A threat actor is offering a database containing millions of Roblox login credentials for sale on a cybercriminal marketplace, according to a report by Brinztech, a cybersecurity intelligence firm. The listing advertises a dataset of about 50 million Roblox login records priced at $777. Brinztech said it identified the listing on March 8, 2026, and described it as a “high priority” sale due to the scale of the data and the low asking price.
According to the researchers, the dataset allegedly contains usernames and passwords that are either stored in plain text or protected with weak hashing. The data is also said to include direct login URLs that could allow access attempts while bypassing some basic security checks.
The origin of the records has not been confirmed. Researchers said the credentials were likely collected through infostealer malware. This type of malicious software infects a user’s device and extracts stored login data and other sensitive information from browsers and applications.
The alleged leak has not been independently verified. A response from Roblox, the online gaming platform operated by Roblox Corporation, had not been published at the time of reporting.
Brinztech said the relatively low price of $777 may indicate an attempt to sell the data quickly before the affected service can require users to reset passwords or otherwise block access. Researchers described such pricing as a tactic sometimes used in the rapid sales of newly obtained data.
The report states that the dataset may contain credentials collected from users rather than data obtained directly from Roblox systems. Infostealer malware typically gathers login information from infected personal devices and packages the data into files known as stealer logs, which are later sold or distributed on underground forums.
The listing appears months after another large dataset linked to infostealer activity was reported. In January 2026, researcher Jeremiah Fowler identified a collection of nearly 150 million login records taken from multiple online platforms, including Roblox accounts.
Roblox is an online gaming platform where users create and play games built by other users. The service has a large global player base, including many younger users.
Researchers said that if the credentials are valid, attackers could attempt to access accounts and take control of in-game assets. Some Roblox accounts contain purchased virtual currency or items that can carry real-world monetary value.
The authenticity of the alleged database and the number of affected users have not been confirmed. Roblox had not issued a public statement about the claims at the time the report was published.