Unknown hackers left a message in 1800 profiles on Roblox.com: “Ask your parents to vote for Trump this year! # MAGA2020 ". Judging by the complaints of victims that can be found on Reddit, on Twitter and so on, the first attacks began last week.
But the matter was not limited to a text message in support of Trump: the avatars of the hacked accounts were also changed and now show clothes typical of Donald Trump supporters: a red cap and a T-shirt with an American flag and a bald eagle.
Many victims who reported hacking their accounts on Roblox forums admitted that they reused the same passwords or had very simple credentials that were unstable even before a simple brute force attack. Also, many admit that they did not include two-factor authentication. Roblox uses a 2FA email-based system, it requires the user to first enter a username and password, and then a one-time code that is sent to the email specified by him.
Currently, it is unclear how hackers managed to compromise such a number of accounts, and Roblox representatives did not comment on the situation. However, the experts of the information security company KE-LA informed the publication Zdnetthat they were able to find lists of Roblox usernames with clear text passwords on paste sites. Journalists checked dozens of users from these lists and found that many of them really suffered at the hands of hackers calling to vote for Trump. The publication suggests that this is how most accounts were hacked.
At the same time, attacks are still ongoing. When the researchers first began to study the problem last weekend, they counted about 750 hacked profiles. During the week, their number remained almost unchanged, stopping at around 1000 hacked accounts, but now the number of compromised accounts is growing again. So, in just an hour, hackers increased the number of hacks from 1680 to 1820.
Since there are a lot of children among Roblox users, experts recommend that their parents help their children, choose more secure passwords and enable 2FA.