Logged into other people's accounts security flaw

BillB1ox · May 24, 2022, 9:55pm

When opening the DevForum, you could be logged into a random person’s account. I was logged into 3 accounts, @NiteDrifter , @zCrxtix , and @jakedies

How to reproduce:

Open the DevForum.
If you got the 2011’s look, keep refreshing the page.
To check who’s account you were logged into, press the profile icon, hit the person icon, then press summary.

IJustDavi · May 25, 2022, 12:34am

Yes, it did happen to me a while ago (I was even on your account for a moment), but it seems fixed now.

Dementomancer · May 25, 2022, 12:56am

I understand that this reply is lingering on off-topic, but I had your account to prove it, too! Unwillingly went through around 5-10, lost count.

BillB1ox · May 25, 2022, 12:57am

That was very scary…

Dementomancer · May 25, 2022, 12:58am

I promise I didn’t do anything in fear of lawsuits, lol.

Personally, I consider this one of the most fear-invoking bugs on a website around: someone else controlling your data. Very impressed with how quickly it was solved, though.

ValiantWind · May 25, 2022, 1:01am

I believe this has just been fixed, given that the DevForum was temporarily down for obvious reasons.

BillB1ox · May 25, 2022, 1:02am

Going to update this topic. Had to be quick because of the flaw with the DevForum that I didn’t have time to write a proper bug report.

Turtlepla · May 25, 2022, 1:06am

(did anyone get access to my account?)

sjr04 · May 25, 2022, 1:06am

My concern is that there is NDA content on the devforum. So with that in mind Roblox should not push the responsibility on developers who have access to that content for any info that may have been leaked as a result of this.

adudu21 · May 25, 2022, 1:07am

i was in this account @ThatPreston

zCrxtix · May 25, 2022, 1:32am

It’s scary to know someone was in my account, and many others. I hope no one took advantage of this and did anything bad.

NiteDrifter · May 25, 2022, 1:42am

Definitely weird! I was on @simplyjustbased when I checked, glad the issue’s fixed and I hope nobody was seriously affected by this.

Fm_Trick · May 25, 2022, 1:45am

I experienced this, as well. I hope Roblox acknowledges this - pretty alarming to think others are accessing my private DMs.

simplyjustbased · May 25, 2022, 1:51am

Yeah, when i checked devforum i was logged out. Weird

ValiantWind · May 25, 2022, 5:29am

They logged everyone out after they opened the DevForum back up after the bug was patched.

ItzEthanPlayz_YT · May 25, 2022, 12:33pm

I wonder if anyone accessed my account

ItzEthanPlayz_YT · May 25, 2022, 12:34pm

So you were able to do actions on behalf as other users when this bug occured?

buildthomas · May 25, 2022, 12:53pm

No, it was just a read cache failure it seems. If you tried to do anything it would be seen as an action from your account and thus fail.

commitblue · May 25, 2022, 1:12pm

Can confirm, I logged into @PoptartNoahh 's account and @kalabgs account, whats wierd is that @kalabgs also logged into mine, when i pmed poptart saying that i somehow logged into his acc he didnt reply since.

ValiantWind · May 25, 2022, 3:10pm

I wasn’t online at on the DevForum until I was notified on Guilded that the DevForum shutdown due to a read cache bug.

So no, I didn’t access anyone’s accounts.