First off, please ignore the tag as none fit under my post.
Hi, I recently looked at my preferences on the devloper forum and noticed a device was logged in at south yarra victoria, Australia which is not where I live. I also just recently received an email for a password reset, again I did not do this. I belive someone else is trying to access my account and is logged into from other locations. What do I do?
I’d change your password from roblox (don’t click it from the email)
You can also log out of all sessions through settings as well.
A ton of people are getting these same emails, asking for you to reset your password. Ignore these. If someone is actually gaining access to your account (taking robux, items, etc.) then you need to change your password/security pin immediately
Thanks for the reply, I just recently enabled 2 factor authentication so I should be fine.
The locations on the Devforum are highly inaccurate, almost all my sessions claimed I were in the United States while I live in Norway. They recently changed this so your best hope is to close all sessions and log in again.
I have done this, it shows my current location but then after about an hour or so comes up with another location. You reason is probably most accurate. Thanks.
I have ran into this type of problem with Duo two factor authentication where it would say “new log in from Virginia” when I was more than 6 hours away. For me, this has been when connecting to the services that use Duo on a device that is using mobile data instead of a WiFi connection. I haven’t seen a case of the country being wrong, but I am in the same country as all of the services that provide location data.
Along with 2FA I reccomend adding a PIN number and a phone number is possible. 
If you use a VPN, it’ll say you’re somewhere different (obviously)
There should be a button that allows you to sign out of sessions on certain devices
See this thread for more information. Your account is not compromised, it’s just a DevForum thing.
As for the Password Reset emails you received, that is a seperate issue. A thread has been created privately (New Members can’t see it) and engineers have acknowledged and responded to it. The problem will be fixed soon if it has not already, for now just delete the emails if you receive them.
I also got spammed password reset things…
Edit: to clarify since new members are unable to view the category, a malicious user was able to spam password reset requests using a legacy endpoint. The endpoint should have been disabled now, and there is no actual impact (besides spam), so no need to panic 
.
Unfortunately, I am a new member. My Friend just showed me the topic on his account.
Why would roblox not allow new members to see this? The public should be aware of this
The post isn’t made by Roblox.
I still feel the public should be aware and it should be posted where everyone can see and not just members. It seems pointless to me.
The post is an exploit report intended for Roblox engineers. It is not an informative post designed for the public.
Maybe Roblox should make an announcement so people don’t panic. Just a thought.
This thread is a little bit split into halves because it’s discussing two issues at once.
For “last location” issues, please use this thread: (search before posting to prevent filing duplicate threads in the future)
For the password reset emails, Roblox is aware of this. There is an Exploits Reports category visible to Members about this topic. It’s up to Roblox whether they are going to make a more public announcement about this. Unfortunately this is not a request suitable for the Inception Forum category.
Since your first question is a duplicate, and the other is not suitable for Inception Forum, I will be closing this thread.