I’m just reporting that I received proof of a place-stealing exploit. Supposedly it works regardless of whether the game is filtering or not. More info in confidential tag.
9 Likes
So, all the ServerSide code as well, or just Parts/LocalScripts?
Filtering wouldn’t affect it all, as the ServerSide code is not replicated to clients at all. So they got access to the actual asset from the website I suppose.
Someone correct me if I’m wrong.
As far as I know, they steal it through the website, so they’re getting the entire place file.
[quote] So, all the ServerSide code as well, or just Parts/LocalScripts?
Filtering wouldn’t affect it all, as the ServerSide code is not replicated to clients at all. So they got access to the actual asset from the website I suppose.
Someone correct me if I’m wrong. [/quote]
Correct. Ingame properties make no difference because this isn’t being stolen at runtime. Filtering is just as useful as TimeOfDay when it comes to grabbing the asset.
Wow, no gif?
[size=2]Also, the comparison of FilteringEnabled to TimeOfDay made me actually laugh, nice one Rukiryo[/size]
While I’m at it, I feel like the recent website exploits showing up really close to each other, time wise, or so it feels to me.
1 Like
Thank you for your contribution to the CPGA, the Confidential Post Gif Association.™
2 Likes
I take it that means inactive places are subject to stealing as well
I take it that means inactive places are subject to stealing as well[/quote]
Most likely.
I’m trying to get in contact with the guys who are offering this.
They most likely aren’t stupid, so I probably won’t be able to get information out of them.
From what research I’ve done so far, they charge a lot.
Not sure why you didn’t start your post with ROBLOXCRITICAL or emailed the emergency hotline as I’d consider this the worst possible exploit/bug we developers can imagine.
[quote] Not sure why you didn’t start your post with ROBLOXCRITICAL or emailed the emergency hotline as I’d consider this the worst possible exploit/bug we developers can imagine.
Documentation - Roblox Creator Hub [/quote]
Exploits aren’t game breaking issues caused by the most recent release. 
Well if it can steal inactive places and you guys want to make sure your game doesn’t get stolen, just update the game to a blank baseplate and make it inactive. Then once it’s fixed put it back.
[quote]
Exploits aren’t game breaking issues caused by the most recent release. [/quote]
Didn’t mean to thank you.
Just because it isn’t “game-breaking” doesn’t make it any less of a severe issue that should be fixed immediately.
1 Like
If it steals games from the website then it should have access to the archived versions?
How do you know? We have not been provided with any information on how or when. I should have phrased the post differently, however I figured informing about these hotlines (as this is an issue way more important than a bug breaking a few games) was more helpful than posting a silly .gif
Can the developers who had their work showcased as examples of what the exploit can do verify if the scripts/UI design etc. are actually valid?
Examples of ‘copied’ work:[spoiler]Mad Games:
External Media
WIP (Stylis studios):
Reimagined (Zolarketh):
External Media
[/spoiler]
[quote] Can the developers who had their work showcased as examples of what the exploit can do verify if the scripts/UI design etc. are actually valid?
Examples of ‘copied’ work:[spoiler]Mad Games:
External Media
WIP (Stylis studios):
Reimagined (Zolarketh):
External Media
[/spoiler] [/quote]
Yeaaa boiii.
I don’t really have an exact understanding of how was this pulled off, but hopefully not because of, say, password being stolen of a Roblox employee account that has access to that sorta stuff?
Is this privileged access to the place? Can they make changes to the place?
Does anyone know if other types of assets can be stolen as well (models, animations, etc), or is it just places?
Should we all just deactivate our games?
[quote] Can the developers who had their work showcased as examples of what the exploit can do verify if the scripts/UI design etc. are actually valid?
Examples of ‘copied’ work:[spoiler]Mad Games:
External Media
WIP (Stylis studios):
Reimagined (Zolarketh):
External Media
[/spoiler] [/quote]
Yeaaa boiii.
I don’t really have an exact understanding of how was this pulled off, but hopefully not because of, say, password being stolen of a Roblox employee account that has access to that sorta stuff?
Is this privileged access to the place? Can they make changes to the place?[/quote]
Eyy noob I see you got Op Admin, give me OP admin or riot.