Happy Home in Robloxia, Work At a Pizza Place, Blox Fruits, Sharkblox, iTrapped, Caleb244, Forums, 2010, Tixbots, Bots, Free Followers, Free Robux, Scams, Horror, Myths, Creepy, Scary
Id: Ij75meALkxE
Channel Id: undefined
Length: 22min 42sec (1362 seconds)
Published: Fri Jul 21 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.