Just a heads up to the less tech savvy people, HAR is short for HTTP Archive file. When you send any request to any endpoint (assuming you’re logged in) on any platform, there’s normally some kind of authorization token in the header that lets you perform actions. For Roblox, it’s the .ROBLOSECURITY cookie. For each request you send, you can get an HAR file that shows what happened during the request and which headers were sent. If your HAR file ends in the wrong hands they see that .ROBLOSECURITY token. With that, they can swap out cookies on their browser or they can use an API wrapper to automate actions like buying a shirt and taking all your Robux. Keep in mind, this applies anywhere. Discord in particular has tokens, equivalent of the .ROBLOSECURITY, and you can wreak havoc the same way. It should be a rule of thumb to just not send anyone any files that you don’t understand (even if you change the ending of the file name).
for writing a post about this @VoidedBIade