How do I Defend Against Traceless Account Hacking Method / Cookie Logging?

That’s good that you can’t be hacked if you are logged out by this method. I’ve been using firefox and I’ve just enabled a feature that resets all cookies when you close the tab, making it so I have to log in every time I open up roblox. Is this a valid form to potentially stop all forms of cookie logging, or is it pointless as I could be cookie logged while online? It is quite annoying to have to sign in every time, but, I suspect being hacked while you are there to take action is a much better circumstance to be in then while you are sleeping and such.

1 Like

It depends. I suppose it adds an extra layer of security, but, again, if you have malicious software installed, it will log the cookie and often steal all your Robux/limiteds in a few seconds. This obviously won’t happen when you’ve signed out, but it’ll just steal it whenever you’re logged in.

There’s almost nothing you can do to prevent this from happening aside from not giving anything access to the cookie in the first place.

Also, just signing out will not reset your Roblosecurity on the server. I think you need to click the “Log out of all sessions” button in order for it to be reset. So even if you log out locally, someone who stole your cookie previously will still be able to use it until you actually click the session logout button.

In my opinion, it seems overkill and most likely won’t change anything, but it does add another layer of protection.

4 Likes

So signing out doesn’t reset the cookie? What if I were only signed in on one device, and logged out normally? Would my cookie be reset then? Also, I probably will keep my cookies eraser on my browser, as if I were to lose robux thats one thing, but to lose your entire account is another… Yet I’m wondering does an account pin almost entirely stop this instead of a cookie eraser? If my account was cookie logged then I’d lose my robux even if I was there or not, but can the cookie bypass the roblox account settings pin? According to the person in the post I linked, their account settings pin was disabled when they were hacked. How is this possible with a simple sign in cookie? Does the roblox account pin feature have a cookie that malware can access, too? Sorry for bombarding you with questions. This is quite an interesting topic and you seem to know a lot about it.

1 Like

UPDATE AS I SPEAK. My friend has just been cookie logged again and potentially I have too
He just was kicked out of his account but was able to sign back in by resetting password. Even though earlier I had him reset his cookies. I’ve also just noticed I have a ton of new sign ins as I am typing this, just reset them even tho my firefox browser should have been. He found a ton of new sign ins to. Resetting the cookies on our browsers isn’t working. I havent downloaded anything lately nor do I have any plug ins. There is some kind of virus and it is spreading.

4 Likes

What is our solution. Should we uninstall our browsers and just keep roblox on mobile? We can’t get the cookie loggers out.

1 Like

I don’t know. I think the token can only be reset if you click the session logout button.

No, your account PIN is a separate thing and even if authenticated requests are sent to change your settings, your PIN still has to be unlocked. Your Robux (unless in a group) and limiteds will be stolen, but no settings can be changed. It’s important to always have a PIN to prevent this.

However, if you have a malicious extension or malware, attackers can easily get your PIN from the authentication payload when you unlock your settings. It is not encrypted at all. So, if you unlock your settings while something has access to your computer, your PIN can also be stolen.

No one can bypass the account settings PIN without entering it correctly. The attacker may have guessed the PIN or logged it when they stole the cookie.

I don’t believe your PIN is stored locally, but if it is, it would only be when your settings are unlocked. I think it’s only ever stored on the server. Regardless, as I mentioned before, an attacker can just steal it when you enter it in.

4 Likes

Did you click the session logout button at the bottom of your security settings? If they keep gaining access to your accounts then you almost certainly have a malicious extension or malware installed. I can’t help you with that but I recommend you run a virus scan and double-check all your extensions. Until you do that, it might be a good idea to stay logged out on your computer.

If you can’t find anything, resetting your computer would most likely fix it. I don’t know your situation so I’m not going to say to do anything other than double-check everything.

2 Likes

Thank you for the help. This is truly lifesaving, but we have done a scan and it detects nothing, and we uninstalled all chrome extensions hours ago. Will powering off a computer stop the cookie loggers? Does uninstalling a browser stop them? We have signed out of session many times. I think we both have a virus and it is striking now. How can it spread so fast??? My friend has a mac I have a windows. How can a virus switch operating systems? We have no chrome extension.

1 Like

I don’t know what the problem is, so I can’t tell you what will fix it. But powering off the computer, or even just disconnecting it from the internet, will stop the cookie logger (as long as you turn it off, and not just put it into sleep mode). It could be a program or a browser extension which is stealing the cookie. I can’t help you anymore than suggest what the problem might be.

4 Likes

Thank you for suggestions. My friend is currently resetting his computer. The cookie logger is most likely out. You really saved him! I still am unsure that I had a cookie logging attack too. I have a feeling that my browser resetting the cookies simply just created a new cookie every time I signed in, as the cookie is stored locally so the browser (firefox) couldn’t delete it fully but just didn’t read it again. So, when I went to check my roblox sessions in settings it showed many instances. I have signed out of all other instances and it isn’t coming back. I also had an issue on my phone where I was logged out, suspecting this to be a cookie log too, I changed my password and also signed out all cookies. I do think this signing out could have been a mobile glitch as sometimes you are signed out when you switch IPs, which could have happened.

3 Likes

Keep some details and send them to a staff member on the forum and support. They should get you the money back and ban the exploiter’s account.

4 Likes

You should get someone to see your pc dang.

2 Likes

By the way, logging in may be easy, but purchasing any large items will forcefully require 2FA. I think the money/limiteds should be safe.

3 Likes

I suggest you to reset your pc, i think there is a virus that keeps collecting information and cookies

1 Like

I have reset my PC, but something stopped the reset process and it’s completely bricked at the moment. I definitely had an attack and I don’t know how I got it. I suspect there’s a vulnerability on the app/browser “dizzy” because shortly after I was helping my friend in DMs on the app and I got it. Microsoft defender also repeatedly crashed when I was doing scans, and my PC started taking a lot longer to open things. As soon as I would connect to wifi it would log me out of my accounts. Thankfully my account is safe again and I can use it on mobile. I haven’t lost anything but my friend had all his robux drained. All I can think is that there was some kind of reverse connection created on my PC to scammers or that theres a really bad and resilient virus.

1 Like

Viruses can be evil… noescape.exe persists after reinstalling windows.

My friend found out what caused this virus. It was the extension Ro-searcher that infected us. Even though we both uninstalled it quite a while ago after the news, it gave you a virus that would be later activated. Ours just activated recently. If you ever downloaded the extension “Ro-searcher” IMMEDIATELY check your computer for malware. You most likely got this virus and it can attack later down the line. If your malware detection acts strange in any way, such as completing early, I would suggest you use Roblox on a new user side in your computer or find an expert to either reset your computer/ rid this virus. It is VERY dangerous virus and very good at cookie logging. It only works on wifi too.

1 Like

I don’t use any Roblox Extensions. Also I never got noescape, but it’s a creepypasta virus made by enderman.

1 Like

Hello, it’s me, from the post. The devforums is the only thing I have left for access to my account.
I was contacted by the person who locked my account on Discord.

Various screenshots and whatnot posted in there as an update.

I appreciate you including me in this.

2 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.