I never gave an update because I wasn’t sure how public Roblox would be about this security issue. An exploiter updated Jailbreak with some code that inserted a module giving them a full access command bar in servers. We only caught this because they just happened to make a mistake. They accidentally deleted one character from our code which broke some in game items.
After investigating this with Roblox, and with us both blaming each other for the game being broken, we quickly discovered that it was a third party. Somebody had updated Jailbreak and it wasn’t us.
I have a lot of cleaning and game reduxing to do then; I am not scanning one of my primary development places however. When I joined the team to actually get hands-on access to the place, I ran a couple scripts in the command bar for debugging purposes and discovered the existence of 1.9K+ scripts with brutally inefficient code. We don’t update it anymore since it’s old and we’re looking for something new. Given the circumstances we’re in, I highly doubt our game was unaffected.
What I’m interested to know is why said individual or group of individuals seem to only have modified code for themselves, not to steal and leak games (yet). Leaving behind creepy messages too, surely gives me shivers.
Thanks, I’ll ensure that Captivator hasn’t been compromised. I always edit my games on a local file on my computer so I can just upload the most recent file to wipe any potential changes the third party could have made.
When I got this email I thought it was a scam due to the pure obscurity of this alert (What exactly happened? What kind of edits could’ve been made specifically?) and that it has been delivered from a domain that is not roblox.com.
Anyways, does this mean that the places could’ve been stolen in the process?
If we don’t manage to find any edits in literally piles of source code, are we going to get further detailed information of which versions were uploaded by unfamiliar IPs, or is that completely on us from this point?
I have game features that grant items worth thousands of Robux every few weeks (pretty rare) and that code was written to be solid steel. If there’s a malicious code somewhere in there I wouldn’t know until it’s a bit too late. There are other places in the crafting system where merely changing one number would literally grant you items and not take crafting materials allowing you to “duplicate” items indefinetly.
Understanding the nature of this exploit would allow figuring out the key areas of altered game source. Could they edit anything, or just add new instances / scripts to the game?
No dates have shown up but my game was stolen recently but the person uploaded it on 8/31/2017. Best guess it was an third party exploit not the servers.
