This developer wanted to cheat at Roblox. It cost millions
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “This developer wanted to cheat at Roblox. It cost millions” inside PodZeus.
This episode of Smashing Security dives into a high-profile breach that began with a developer's attempt to cheat at Roblox, revealing a cascading chain of security failures across multiple companies. The story centers on an employee at Context AI who downloaded a Roblox auto-farming script—malware disguised as a gaming tool—that stole OAuth tokens from their corporate Google Workspace account. These tokens granted access to sensitive data belonging to Vercel and Versal customers, including API keys, database credentials, and cloud secrets. The stolen data was later sold on the dark web for $2 million by a hacker claiming ties to the Shiny Hunters group. The episode uses this incident to illustrate the 'Swiss cheese' security model, where multiple layers of protection fail simultaneously due to a single human error. The discussion then shifts to broader systemic vulnerabilities, particularly in mobile phone networks, where outdated SS7 protocols allow for widespread location tracking and surveillance, even on secure devices. The segment highlights how activists, journalists, and political dissidents are disproportionately targeted, with real-world consequences like the recapture of a fleeing Emirati princess. The episode concludes with a deep dive into Microsoft 365 security, focusing on how attackers are turning legitimate tools like Intune against organizations—such as Stryker, which lost 200,000 devices in a single attack—emphasizing the urgent need for configuration drift detection, backup systems, and least-privilege access models. Rob Edmondson from CoreView explains how their platform enables fine-grained access control and tenant recovery, offering practical solutions to prevent total tenant takeovers.
A single employee's decision to cheat at Roblox led to a $2 million data breach due to malware stealing OAuth tokens from corporate Google accounts.
OAuth tokens act like digital keys—once stolen, attackers can impersonate users without passwords or 2FA, bypassing core security layers.
The 'Swiss cheese' analogy illustrates how multiple security layers can fail in alignment, especially when human error combines with poor default configurations.
Outdated SS7 protocols in mobile networks remain a critical vulnerability, enabling surveillance and location tracking even on secure devices.
Nation-state actors are increasingly targeting Microsoft 365 environments not with malware, but by exploiting overprivileged admin tools like Intune.
…and 3 more takeaways available in PodZeus
The Swiss Cheese Security Model and the Roblox Cheat That Cost Millions
“This is like four layers of Swiss cheese lining up and just something dropping straight through, isn't it?”
From Roblox to Corporate Data: The Cascading Breach
“One of Vercel's employees had at some point signed up for the Context AI office suite using their Vercel Enterprise Google work space account. And when the permission screen came up, they clicked on allow all.”
The Hidden Threat: Mobile Phone Network Surveillance via SS7
“It's not like he spent years training and preparing for how to be an activist and how to do it right. He had a very normal middle class life in Syria until he suddenly didn't.”
Microsoft 365 as a Weapon: The Stryker Device Wipe Attack
“The moment it's compromised, I can use that centralized control to cause mass mayhem.”
Solutions: Least Privilege, Configuration Backup, and CoreView's Role
Rob Edmondson from CoreView explains how organizations can defend against tenant takeovers by implementing fine-grained access control, virtual tenants, and configuration drift detection. He emphasizes that traditional privilege management doesn’t reduce privilege—only true least-privilege models can prevent catastrophic breaches.
“It's not like he spent years training and preparing for how to be an activist and how to do it right. He had a very normal middle class life in Syria until he suddenly didn't.”
“Once a thief has your OAuth token, they don't need to break in because as far as Google's concerned, they are you.”
“This is like four layers of Swiss cheese lining up and just something dropping straight through, isn't it?”
Host
Guests
James Ball
person
Microsoft 365
product
Graham Cluley
person
Rob Edmondson
person
Roblox
organization
CoreView
organization
Context AI
organization
SS7
other
Versal
organization
Intune
product
This man hid $400 million in a fishing rod. Then it vanished
Smashing Security • 45m • 4/1/2026
LinkedIn is spying on you, and you agreed to nothing
Smashing Security • 41m • 4/8/2026
This AI company leaked its own code. It's also built something terrifying
Smashing Security • 50m • 4/15/2026
Rockstar got hacked. The data was junk. The secrets it revealed were not
Smashing Security • 51m • 4/22/2026
Meta sees everything, Copy Fail, and a deepfake gets hired
Smashing Security • 1h 2m • 5/6/2026
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “This developer wanted to cheat at Roblox. It cost millions” inside PodZeus.
Start discovering podcast insights today
Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.
No credit card required • 7-day trial • Cancel anytime