Hey all. This account I’m writing from currently is a victim of this. Recently I was cookie logged through a fake ROBLOX link. This of course prompted me to get rid of all my robux, secure my pin, make sure everything was in place including my mobile & email authenticator. Unfortunately, this was not enough. Whoever had cookie logged me had made a fake support request on my behalf to completely terminate all 2factor methods I had put in place. One fraudulent email means any method of account security you have is useless. This meant that if you were indeed cookie logged, there is ZERO way to secure your account. No amount of account security can protect you if someone has your .roblosecurity cookie. This is an extreme problem for a platform so large. One misclicked link and my account is no longer accessible by any means. I’ve already submitted a support request, but I was instantly turned down because I “cannot prove I own it.” Please make sure you all stay safe
The fact that 2FA can be overridden at all shows how laughably bad the security on this platform is. Hopefully you can get your account back!
Really embarrassing moment for them. What confuses me is if 2FA needs to have an override option available, shouldn’t the email tied to the account be the only one able to disable it? There’s so many red flags here