Logged into other people's accounts security flaw

When opening the DevForum, you could be logged into a random person’s account. I was logged into 3 accounts, @NiteDrifter , @zCrxtix , and @jakedies

How to reproduce:

  1. Open the DevForum.
  2. If you got the 2011’s look, keep refreshing the page.
  3. To check who’s account you were logged into, press the profile icon, hit the person icon, then press summary.
11 Likes

Yes, it did happen to me a while ago (I was even on your account for a moment), but it seems fixed now.

I understand that this reply is lingering on off-topic, but I had your account to prove it, too! Unwillingly went through around 5-10, lost count.

That was very scary…

I promise I didn’t do anything in fear of lawsuits, lol.


Personally, I consider this one of the most fear-invoking bugs on a website around: someone else controlling your data. Very impressed with how quickly it was solved, though.
2 Likes

I believe this has just been fixed, given that the DevForum was temporarily down for obvious reasons.

2 Likes

Going to update this topic. Had to be quick because of the flaw with the DevForum that I didn’t have time to write a proper bug report.

(did anyone get access to my account?)

My concern is that there is NDA content on the devforum. So with that in mind Roblox should not push the responsibility on developers who have access to that content for any info that may have been leaked as a result of this.

7 Likes

i was in this account @ThatPreston

1 Like

It’s scary to know someone was in my account, and many others. I hope no one took advantage of this and did anything bad.

2 Likes

Definitely weird! I was on @simplyjustbased when I checked, glad the issue’s fixed and I hope nobody was seriously affected by this.

I experienced this, as well. I hope Roblox acknowledges this - pretty alarming to think others are accessing my private DMs.

Yeah, when i checked devforum i was logged out. Weird

They logged everyone out after they opened the DevForum back up after the bug was patched.

1 Like

I wonder if anyone accessed my account

So you were able to do actions on behalf as other users when this bug occured?

No, it was just a read cache failure it seems. If you tried to do anything it would be seen as an action from your account and thus fail.

3 Likes

Can confirm, I logged into @PoptartNoahh 's account and @kalabgs account, whats wierd is that @kalabgs also logged into mine, when i pmed poptart saying that i somehow logged into his acc he didnt reply since.

I wasn’t online at on the DevForum until I was notified on Guilded that the DevForum shutdown due to a read cache bug.

So no, I didn’t access anyone’s accounts.