Ukrainian police arrest 3 in theft of 610,000 Roblox accounts

Ukrainian police in Lviv arrested three people accused of running a hacking operation that compromised more than 610,000 Roblox accounts between October 2025 and January 2026. Investigators say the group took at least 357 high-value “elite” accounts and earned about $225,000 by selling access on a Russian website and in closed online communities.

The suspects distributed information-stealing malware inside programs that claimed to improve gameplay. Once a device was infected, the malware collected login credentials and session cookies, enabling attackers to access accounts without the original owners’ permission.

Investigators traced offers of compromised accounts to online marketplaces. Account prices varied based on Robux balances, limited-edition items, paid memberships or game passes, and years of progress tied to achievements and unlocks.

If you suspect your account was affected, run a full anti-malware scan on every device used to access Roblox and remove any suspicious programs. Check browser extensions and remove ones you did not install or do not trust. Clearing browser history and cookies can help remove stolen session data, but it will log you out of many sites.

If you can still log into Roblox, change your password and enable two-step verification. If attackers changed your password and you cannot log in, use the “Forgot Password or Username?” option on the Roblox login page, enter the account email, and follow the reset link, including checking spam folders.

After regaining access, end all active sessions to block attackers who may reconnect with stolen cookies. On Roblox go to Settings, then Security, and select “Log out of all other sessions.” If you have been locked out because recovery details were changed, contact Roblox Support and provide evidence to prove ownership, such as your username, the original email address, receipts for Robux purchases, the approximate date and time of the compromise, screenshots showing account details, and previous account settings.

Roblox’s policy states it is not required to restore compromised accounts and does not guarantee recovery of lost items or currency. Requests for help with lost items or currency should be submitted within 30 days of the incident. The support process typically takes two to five days.

Security measures to reduce future risk include verifying and regularly monitoring the email on your Roblox account, using a unique password stored in a password manager, and not sharing your password with others. Avoid downloading third-party cheats, hacks, cracks, or game-enhancement tools from untrusted sources. Keep your operating system, browser, and apps updated and run current, real-time anti-malware software.

The arrests in Lviv follow a wider pattern of attackers targeting gaming platforms for credential theft and resale. Law enforcement and platform providers are investigating how stolen digital goods move through closed marketplaces and how to disrupt the channels that monetize those thefts.