Ukrainian police arrested three hackers for hijacking over 610,000 Roblox accounts using stolen session cookies to bypass authentication, targeting accounts with valuable virtual currency and items. The compromised accounts were sold on Russian platforms for cryptocurrency, generating approximately $225,000 in profit during the operation from October 2025 to January 2026. The suspects face charges of theft and unauthorized interference with information systems, with the investigation ongoing to identify further accomplices.
Identity Ukrainian police arrest 3 hackers for hijacking 610,000 Roblox accounts April 30, 2026 Share By SC Staff (Photo by Jakub Porzycki/NurPhoto via Getty Images) Three individuals have been arrested in Ukraine in connection with the hijacking of over 610,000 Roblox accounts, which were subsequently sold for approximately $225,000 in profit. The arrests followed searches in Lviv where cash, phones, computers, and other electronic devices were seized, disrupting a significant account theft operation targeting gamers, according to a recent report by Security Affairs. The suspects, including a 19-year-old, allegedly used stolen session cookies to bypass password requirements and access Roblox accounts. They identified accounts containing valuable virtual currency or rare items, compiling 357 files of high-value accounts. These accounts were then sold on Russian platforms, with payments received in cryptocurrency. The operation, spanning from October 2025 to January 2026, saw over 610,000 accounts checked. Ukrainian police conducted 10 searches, confiscating a substantial amount of cash, electronic devices, and other items. The hackers face charges including theft and unauthorized interference with information systems, potentially leading to up to 15 years in prison. An associate was also detained on drug-related charges. The investigation is ongoing to identify further accomplices and victims. Source: Security Affairs SC Staff Related Security Operations GoDaddy under fire for alleged unauthorized domain transfer SC Staff April 30, 2026 The incident involved a domain belonging to an anonymous American non-profit with 20 locations nationwide. Privacy US privacy fines skyrocket past $3.4B, Gartner reports SC Staff April 30, 2026 Privacy-related regulatory penalties imposed by U.S. states on companies reached $3.45 billion last year, which is higher than the combined fines between 2020 and 2024, reports CyberScoop. AI/ML Securing every door: Scalable strategies to manage machine and AI agent risks Paul Wagenseil April 29, 2026 You need ways to control your AI agents, and identity management may be the key. Related Events Cybercast IAM for MSSPs: Real-World Deployments Mon May 18 Cybercast Privilege risk is in the lifecycle: A CISO discussion on modernizing identity control On-Demand Event Cybercast The industrialization of identity compromise On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Basic Authentication Biometrics Certificate-Based Authentication Challenge-Handshake Authentication Protocol (CHAP) Digest Authentication Digital Certificate Discretionary Access Control (DAC) You can skip this ad in 5 seconds