Today, we will learn about the .ROBLOSECURITY cookie, what is it, how can you reset it and more!
Before, we start what exactly is a cookie?
A cookie is a small piece of data or file. Your browser stores these cookies. These cookies are used to improve user experience or remember user information. For example: some cookies keep the user logged in and save all kinds of stuff like preferences, what have you saved on a shopping cart and remember user data such as passwords. This is a good thing. These cookies are known as HTTP cookies. However, not all cookies are good. Third party cookies track you across the web.
What is the .ROBLOSECURITY cookie?
The .ROBLOSECURITY cookie is a browser cookie used by Roblox. This cookie stores the user session. This cookie is also used to see the user who is logged in. You should keep this safe.
Cookie security
It is not all fun and games. This .ROBLOSECURITY cookie can be hacked. When a hacker gets your cookie, they can sign in to your account with no verification. Even, no 2-step-verification (2SV). There are several ways how can this cookie get hacked.
Cookie loggers
These loggers can be extensions or software. They have malicious code to get your cookie and hack you. The loggers then silently send your cookie to the attacker or a server by the attacker, sometimes these sneaky loggers are able to not be dedected by anti-virus software. These are coded on JavaScript and other popular languages.
Social engineering
Social engineering is when someone tries to trick you into revealing your cookie. This involves exploiting human psychology. There are many forms of social engineering like phishing, vishing, baiting, impersonating. When someone is trying to build up your trust to reveal the cookie, it is a form of social engineering. Do not trust anyone. Be suspicious of everyone. This happens all the time, with small to big people, this is everywhere.
JavaScript
This programming language is notorious for malware and viruses. It is also great for interactive websites. But, this powered language is also used to steal cookies. With malicious JavaScript code, extensions, software, bookmarks and more can be used to steal your .ROBLOSECURITY cookie.
.har File
Has someone told you to send them a .har file? That is dangerous and can steal your cookie. You should not send them anything about this cookie or the file.
How can I see my cookie?
Before starting, please keep in mind, these extensions may steal your cookies, and I recommend doing it the Developer Tools way, this is for simple.
-
Install a cookie extension (I use EditMyCookie).
-
Go to Roblox.
-
Open your cookie extension
-
View the .ROBLOSECURITY cookie
-
See it, it starts with |WARNING:-DO-NOT-SHARE-THIS.–Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.| and also has random digits.
Never share this!
Developer tools way
This way requires no extension and is recommended.
Thanks to this post for telling me this is possible:
Bing/Edge:
- Go to Developer Tools, simply click the three dots or Alt+F, then click More tools then Developer tools, should look like this: (The code can be different, should look similar)
- Click the right-side arrows, they look like this:
-
You should see options like Security, CSS Overview and more.
-
Click Application
-
You should see some site stuff, click Cookies (the arrow)
-
You will see down a cookie called
https://www.roblox.com
-
Click
https://www.roblox.com
, your screen should look like this:
-
Click the .ROBLOSECURITY cookie (You can look at the names list and find it)
-
Congratulations for finding your cookie! Your screen should look like this: (Do not screen-record this or send this)
Almost uploaded the uncensored version of the cookie!
Google:
Google has the same steps and UI as Bing.
Other browsers probably have the same steps.
We have learned about what are cookies, what is .ROBLOSECURITY and some ways that they can be stealed. Here is how to secure your cookie:
I think my cookie is stolen, what do I do?
You must click the Sign out of other sessions button at your settings to reset your cookie and make your old one not working.
I think I have a hidden cookie logger, what do I do?
If you are suspicious about a cookie logger, you can research the suspected extension or file.
It is best to run a security scan using a trusted anti-virus or VirusTotal.
I am downloading something, it may be a cookie logger. What do I do?
Not everything you download is a cookie logger or virus.
Before installing, you must research what you are downloading for authenticity, security and see the reviews.
Make sure that you are downloading the program from the actual or trusted site. Some sites can disguise the app with a unwanted virus or cookie logger.
Make sure that the app you will install is the newest version, older versions may be buggier.
Installed? See if your device is weird after installing. Is it slow and taking up most resources? Possible crypto miner. Is your device getting bombarded with advertisements? Spyware. Is your device acting strange? Virus. When those happen, remove what you have downloaded.
This should apply when you are downloading extensions and software.
My account was hacked because of a cookie logger. What do I do?
You can try signing in with your verification or backup codes.
Did that happen when you installed a extension or file? Most likely, it is the cause. Remove it. You should also run a security scan to check the bad things that steal your data.
If that did not work, contact Roblox Support to give you back your account and they can give you stolen robux and items too. They can only do 1 rollback. You should prove to them you are the owner. You can try sending images and more proof.
If you got or did not get your account back, at least you learned the danger of cookies and how to avoid it next time.
Thank you for reading! Now you know cookies, how do they get hacked and how to prevent hacking!
Updatelog
Update 1: Release
Update 2: Seeing your cookie added
Update 3: I found out this was useless. It provides no value for developers, but I will keep it for some people.
Update 4: Updated the seeing cookie method to be secure, since extensions can steal stuff, it is recommended to use the Developer Tools way.