Is it possible to limit sessions to your own country?

Context (Can Be Skipped)

A day ago, I unknowingly installed malware that I assume has provided cookies belonging to multiple sites that I actively use to the software publisher. I’m not sure of what exactly the malware ran (what they did / what happened) though.

Today I had a heart attack (sarcasm) as I noticed the bad actor gained access to my Steam account and Roblox account and attempted but failed to logon to my LinkedIn account probably to troll and defame me.

LinkedIn detected the suspicious activity and prohibited the attacker from accessing my LinkedIn account but somehow, the attacker logged on to my Steam account and Roblox account. But there is something awfully weird about this, which is that they bypassed 2FA - I have auth-app based 2FA enabled on both accounts. I’m not familiar with computers, software and cybersecurity but, when you have cookies (assuming that’s what the bad actor acquired from me), are you able to bypass these checks like this? I cannot think of how they accomplished what they have as a person lacking knowledge in this field. I even have account session protection enabled but that seemed to have failed to protect me.

They were unable to steal - as in fully takeover my Steam and Roblox accounts, however, they did log on to them. The only damage they did was purchase something on Steam using Steam Points. This could have gone worster. I’m pretty lucky in this regard. I mean, just imagine, they could have caused my Roblox account to be terminated, they could have deleted my Steam games, they could have traded my Steam possessions to themself etc. I survived what could have been a nightmare for me.

I was notified about these sessions through emails and afterwards immediately cleared my browser cache, uninstalled the malware, and reset passwords. If I am notified of further activity coming from the bad actor, I think I’ll even factory reset my computer, if I have to, which is the device I installed the malware on.

My Question

However, I made a huge discovery. The bad actor who gained unauthorized access to my accounts appears to be from Russia, according to a logged Roblox session and I have their Steam username as well. Getting back to topic, I am not from Russia, is there a Roblox feature that can limit sessions to specific countries? If not, I believe it would be in my best interest to request this sort of feature so I would write up a feature request if this feature does not exist.

It would really be useful and improve my UX, because just a week ago I was notified that somebody from the U.S. logged onto an account of mine that was terminated :skull: (dumb bad actor, what was the point of that) and that was just annoying to be notified of as it wasn’t a source of concern for me. Country-based session limit would really be a great new layer to security if it doesn’t already exist.

1 Like

The short answer I will need to say is no.

First of all, I am not sure how you ended up in this situation but it is important to always analyze if you are accessing a website or software that is safe or malicious.

Second, it is important to also use features from Roblox that help you to secure extremely your password such as through digital scan and PIN. That way, if someone does an action that can cause you a heart attack, you can at least feel relief. :sweat_smile:

But, again, there is no feature for this. The only “similarity” would be in the context of limiting accessing your experience (i.e. game) based on LocationService. I believe that the best that you can do is to create a feature request and explain your situation and how it can help you in the future.

1 Like

the account session protection is not even into effect yet.

1 Like

Oh, really? I didn’t know. I thought otherwise because my settings say it is enabled, guess it just doesn’t work yet.

yeah it was supposed to go in effect 10 days ago but nothing ever happened

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.