Account "Locked"/Hacked By Suspicious User

To be honest I’m not really sure where to put this.
I don’t know how, but I was “locked” out of my account by a suspicious user

They claim to be able to lock accounts. A few hours after being followed by them, my account was stolen and I’ve been genuinely completely locked out of it. My PIN was forcefully removed, and my email and password was changed. This seems like a massive security breach.
My password was extremely secure, as was my PIN. I’ve never downloaded suspicious plugins that could be cookie loggers.
I received no email to change my email back or anything, as well. Just one telling me my PIN had been removed from my account.

I’ve already contacted Roblox Support with some screenshots of me working in Studio and my account settings on the website, which included my username.

I believe this user is targeting older accounts, stealing them, and selling them off. He claims to have over 200 “locked accounts.”

Any ideas how this would happen? It’s happened to one of my other 2010 accounts, as well, and support was unable to give me access back to it for some reason.

Edit: My passwords were secured, I’d just generated all of them, it’s near impossible to have password guessed my account, guessed my PIN, and then guessed my 2FA. I had google auth as my authenticator, which I believe that was also disabled (It had to be to change the email)

Edit 2: Apparently my 2FA was completely deactivated by Roblox Support, this is the only email I received, none to reset anything else. Not sure how this could’ve happened, unless the user in question faked access to my account to force support into believing he was the owner.

Edit 3: If any site engineers happen upon this, please get in contact with me. I believe there may be a huge security breach that this user has found. He has stolen several accounts (Confirmed on his YouTube)

Social engineering. Why else did you get an email? (You’re on the right track but no, not a breach, just a nearly unfixable issue )

I only received one email from Roblox when the account got locked.

Email

image935×574 53.7 KB

Said my 2FA was disabled by Support, idk why. Seems like the user in question spoofed information to get support to do it?

I’ve heart support is dumb and that they don’t even use their own language when social engineering. Apparently support can completely desecure your account

There had been a security breach on chrome of some sort that affected many users, such as myself, the hackers had hacked my gmail account, my steam account, and tried to gain access to my clash royale account (for some reason) it’s possible that your hacker had access for a while, and only used it now, but I don’t know, that’s just a guess, it was six months ago

Yeah idk. I’ve had some… interesting experiences with Support before.
Hopefully I receive someone competent to resolve the issue. I’ve had another 2010 account locked in this same manner and completely lost the account, support began refusing to help

Couldn’t have, I had no other users logged into the account this morning. My password was completely fresh, never used before, I keymash around 16-20 characters to get a password.

To add onto this, this user claims to have over 200 “locked accounts.” He showcases some on his YT channel, and I believe he’s selling them on his Discord server.

image1320×535 133 KB

He’s quite active, as well.

Support responded, apparently the email record was wiped or whatever. They claim to have no record of a verified email on the account, despite me having previously verified two emails…

This guy probably bribed Roblox support to get your account.

• Web Extension
• Not using all security features

I’d consider the account terminated for the time being. I’d suggest bringing this matter up in this topic:

Do you know how the breach happened and what it affected? Did it affect every chrome user?

Umm, this is a problem… I’ve just Googled, why is everyone not taking this seriously?

Time to buy it back or sue Roblox Cooperation

Also, I nearly got locked by one of these, a while ago. On my first Roblox account, I joined a game and some guy started making threats that he was going to lock my account. I left the game and then I reported that user using Roblox support. Thank goodness that was the end of that, I would have been devestated.

I only use one web extension. My 2 factor authentication was enabled.
Support randomly disabled it (See above)

This is the second time it’s happened to me, I’ve lost another 2010 account to this. Support began refusing to help completely.

I may begin threatening to sue if support doesn’t help me with this one. I’ve lost near 300k RAP because of this.

It’s probably the dumbest method ever. This man legit looks like some 12 years old.

Email from roblox already told you that he contacted support in order to access your account (Roblox corruption moment?). I’d recommend going for social media, you might get lucky and roblox will actually notice one of thier employees giving out accounts, I guess?

Hey. I just included your story in my post. Do you have a date for when this happened?

It began August 27th. Timeline of events:
All times are in Central Standard Time
Aug 27, 8:50 AM: Suspicious user follows me, bio threatening to “lock” user accounts that they follow. Mass followed several old users and name snipes in several groups.

Aug 27, 7:47 PM: I receive an email from Roblox (accounts@roblox.com) informing me “2-Step Verification with Authenticator Deactivated by Roblox Support.” At this point, I am forcefully logged out of all sessions, including Studio and my portable device.

Aug 27, 8:30 PM: I arrive at my desktop to see I’m logged out, my password suddenly no longer works. Upon requesting a password change, my email receives nothing. My email has clearly been changed.

Aug 27, 9:25 PM: I successfully create my CS ticket, regarding a now hacked account that I have no access to. I never received an email that my email had been changed nor a password reset. It’s becoming clear that this wasn’t just a simple cookie grab, but was manually done by CS, purposefully giving access to my account away to a malicious user.

Aug 27, 11:26 PM: I receive a response from CS stating that my information cannot be verified. Despite having several screenshots, including one of me logged into the site with part of my verified email visible, and a video of me working inside Studio, CS refuses to acknowledge that there was any verified email on the account to begin with.

Clearly this is either an automated response or a very poorly handled ticket.

Aug 28, 2:31 AM: I respond with several more images, including genuine emails received from Roblox in the past, to demonstrate that my email was very clearly verified at one point. CS has not responded, over 14 hours later, to what is clearly a dire situation. My original ticket was opened 19 hours ago, and was never properly handled in the first place.

From what I can tell, the email record on my account was wiped, or CS just didn’t bother looking into it at all and slapped a big “not our problem” sticker on my ticket.

I should also point out that I very clearly had access to the account before the emails were wiped, and that the account was associated with an email in the first place, otherwise I wouldn’t have this devforum account. I expect to be forcefully logged out of it at some point.

A final response by CS. Despite showing proof that I am indeed the account owner, they completely disregard it. CS is truly horrible on this platform and it’s extremely disappointing to know that it’s impossible to be able to trust this god-forsaken platform with anything.

image1235×759 67 KB

That person isn’t real. Try responding and ask to seek a real person.