Apologies for a bit of a late and lengthy response, but this issue is too important to me to ignore.
I have been collecting limited items since they were originally released. As years passed, the value of these items skyrocketed, and I found that my naive but evidently smart investments garnered me the equivalent of thousands of dollars in limited items. I was one of Roblox’s richest users. But then, I lost it all.
It wasn’t something I could’ve avoided, and I certainly never left the door open to it happening. I’ve always used two-factor verification, varying passwords, or whatever method there was available to secure my accounts. But, as Roblox (or ambiguously, the internet) has aged, the discovery and abuse of loopholes has become increasingly evident. A sophisticated attack alike to the one I faced is not as simple as downloading a sketchy .exe or giving my information to a phisher. My instance required the exploitation of various intricacies and loopholes that practically nullified the methods of security I sought. Nearly a year later, I still don’t fully understand everything the hacker did that allowed him to execute the breach so perfectly, but here’s what I do know: to access my Twitter and Google accounts, the hacker used loopholes to bypass mobile verification, allowing him to discover my personal email which my Roblox account was connected to; to access my Roblox account, he manipulated a Comcast security flaw in which he managed to claim that he was me, giving him access to my personal email and thus my Roblox account. These manipulations - quite literally out of my control - allowed him to steal thousands of dollars from me, not even taking into account the rare and otherwise sentimental items he deleted from my inventory.
I am forever grateful for the actions Customer Service is willing to take in these situations. Justice was served: he was banned, I was given back my robux and limited items (although not the deleted non-limiteds), and my account. But as Roblox continues to advance in value as a platform and income, the masterminds behind such attacks increasingly have reason to continue seeking devious ploys to breach the security of users. As a prime target for attack who has already been restored before, I face the harsh reality that if it happens again, I will lose everything permanently. To this day, I continue to take every precaution possible to prevent such an attack from happening again, but I am always reminded that workarounds are possible will eventually emerge - seemingly, nothing is foolproof. With unease, I wonder: will my efforts even be enough?
There is definite merit to one-time restoration, being that it “inclines users to take precautions, so it isn’t Roblox’s fault if someone gets into their account”, but it’s not that one-sided. I’ve continually taken every precaution I could, and even then it didn’t even pay off. It’s pretty clear that, although there is value to just providing one restoration, providing multiple opportunities to senior or otherwise vulnerable users is definitely warranted.