Refactor had his account taken and he’s not a member of the developer forums (anymore), so I doubt it’s related to the forums. Both Refactor and Belial52 got their emails hijacked, so I’m not even sure it’s a ROBLOX vulnerability.
I do not have Roblox+ installed nor have I ever had it installed. Don’t think that is the culprit. My browsers only run adblock
Did those 2 users mentioned get attacked by AbstractMadness and was the email changed to the one I mentioned above?
2 Likes
I only had Merely’s Group Enhancer installed.
1 Like
This is the guy all of Belial52’s items were sent to: http://www.roblox.com/users/85469702/profile
Apparently this is his main: http://www.roblox.com/users/96610028/profile#!/about – he claims that account is his alt in his description.
http://www.roblox.com/groups/group.aspx?gid=2678836
He has 2-3 deleted account in “storage”, so definitely a shady person.
What happened to me is that I was out and was unable to get into my email to fix this quick enough, said email is still under their control, but my phone is still linked to it, so I am able to send and receive emails from it. The person who attacked me went after my Facebook and got my ROBLOX account for a day, long enough to take everything on it. Refactor reminded me I still had access to the account and the email hadn’t changed, so I reset the password and have my account back tied to a different email.
The only thing I can think of that I had installed on Chrome was Roblox+ because they HAD the password to the email, and they had the password to my roblox account.
Gl0in2 just had his account taken as well and he doesn’t even have a single extension installed. The email on his account was changed to chrisrattan10k@gmail.com. This is getting out of hand now with all the accounts that are being taken. 2-factor authentication please!
1 Like
Did any of those hacked persons receive an email from roblox they clicked the links in?
If so, mind uploading them?
(Maybe replace some stuff with dummy text in case there’s private information)
Gl0in2 said the only email he got from ROBLOX was “your email has been changed on your ROBLOX account”
And his email did actually change?
Just asking because there is an exploit that allows you send emails as other people.
Clicked any (semi-)suspicious links?
RBXDev/ROBLOX Messages? In email? Twitter? idk?
EDIT: Or received some on RBXDev
Refactor just showed me one of the emails – the emails are legit (I compared the links to what was in in the emails I’ve gotten from ROBLOX in the past).
Im going to investigate on v3rmillion and see if I can find any word on this.
The phone number that was just hooked up to Travis’s email is +44 754 792 0513, so that might be the scammer’s phone number.
This is what I originally said about having a system like this isn’t secure. If someone gains access to your ROBLOX account for whatever reason, they have a free pass to devforum.roblox.com
This is why I sort of dislike this login system, I personally like having separate accounts. Though I have never in my life had an account stolen, I am always careful.
1 Like
Are all these people being attacked by AbstractMadness?
I swear, if v3rm skids are behind this…
1 Like
Hi, are you saying the attacker took control of your email account? Did they use that to perform a password reset?
Belial’s developer forum account was compromised too so it was temporarily banned for a couple of days, so he won’t be able to respond. I talked to him over Skype though and yes that’s what happened. I can give you his Skype account if you want to contact him directly.
My email uses 2-step authentication, so doesn’t appear to have been broken into