Hackers Are Spreading Trump Propaganda Through Roblox

Roblox, a popular game played by kids and early teens, has recently announced they passed the 100 million active players mark. However, the game became a target for political messages regarding the upcoming presidential elections. Hackers reportedly took over some accounts to spread pro-Trump messages, dressing the characters up in red hats and putting pro-Trump messages in the profiles.

Social media websites saw posts from players who claimed their accounts were hacked, with Gamespot noting that Google indexed Roblox accounts. That made it possible to spot that many accounts had the same message in their "About" part: "Ask your parents to vote for Trump this year!#Maga2020."

Example of Roblox accounts taken over and exploited with Trump propaganda

Users Advised to Reset Passwords and Enable 2FA

Roblox's official help site provided information to players suffering from the hacks, advising them to reset their password, remove third-party browser extensions, and to enable two-factor authentication. The hackers were making changes to the accounts and the characters, so it may not be enough for affected accounts to call customer support to undo the damage. It is unclear how the attackers made it into the accounts, but they were spamming other users with friend requests and pro-Trump messages, including sending messages to the affected accounts' friends.

Security problems are often seen with online games since users and hackers target them for various reasons. The game has parental controls, chat filters, and reporting systems made to make it child-friendly. Whoever is behind the hacks in the game could come from a wide array of culprits on the internet that may be responsible.

@Roblox my friend got hacked by one of these trump supporting bots, can you please look into it and give her the account back? #royalehigh #royalehightrading #roblox #robloxhack #robloxbots #rhtrading #adoptme #adoptmetrading #roblox pic.twitter.com/mAYc3XGEUx

— 𝘭𝘶𝘯𝘢𝘳𝘪𝘢 (@Lvnariia) June 27, 2020

Twitter explaining and demonstrating their Roblox account being hacked with Trump propaganda

Users who had their accounts hacked in the accident on the Roblox forums admitted they were reusing passwords across online accounts. That low level of security made it easier for attackers to compromise the accounts. Many of the users also revealed they weren't using two-step verification, which made the process worse. Roblox uses an email two-step verification system that asks users to enter a valid username and password, followed by a one time code sent to the user's email.

The threat intelligence company KE-LA managed to identify multiple pages with extensive lists of Roblox usernames and passwords in cleartext, an info dump. The usernames found in the lists had many entries used by the pro-Trump hackers. The attackers gained access to the accounts that lacked two-step verification, most likely using the compromised accounts shared online.