When opening the DevForum, you could be logged into a random person’s account. I was logged into 3 accounts, @NiteDrifter , @zCrxtix , and @jakedies
How to reproduce:
Open the DevForum.
If you got the 2011’s look, keep refreshing the page.
To check who’s account you were logged into, press the profile icon, hit the person icon, then press summary.
11 Likes
IJustDavi
(IJustDavi)
May 25, 2022, 12:34am
#2
Yes, it did happen to me a while ago (I was even on your account for a moment), but it seems fixed now.
I understand that this reply is lingering on off-topic, but I had your account to prove it, too! Unwillingly went through around 5-10, lost count.
I promise I didn’t do anything in fear of lawsuits, lol.
Personally, I consider this one of the most fear-invoking bugs on a website around: someone else controlling your data. Very impressed with how quickly it was solved, though.
2 Likes
I believe this has just been fixed, given that the DevForum was temporarily down for obvious reasons.
2 Likes
Going to update this topic. Had to be quick because of the flaw with the DevForum that I didn’t have time to write a proper bug report.
BillB1ox:
There is a major security flaw. I was logged into someones account. I refreshed the devforum, and I was in a different persons account. I hope DevRel is aware @DevEngagementTeam
Thanks! Sorry I made this quick.
(did anyone get access to my account?)
sjr04
(uep)
May 25, 2022, 1:06am
#10
My concern is that there is NDA content on the devforum. So with that in mind Roblox should not push the responsibility on developers who have access to that content for any info that may have been leaked as a result of this.
7 Likes
adudu21
(Null)
May 25, 2022, 1:07am
#11
i was in this account @ThatPreston
1 Like
zCrxtix
(zavier)
May 25, 2022, 1:32am
#13
It’s scary to know someone was in my account, and many others. I hope no one took advantage of this and did anything bad.
2 Likes
Definitely weird! I was on @simplyjustbased when I checked, glad the issue’s fixed and I hope nobody was seriously affected by this.
Fm_Trick
(Trick)
May 25, 2022, 1:45am
#15
I experienced this, as well. I hope Roblox acknowledges this - pretty alarming to think others are accessing my private DMs.
Yeah, when i checked devforum i was logged out. Weird
They logged everyone out after they opened the DevForum back up after the bug was patched.
1 Like
I wonder if anyone accessed my account
So you were able to do actions on behalf as other users when this bug occured?
No, it was just a read cache failure it seems. If you tried to do anything it would be seen as an action from your account and thus fail.
3 Likes
Can confirm, I logged into @PoptartNoahh 's account and @kalabgs account, whats wierd is that @kalabgs also logged into mine, when i pmed poptart saying that i somehow logged into his acc he didnt reply since.
I wasn’t online at on the DevForum until I was notified on Guilded that the DevForum shutdown due to a read cache bug.
So no, I didn’t access anyone’s accounts.