Roblox, an online gaming platform for children, is facing a nationwide class action lawsuit. This lawsuit alleges that Roblox has violated the privacy of its users by tracking data without consent. 

Plaintiffs Michael and Salena Garcia filed the lawsuit in California federal court, alleging the platform utilizes a secret tracking technology to collect data on a range of interactions, including mouse movements, keystrokes, chat messages and search terms. The lawsuit states that Roblox then monetizes the collected information to display targeted content for the user, keeping them engaged with the platform or providing the information to third-party advertisers. 

Below, security leaders discuss the implications of this lawsuit as well as other potential security risks associated with the game. 

Security Leaders Weigh In

Eric Schwake, Director of Cybersecurity Strategy at Salt Security:

Ensuring the safety of children on popular online platforms, such as Roblox, is crucial. While in-game interactions are often prioritized, the security of the platform’s underlying systems is just as important. Reports revealing potential vulnerabilities in support ticket systems underline that technical flaws in the infrastructure managing sensitive user data and communications, often through APIs, can present genuine risks. These vulnerabilities might allow unauthorized access to a child’s account or compromise personal information if these vulnerabilities are exploitable. Parents should definitely use all available in-app safety settings; however, they should also recognize that the security posture of the platform provider plays a fundamental role in safeguarding their children. These platforms need to enact robust security measures throughout all their systems, including API infrastructure, in order to deter potential exploits that could affect young users.

Boris Cipot, Senior Security Engineer at Black Duck:

As with any online game or social app, parents need to be vigilant about the interactive features in Roblox, as they can sometimes lead to scams or inappropriate behavior. The chat function is a great way for players to connect, share strategies, and collaborate, but it also carries risks. Children may be exposed to offensive language or be tempted to share personal information. That’s why it’s crucial to set up privacy and parental controls properly and regularly review them. It’s also important to talk to your children about common online scams targeting Roblox users. These can include fake Robux generators or phishing links disguised as in-game rewards. Remind them never to share private or account details with anyone. 

Roblox is a fantastic platform for creativity and self-expression, with many user-generated games and experiences. However, not all content is suitable for children, so keep an eye on what they’re accessing. Finally, be aware of the financial aspect. In-game purchases are made using Robux, which can make it hard for kids to grasp the real-world value of what they’re spending. Help them understand digital money, monitor their spending, and consider enabling password protection for purchases until they can manage it responsibly.

Casey Ellis, Founder at Bugcrowd:

When it comes to keeping kids safe on platforms like Roblox, the most effective defense is open, ongoing dialogue between parents and their children. Technology can help — privacy settings, parental controls, and monitoring tools are all useful — but they’re no substitute for trust and communication. Kids need to feel comfortable coming to their parents when something doesn’t seem right, whether it’s a stranger reaching out, encountering inappropriate content, or even just a gut feeling that something’s off.

Roblox, like any online platform, has its risks. Privacy concerns, like the allegations of tracking children’s data, are a big one. Parents should ensure accounts are set up with minimal personal information and use strong passwords and two-factor authentication. Beyond that, the social interaction piece is critical. While Roblox fosters creativity and connection, it’s also a space where bad actors can operate. Teaching kids to recognize red flags — like someone asking for personal details, trying to move conversations off-platform, or trying to encourage them towards “illegal” activity within the app — is key.

The other thing is to normalize conversations about mistakes. Kids are curious, and sometimes that curiosity can lead them into risky or even harmful situations online. If they feel they can talk to you without fear of punishment, you’re far more likely to catch and address issues early. Think of it as creating a “safe space” for them to share what they’re experiencing.

Ultimately, the goal isn’t to scare kids away from technology but to empower them to use it wisely. Open communication builds the kind of awareness and resilience that no app or setting can replace.

Kern Smith, Vice President of Global Solutions at Zimperium:

Parents often focus on in-game safety, but it’s equally important to consider the security of the mobile device and app itself. Mobile apps — especially those as widely used as Roblox — can be targets for malware, phishing, and exploitation through unpatched vulnerabilities. If the device is compromised, attackers can access sensitive information, hijack sessions, or manipulate app behaviors. We encourage parents to ensure that their child’s device has protection in place to detect threats in real time and prevent attackers from exploiting mobile-first vulnerabilities.