Researchers have claimed that popular online game Roblox suffers from a series of security vulnerabilities that could have compromised the data of more than 100 million players, many of whom are children.
According to a report from CyberNews, Roblox is guilty of a number of “glaring” lapses in security, specifically relating to the Android application.
However, Roblox has denied the claims, stating that the research was based on inactive code and that the vulnerabilities weren’t serious at all.
A Roblox spokesperson told TechRadar Pro: “We take all reports seriously, and immediately investigated when first approached by the researcher in March. Our investigation determined there is no correlation between these claims and real risk to users’ data privacy.”
“One claim was inaccurate and the other three pertained to inactive code not used on the Roblox platform. Regardless, we deleted the inactive code as part of our commitment to the security and the safety of our users.”
Roblox security issues?
The CyberNews report alleges that the app exposed user data via four separate avenues: through misconfigurations in the Roblox Android manifest file, inadequate hashing algorithms, susceptibility to the Janus vulnerability and hardcoded API keys.
Together, these issues supposedly earned the Roblox Android app a remarkably low 10/100 score as per the Mobile Security Framework, a common test used to assess the security performance of mobile apps.
Although CyberNews acknowledged that some of the security holes have been patched in the latest versions, the researchers believe “the threat to player security is very real” and that user data such as names and email addresses could be compromised with relative ease.
While security issues are cause for concern in any context, this is particularly true in the case of Roblox, which is played predominantly by children between the ages of 9 and 15.
Many data protection regulations worldwide, including GDPR, contain specific provisions intended to enhance the protection of children’s personal data, which means companies such as Roblox are required to go the extra mile to shield data from attack.
What’s more, according to…