Non-existent user IDs currently can be banned via the Group Ban API which cause internal server errors that block the web client from viewing bans.
Ban requests using an invalid user ID will initially trigger an HTTP 500 internal server error response, but subsequent attempts return HTTP 400 error code 28, for “The user is already banned from the group.”.
Attempting to load the group ban list triggers an HTTP 500, code 0 InternalServerError and a user facing error “Unable to load the community ban list.”. This error will persist until the invalid user ID is removed from the ban list.
These bans appear in the audit log with blank display names. The hyperlink is correct, so users could theoretically scrape audit logs to reverse engineer the problematic user ID.
It appears this issue is isolated to GDPR erasures/other system purges [59032281] or user IDs that were skipped during the jump to >2^31 in 2020 [2147483647 (2^31-1)]. Users terminated by Roblox moderation are not impacted (8166491).
This bug is limited to direct API usage and invalid users cannot be selected from the web interface; non-integer invalid userIds appear to function as expected. I was able to replicate this error across multiple groups.
Expected behavior
Invalid user Ids such as 59032281 should return an error response (such as HTTP 404) and not generate any audit log or banned user record.
If a banned user is deleted (possibly due to a GDPR erasure), the ban list should continue to function and only omit the deleted user or mark the deleted user as [Content Deleted] instead of throwing an error, “Unable to load the community ban list.”.
EDIT: recent GDPR erasure accounts appear to function normally (2433393534)
POST https://groups.roblox.com/v1/groups/${groupId}/bans/${userId}
GET https://groups.roblox.com/v1/groups/${groupId}/bans
Rectify with DELETE https://groups.roblox.com/v1/groups/${groupId}/bans/${userId}