Cookie logging

I’m sure you’ve heard of it. But how are the most common cases done? how would you prevent getting cookie logged? Well to get knowledge on that you’re in the right place!

Backstory

I’ve noticed a rather increase in traders and developers getting cookie logged within a finger snap. I’m here to make people aware on what to do in possible logging cases, how to notice if someone is attempting to log you, how to handle the situation as safely as possible and above all, prevent yourself from getting logged in the first place.

---

Do’s & Don’t s

I’ll be starting off with the most important things of all, some things you do not want to try and just avoid so you won’t get logged. This also isn’t meant as a scare to any files but it occasionally happens.

So first off, beware of who you commission/commissions you. You DO NOT want to end up sending them a file that states copy as HAR when you right click it. These files contains a bunch of info regarding your activity of your web browser. Yes this does include cookies.

Do not touch it, copy anything in the network section, or to make it clear; If you got no clue what the console does (F12) don’t even enter the console or any of the related sections to adjust or take stuff from it.

Secondly, Don’t download sketchy stuff from the internet(this includes from social platforms such as Discord, Facebook, etc).
The risk of having a cookie logger in a file you download is always there, there’s no escaping that. Just be safe and only download from sources you find trustful.

and finally, Don’t ever touch your ROBLOXSECURITY or RBXID code without proper knowledge on them. Yes these codes are included in the HAR file, no it’s again not something to just give to people. simply Don’t EVER share it.

Summary

If you got no clue what any of the things in the screenshot below are used for or how it works, close it immediately. The web console/inspector or any of the tabs included in the screenshot (or alike) are not something to mess with without proper knowledge on them.

---

So we’ve discussed what you should avoid doing when we’re talking about possible cases of getting logged, but what should you do even in cases to prevent being logged/were logged? there are a couple possible options for this, eventually most of them lead back to one single outcome.

Simple,
firstly, whenever someone even mentions or asks you to copy files as a HAR and send it them, report them to the appropriate platform the user sent the message from and action should be taken. People asking you for these files are 10/10 trying to scam or even take over your account.

If the user contacts you on a different platform there isn’t much roblox can do as there’s no proper way on knowing if the user sending you the request on e.g. twitter or discord is the same user as they claim to be on Roblox. Of course you could always try and report it to Roblox, It wouldn’t do any harm to do so and it’s even recommended if you ask me.

secondly, If you’ve recently been logged but haven’t sent anyone a file from the console menu or even downloaded anything from anyone you might want to check your add-ons of your browser. There are a lot of fake Roblox+ plugins, these should be avoided from installing. Beware with what you plug into your browser, as neat as the add-on might look.

I’ll be linking the real Roblox+ and BTRoblox links for both Chrome and Firefox below for the ones that want to be safe and sure about downloading anything.

to top it all off, Clear your cookies once in a while, I know it might seem like a hassle to have to log back into your account again when you do so but it’ll be worth it in the end. alongside of it being safer to do at least once every month or 2, it’ll also help with keeping your browser clean from unwanted cookies.

Summary

clear your cookies once in a while, It’s really worth it in the end to keep your browser clean, check plugins on authentication and just watch out with who you have contact with and what you download. In the end report someone that you suspect to be a logger to the proper platform’s support.

---

Browser recommendations

Personally I’m not a fan of Chrome due to it’s high CPU usage and the amount of memory it eats and certainly not of Opera due to it’s past activity. Firefox is more of my favorite for various of reasons. I’m currently using Firefox Developers Edition as I’m engaged a lot in web/app development. On top of that has Firefox itself a rather handy tool for tracking activity and making sure you’re browsing the internet safely (read more about it here)

Privacy is of importance for me, and Firefox really helps me with that. As shown in the picture two of my accounts have been breached in total, on top of that does Firefox instantly send me an automatic generated email whenever any account associated with the email i linked it with has been publicly breached.

As you can see, these 2 breaches were fairly old (and of really unimportant accounts for me, long live spam email accounts). But in the end the choice is yours and you should use whatever browser you’re comfortable with.

---

Useful Community Tips/Additions

What is a "HAR" file?

How to reset your RBXID, ROBLOXSECURITY and RBXSESSION

What to do when your valuable items/robux have been stolen

Don't run anything you're not familiar with

Check the link before opening it in your browser

---

Trusted Roblox Extensions

---

Updates

November 27th 2022, extensions breaches

As some of you might know, there are people going around and attempting to bribe extension owners into adding code that would hijack account(@alexop1000 on twitter about being approached and declining). Oftentimes the amount that they’d bribe someone with would go up to tens of thousands of dollars.

Q: can you still stay safe despite potential bribery on extensions?
A: My honest and sincere answer? No. Not with extensions installed as it all might pose a risk. However you can ensure that if you have an extension installed that it won’t update if you really, really do wish to have said extension present (and are certain it doesn’t contain malicious code).
You simply go to your extension settings and select the specific extension to disable automatic updates. This is what I’ve done for BTRoblox at least It’s current version is stable so unless something breaks severely I won’t be updating the extension anymore.

Q: Where did roblox statistics go?
A: The extension has been removed from the list. This has to do with the extension not functioning as intended anymore due to Roblox removing the API it made use of a good while ago. There are a number of other reasons that are in relation to the trust of the extension creator which i will not go into detail about as they’re just rumors I’ve heard over the past couple years but am not willing to take a risk and mark the extension as trusted.

Q: what about the remainder of extensions you’ve marked as trusted?
A: While it is very much possible that any of these creators could get either compromised or bribed (so stay wary about that), I’m confident that most of them will take proper precaution and work in their best interest of the users to keep their account safe and not engage into illegal activity as mentioned earlier.

---

Closer

I hope this brought you some knowledge around keeping your accounts safe and what you should and shouldn’t do. By all means do leave recommendations/tips in the comments and I’ll be updating the FAQ/Useful info section when questions/tips have enough support and need for answers or gives additional information that I haven’t clarified in the topic. Stay safe!

As a previous victim of something similar a very long time ago (malicious Chrome extension), I know how frustrating and easy it is for someone to fall for the tricks of these attackers. Although it may seem blatantly obvious, it sometimes isn’t as easy if you’re unaware of the ways these people work.

I’m glad this post exists as it can act as guidance to people who are unaware of the tactics used. And also, I’ve seen a lot of people falling for fake extensions that were made to look like widely used ones (e.g. Roblox+), and as a result, they lost their accounts. Linking them directly in this topic was a good idea.

This post is awesome. Glad to see an explanation of cookie logging, especially given the sudden spike over the weekend of several high-profile developers getting their accounts compromised.

That being said, the best form of protection is common sense. Don’t click on suspicious-looking links, Roblox staff won’t message you on Roblox only to ask you to continue the correspondence on Discord, etc.

Finally, a thread covering this.

Just yesterday, my friend and client Zaytuls got cookie logged. He owns a 59,000 member group and had he sent the .har file from his holder account (he sent the .har file from his main account, not the holder) , his group would’ve been stolen and lost more than 40K in funds.

This topic isn’t covered enough anywhere so I’m glad there’s a topic discussing this.

I have been cookie logged before and I can tell that roblox proceeds to terminate really quickly the hackers who do it, I’m really happy with how roblox proceeds and I even got my account back after.

A great way to prevent damages from cookie logging is to add an account pin to your settings. This prevents anyone with access to your account, for example, changing your email, and prevents someone with access to your account from locking you out with their own pin. I would really recommend this to everyone because it’s a huge step up from two step since it means anyone with your account must know your pin to change your settings.

I agree that the pins are a great system, but I would really like to see them be utilised for things such as changing group owner’s and paying out Robux from groups too. Currently, anyone who gains access to your account can steal a group and all of its funds without any prior verification, which has massive ramifications if your group contains a lot of members or funds.

As a additional note about email, i must insist that having cookie leaks is obviously “beyond” just
roblox-related contents, having your email + username altogether leaked could occur literally in any website you happen to register both of these informations somewhere.

Generic advise to feel safe knowing that, you verify by yourself
how your email host’s account recovery works, and what is required ?

for example, with Outlook, you can actually attempt a recovery request even though you lost both your password and the phone number linked to the account, you need to send several unusual questions too, such as “What is the ID of your Xbox ?” (i believe you also need to be on the secondary mail list, fortunately), but i was still compromised with 448,000 R$ and 1.5M RAP, now a year ago.

can’t tell why, i couldn’t manage to find how, but either way, it’s like a Hard disk, you gonna make a backup of it before it suddently vanish one day.

Just a heads up to the less tech savvy people, HAR is short for HTTP Archive file. When you send any request to any endpoint (assuming you’re logged in) on any platform, there’s normally some kind of authorization token in the header that lets you perform actions. For Roblox, it’s the .ROBLOSECURITY cookie. For each request you send, you can get an HAR file that shows what happened during the request and which headers were sent. If your HAR file ends in the wrong hands they see that .ROBLOSECURITY token. With that, they can swap out cookies on their browser or they can use an API wrapper to automate actions like buying a shirt and taking all your Robux. Keep in mind, this applies anywhere. Discord in particular has tokens, equivalent of the .ROBLOSECURITY, and you can wreak havoc the same way. It should be a rule of thumb to just not send anyone any files that you don’t understand (even if you change the ending of the file name).

for writing a post about this @VoidedBIade

I think with stuff like this is that you just need common sense.

The best anti-virus is common sense. I don’t even run an anti virus. I don’t need to. Windows defender does a perfectly fine job because I don’t go to dodgy websites looking for viruses.

It’s the same case here, don’t get dodgy chrome extensions and don’t click dodgy links. 99.9999% of the time if you were cookie logged its because you didn’t think before you clicked (just came up with that saying maybe itll stick). That’s pretty much all there is to it.

I love this post, I really do, great job @VoidedBIade.

Quick tip for anyone freaking out right now in the future, and you feel someone stole your cookies:

LOG OUT AND LOG BACK IN, THIS WILL RESET YOUR ROBLOSECURITY, RBXID, and RBXSESSION.

It also helps to sign out of all sessions too. Once the ROBLOSECURITY and RBXID is bad, they can’t get back into their account, unless they can reset your password with email verification or phone verification.

If they stole any items worth value, aka 15k robux or more, email roblox to get your account rolled back. If you lost access to your email provide builders club / robux purchase proof that you own the account. Roblox Support WILL help you despite what your friends tell you. Don’t waste your one time rollback on on some hats that are only worth 1k robux because its not worth it.

While you can, be proactive and save 1 or 2 purchase receipts, or emails confirming that you made a purchase on Roblox.

Why do I know so much? I got cookie logged in May of 2015 and lost around 12,000 Robux worth of limiteds, and I did my research and now I’m educated and happy to share this info with everyone else!

TL;DR

0. Save 1 or 2 purchase receipts, or emails confirming that you made a purchase on Roblox. (right now while you can)
1. Sign out of all sessions if you believe someone has your cookies.
2. If you lost limiteds or Robux worth 15,000 robux or more, email roblox and request a rollback. Include your username, and one or two purchase receipts to verify that its you. (If they don’t work, there are other options like:

• First or the creation email address associated with the account.
• Original billing email address associated with the account.
• Earliest/oldest purchase receipt of items purchased from the account.
• Game card 10 digit PIN purchased from the account.

3. Notify your friends on Roblox that your account has been compromised and disregard any actions that took place in ~24 hours.

Hope this helped someone in the future!

Additionally once you’ve logged out of the session you’re currently logged into you can log in again, go into your settings, and log out of all sessions at once which invalidates every existing ROBLOSECURITY token.

There’s also a new scam going around, regarding a “limited sniper,” If someone tells you to put a suspicious link on a specific ROBLOX page, for example Javascript:URL Don’t do it, as it literally pastes code into your console for cookie loggers to obtain your ROBLOXSECURITY cookies and cookie log you.

Yep! Pasting anything with javascript: at the beginning will run javascript code just like if you put it into the console. This is a way that some pages use to run javascript when clicking links (you’ll often see something like javascript: void(0); as well which is basically saying "do nothing when clicked’)

This is referred to as bait, where malicious users will offer something of value to the player in exchange to gain their trust. Once they’ve gained your trust, after x amount of time has passed they’ll breach the account when you’ll least expect it.

If a 3rd party software or extension has been marketed at Roblox, and if the developer in question lacks any creditability than proceed with caution. One slip up is all that’s needed in order to be compromised, I’ve known of Malicious users in the past that would monitor their screens daily because it was their only source of income. Yes people do unfortunately use theft as a way of gaining financial stability

I’m not sure if this is anything related to what I am going through, but I have removed my cookies as of now and a couple of days ago.

Currently, I have been dealing with a persistent individual or bot of some sort that is getting Roblox to disable my 2-step verification without any prior email or any changes other than that. Upon going to Roblox, my account is locked out and the original email or password do not work. By using my phone number to regain access, I can clearly see that someone has gained FULL ACCESS to my account to change my password and the email. This has occurred twice now where they gained full access to my account.

I have never dealt with anything like this before in my 12-years of playing. Could this be someone that cookie logged me? I also use Firefox so not sure if there is something else about the browser.

Two of my friends have unfortunately been cookie logged with one losing over 500k worth of robux and another losing 20k. This thread will help to raise awareness but I feel as if the message should be spread further across other sites.

Chances are that you have been cookie logged as cookies basically ignore 2-step. you might want to check your add-ons and uninstall any suspicious/unreliable add-ons

Only extension I have is AdBlock, had that before any of this started. I’m assuming I clicked a link from a Roblox email thinking it was a real help ticket reply that logged me (just a hunch so far). At least I can thank you for the post, really offered me an idea as to what it is I’m dealing with currently.

Like what I said here, make sure when you get access to your account agian, you go to your settings and sign out of all sessions, which will invalidate all session information.