are you sure you understand what this is about? rollback is when you get hacked and the hacker steals all your robux and limiteds, roblox support may restore everything to your account.
theres no law that says they have to do that or not… its their choice (and your fault).
Respectfully, I think you lack knowledge on the subject. Please see my guide on rollbacks, specifically the section under the title “Guide”.
Also, be aware that the list I made there is not encompassing all jurisdictions with consumer law. This is because researching foreign consumer policy takes a very long time.
RoGambler found
ahh yes. your source: Wallah it’s true
Define “own official methods”. Do they offer a JavaScript library for interacting with the Roblox API? Noblox is a lot more convienent then writing requests manually and handling cookies and such, and applications I’ve made rely on functionality like modifying group users, or creating assets under a group, etc.
I stumbled upon this advertisement
that advertises a copy clothing website, by checking it on a protected browser it asks to bookmark the link in question that has a obfuscated javascript code that asks u to drag it in the avatar webpage and what it does it copies the cookie and steals peoples robux/limiteds.
Does this stops methods like that? I’ve seen one of my friends got fooled by this and lost his limiteds as a result (this announcement was made after he got his lims stolen)
Edit: both groups and account got terminated
Realized my theory was wrong ignore this
it stops this issue by rendering the ROBLOSECURITY cookie useless i think
Ackchyually it really depends on how this malicious extension works I’ve took a look at a malicious extension recently and It would not send your cookie just make requests on your behalf while you have it installed. Most extensions probably do this anyways considering cookies are region based now. If it asks you to bookmark a link then they don’t have access to most of your cookies (including the ROBLOSECURITY cookie) meaning this will most likely not patch this kind of attacks.
those types of attacks can not be prevented the only way is to require password or 2fa to do those actions which would just make a bad user experience
I totally agree but Roblox should probably add some kind of user security option like a pin for each purchase or 2fa. Afaik a 2fa for purchases is currently implemented but doesn’t seem to trigger for less than 100K Robux being spend.
Great addition for security but Roblox players are being scammed again
For example, you received a game invitation from someone and they want you to join.
When you click “Join” you will join another game and they will get your roblox account data
On 12/21/2023 I received a notification and I don’t know who sent this to me but it says “koob85 gifted you Violet Valkyrie in the Catalog Avatar Creator” and I click on the join button, it was joining another game, not the catalog. I knew my account data was compromised but I already changed my PIN and Password and contacted Roblox Support. It is also not possible for someone to gift a valuable item to a player. Also, when I pressed the Join button, it was looking for a available server, so I don’t fully joined. But I still changed my PIN and password
I can show you the game I was joining if you want.
Let’s just say Roblox game invites can be malicious.
Thank You for the warning. Many will not be the wiser.
No problem, if you receive notification like this, please don’t join and block it.
I highly doubt it gets your information, rather, it probably does what that infamous crossroads game did
It wasn’t crossroads game but I couldn’t find the person who made the malicious game
But there were a lot of numbers and a few words in the name of the game and I saw a skull in the background.
Owner of the game is: donrules (I mean I couldn’t find their profile or group. This is strange.)
Well here’s the profile (quite easy to find honestly), and what makes you think it’s a “malicious” game that steals someone’s data?
This account hasn’t been active for years but it’s weird…
Or if this account is active sometimes I’m wrong because it wasn’t updated the last time it was online
This could be them, they probably hid the game
On discord, I was talking with Catalog Avatar Creator members they said “block it” and “do not join”
Let’s just say they made this game to steal accounts and after you get the notification you don’t know who sent it and they want you to join the game and it is not even possible for a rich player to gift a valuable item to ANOTHER player.
Apologies for not replying sooner. The APIs which are being restricted on January 15th do not affect RoPro for the most part, however one which does affect us is the “POST v1/trades/{tradeId}/decline” API. The RoPro extension uses the trade decline API for a number of features which help make trading easier for our users:
- Decline or cancel trade from within trade notifications
- Automatically cancel missent outbound trades
- Decline low value inbound trades
I think disabling the other trade related APIs is a great decision, as these have historically only been used for malicious purposes. However, the decline trade API is limited in scope regarding the damage it can do within a malicious extension, and it provides significant value for our users everyday to make trading on Roblox more fun.
I ask for the trade decline API to remain accessible to extensions. The upcoming RoPro update, v2.0, adds OAuth integration via Open Cloud which will allow authentication for this API and others via OAuth2 tokens, so this will not be a concern once we finally get the update out (assuming this API is added to the list of supported Open Cloud APIs).
The act of joining a game cannot give someone your password or any other information to break into an account. Pls don’t scare people like this.
Either you aren’t telling us something or you got compromised through other means.