Account has been compromised

I have submitted a post to info@ROBLOX.com about this, and will include all information from here there.

I was away all day doing job interviews, and I come back to have my password changed, 2-factor authentication enabled (I previously had this off), a series of completed trade requests on my account with a user named Relicate, and a forum post on this forum.

http://devforum.roblox.com/t/send-me-trades-okay-okay-okay-okay/30786
This was not me, thank you @buildthomas for responding to it so quickly.

I have reset the email to my official email, and changed the password to my account; however all of my content is gone.

I honestly have no idea how he managed to get into my account, I have never shared my password anywhere, and I have always been careful with where I use passwords and how, I’m assuming this was done via my roblosecurity or something along those lines, I will look at my chrome extensions soon.

Soon after fixing this problem, a user from Toronto tried to login to my Discord account as well, I am effectively in the process of changing all information regarding my account access.

Discord provided the location and IP address for the user who attempted this:
I have submitted a post to info@ROBLOX.com about this, and will include all information from here there.

I was away all day doing job interviews, and I come back to have my password changed, 2-factor authentication enabled (I previously had this off), a series of completed trade requests on my account with a user named Relicate, and a forum post on this forum.

http://devforum.roblox.com/t/send-me-trades-okay-okay-okay-okay/30786
This was not me, thank you @buildthomas for responding to it so quickly.

I have reset the email to my official email, and changed the password to my account; however all of my content is gone.

I honestly have no idea how he managed to get into my account, I have never shared my password anywhere, and I have always been careful with where I use passwords and how, I’m assuming this was done via my roblosecurity or something along those lines, I will look at my chrome extensions soon.

Soon after fixing this problem, a user from Toronto tried to login to my Discord account as well, I am effectively in the process of changing all information regarding my account access.

Discord provided the location and IP address for the user who attempted this:
IP Address: 162.253.130.149
Location: Toronto, Ontario, Canada

According to my trade history, this is all of the limited items lost in this attack:

According to my transaction history, this is where my money went (and in that exact amount)

Thankfully I’m lucky they didn’t steal any of my groups or any group funds, as I keep a lot of money there; groups are my main concern.

These are the Google Chrome Extensions I have had enabled for ROBLOX in recent time:

And Merely’s group enhancer which has been disabled.

I have changed my account password, will change my email and discord passwords, any other ways I can reduce chances of this coming back to bite me in the ass?

So it looks like a couple of hours ago my post was overwritten by who I assume was the breacher, I have my account back however he may still have access.

You may want to remove the IP from the post; it’s never good to share that stuff in any forum, even a closed one.

Question: Did you use 2-step on your accounts?

No, I never have; However I’m definently going to now.

@dekkonot It may be a bad idea to have the IP up there, but in my opinion it’s going to hopefully cause the person who did this a lot of pain; if you do something along these types of scamming, hacking or whatever you decide to do that’s really bad; I think people should pay the consequences, no matter what that may be.

There’s not really a reason for you to put the IP there. It’s only (maybe) useful for the Roblox employees, but not for us. There’s also no guarantee that the person who attempted to log in into your Discord is the same as the one who took your account. It’s best to remove it for now and show it to one of the employees who’ll help you with your situation. I hope your situation gets resolved though.

In addition to what everyone else said about the IP not being useful to us, Roblox already has the name of the account that your stuff was traded to, they can track the limited item serials and get the IP address of the Relicate account and view any other accounts made from that IP.

Check Leakedsource; it seems likely that your password was disclosed in a breach. Those plugins are legit. IP is probably a proxy

Well funnily enough, the person who took my account went to the Vaktovian Recruitment Center (I am a member of VAC), and started killing people, getting me exiled. I presented evidence to Vaktovian Command and got back in, but apparently the guy was running around saying “l0l0l0l0 i just took this guys limiteds get rekt im out”, or something along those lines.

It really shouldn’t be possible to trade hundreds of dollars worth of items and robux just by having access to the account. Steam, for example, requires you to re-log in and re-verify your email for sufficiently large transactions within a small time frame.

UPDATE: I have the account back and ROBLOX staff has helped me deal with this, thank you everyone who helped.

In the future please don’t delete all of your posts once a problem is resolved. Now anyone who has a similar problem won’t be able to look at this thread for reference.

Uhhh, I didn’t delete my posts!

I think he got back in.

You can undo the deletes/changes by clicking on the pencil icon at the posts

Where is the save changes button?

edit:

I reverted all the changes, I think whoever it is is deleting the posts to remove trail, who knows.
hopefully this doesn’t carry on.

Yeah his account is still compromised and the guy who’s on it is deleting his posts.