
This developer wanted to cheat at Roblox. It cost millions
From Smashing Security by Graham Cluley
April 29, 2026 · 1h 5m · Episode 465
About this episode
This episode discusses a developer's decision that led to a $2 million data breach and explores the vulnerabilities in telecom protocols.
A developer at an AI startup wanted to cheat at Roblox. They downloaded a dodgy script on their work laptop. That one decision triggered a cascade of failures that ended with a $2 million data breach affecting hundreds of thousands of organisations. All for some free in-game currency. Meanwhile, there's a 1980s phone protocol called SS7 that lets shadowy surveillance companies track anyone, anywhere, via their mobile phone. Governments know about it. Telecoms know about it. Nobody's fixing it. All this and more in episode 465 of the "Smashing Security" podcast with cybersecurity keynote speaker and industry veteran Graham Cluley, joined this week by special guest James Ball. Plus! Don't miss our featured interview with Rob Edmondson of CoreView, discussing how to lock down Microsoft 365 before it's too late. EPISODE LINKS: Burglar alarm biz gets burgled, ShinyHunters pursues ransom - The Register. Ransomware negotiator pleads guilty after leaking victims' insurance details to 'BlackCat' hackers - Tom’s Hardware. Grok tells researchers pretending to be delusional ‘drive an iron nail through the mirror while reciting Psalm 91 backwards’ - The Guardian. Vercel April 2026 security…
People in this episode
Host: Graham Cluley
Guest: James Ball
Topics covered
- data breach
- Roblox
- AI startup
- cybersecurity
- telecom exploitation
- Microsoft 365
Keywords
- data breach
- Roblox
- AI startup
- cybersecurity
- SS7 protocol
- Microsoft 365
- telecom exploitation
Mentioned in this episode
Organizations: CoreView, Roblox, Vercel, ShinyHunters, BlackCat, The Register, Tom’s Hardware, The Guardian, TechCrunch, Hacker News
More episodes of Smashing Security
- This AI worm just rewrote its own rules · June 10, 2026 · 46 min
- This AI security flaw might be impossible to fix · June 3, 2026 · 58 min
- What your Oura ring won't tell you · May 27, 2026 · 53 min
- High-speed train hacks and homicidal lawnmowers · May 20, 2026 · 56 min
- How ShinyHunters hacked the world's biggest universities · May 13, 2026 · 1h 4m
- Meta sees everything, Copy Fail, and a deepfake gets hired · May 6, 2026 · 1h 3m
Explore listener stats, chart rankings, contacts and more on the Smashing Security podcast page.