Roblox Leak Reveals 4,000 Developers’ Personal Information

Megalithic game-thing Roblox doesn’t exactly have the best of reputations. Accusations of exploitation of children’s labor are hardly a good look, and this week also saw staff reporting that there has been little effort to address the lack of diversity at the studio. On top of all that, today it’s been revealed that a data leak from the company saw 4,000 developers’ personal, identifiable information go public.

As reported by PC Gamer, the list of names, email addresses, dates of birth, and physical addresses contains information on those who attended the Roblox Developer Conferences between 2017 and 2020. That’s the kind of information you can use to steal an identity. Oh, and it also included their t-shirt sizes.

The leak itself dates back to December 2020, but it remained unnoticed and unreported until this week. Troy Hunt, the creator of the Have I Been Pwned website that allows people to search to see if their details have been part of a leak, tweeted asking if anyone else had seen people discussing the situation, bringing it to wider attention.

According to Have I Been Pwned, the leak was posted in “niche communities” in 2021, but despite this, Roblox did not let anyone know it had happened, least of all those affected. It then went far more public this week.

In a statement given to PC Gamer, a Roblox representative acknowledged the “third-party security issue,” describing the leak as “unauthorized access to limited personal information of a subset of our creator community.” These are astoundingly diminishing terms for what is clearly incredibly detailed information about 3,943 individuals. But it’s fine because the company “engaged independent experts to support the investigation led by our information security team,” and add it will “continue to be vigilant in monitoring and vetting the cyber security posture of Roblox and our third-party vendors.” The company also said it contacted those affected to “communicate the next steps we are taking to support them.”

Given the lack of information on the investigation, its pledge to “continue to be vigilant” doesn’t currently hold an enormous amount of promise. We’ve contacted Roblox to ask why such data was being stored in this way and for more details on how it intends to support those affected. According to PCG and Troy Hunt, many received “a sorry email,” while others were offered “a year of identity protection.” Which, you know, doesn’t seem quite enough.

This all happens in the same week that Bloomberg reports staff are increasingly frustrated at Roblox’s failure to address woeful diversity within the company, with incredibly few women in senior positions. The company also told Bloomberg it has “no targets around hiring or promoting diverse employees.”

Plus, it’s important to never forget that the wider Roblox environment is deeply troubling for parents of the young children to whom the software is pitched, as exquisitely chronicled by People Make Games. Seriously, don’t let your kids near it if you haven’t watched this, or its follow-up:

People Make Games

Just Cause’s Developers Are Unionizing

Rico Rodríguez is shown riding a motorcycle away from a jet and an explosion.

Image: Avalanche Studios Group

Around 100 employees at Just Cause developer Avalanche Studios Group are unionizing. This means around a fifth of the 500-person Swedish team is now bargaining with the company’s management for a fair contract.

IGN confirmed with a union representative that more than 100 workers have joined Unionen, a Swedish trade union. According to their statement, Avalanche Studios Group workers have been working toward joining a union since earlier this year, when members formed a local union board to bargain with the studio’s management over specific benefits, but the rep didn’t share specific issues. According to IGN’s sources, moving to a four-day work week is at least one issue the team has raised in its negotiations.

While one in five workers joining the union might seem small, Swedish union membership is different than what we typically know of unions in the USA, as workers can join a trade union without a union election. This means that around “70 percent of the country” is part of a union, according to data shared with IGN by Unionen.

Avalanche Studios Group provided the following comment to IGN regarding the situation:

As an employer, we’re committed to creating the best possible conditions for all Avalanchers to thrive. We support and welcome any initiative that goes in this direction. This also means that we listen, invite dialogue, and encourage people to bring forward their perspectives and needs. After all, it’s thanks to each and every Avalancher that we’re able to make the great games we’re known for.

This comes less than a year after a public dispute between Avalanche’s workers and management, which lead to a public apology from the company, which reportedly encountered internal pushback regarding its HR department’s lack of communication and follow-through on worker concerns.

Beyond Just Cause, Avalanche Studios Group is currently working on Contraband in partnership with Xbox Game Studios, meaning the open-world co-op game will be exclusive to Xbox and Windows.

Cyberpunk 2077 Developers Form New Union In Face Of Layoffs

As the international gaming industry faces wave after wave of layoffs, workers at Cyberpunk 2077 and The Witcher developer, CD Projekt Red, have created a new Poland-wide union aimed at protecting their rights. This arrives in the face of the massive studio announcing it would be firing nine percent of its staff by March 2024.

Związek Pracowników Branży Gier (Polish Gamedev Workers Union) has been created by CDPR employees Lev Ki and Paweł Myszka, reports Eurogamer, following a third round of job losses in three months at the studio.

Buy Cyberpunk 2077: Amazon | Best Buy | GameStop

The new union’s site explains that it’s not specific to CDPR, but rather aims to represent “all professions and people working in the game development sector in Poland.”

CD Projekt Red has obviously been through a tumultuous few years, with the protracted development and disastrous launch of Cyberpunk 2077 upending its schedules, pulling hundreds of developers off potentially The Witcher 4 and any other projects they may have been working on, and then only made worse by a further year of all-hands-on-deck trying to get CP77 into a functioning state and its DLC out of the door.

That done, the studio will be entering relatively quieter times, and as is the grim state of the games development industry, mean it does not need to employ as many staff until it gets closer to launching whatever might come next. Announcing it would be letting go nine percent of its workforce, some 100 people, was enough to push those remaining into organizing.

“This event created a tremendous amount of stress and insecurity, affecting our mental health and leading to the creation of this union in response,” explains the site. It continues, “Having a union means having more security, transparency, better protection, and a stronger voice in times of crisis.”

This union can only represent workers in Poland, with Polish contracts, and as such doesn’t cover those in CDPR’s Vancouver studio. However, they can of course begin their own efforts to unionize. As the union site explains,

The above shows how employers tend to view their interests to be in conflict with those of their employees. While employees are the ones creating value in this arrangement, they lack any decision power in company-structure-related matters. That is why we need to organize to enter those situations on equal footing.

Update: CDPR gave us this statement in response to the formation of the union:

We have been informed about the intention to form a trade union covering gamedev companies, including our company. We will act in accordance with law and comply with legal obligations that might arise from that situation.

At the same it’s worth mentioning that the voice of RED’s team is already represented by the RED Team Representatives (RTR), which is a democratically elected body representing all employees and independent of the management board. We have been working with them for over 2 years now and we will continue to do so to keep our work environment transparent, safe and healthy.

Updated: 10/10/23, 03.51 a.m. ET: This post was updated to include CDPR’s statement in response to the story.

Proudly powered by WordPress | Theme: Looks Blog by Crimson Themes.