As far as we know, this only impacted active places; additionally, for the exploit to work the place had to have been reasonably popular.
4 Likes
Hah, I saw a bunch of people on Twitter saying this email was fake.
With that said, DO NOT share your place file hashes. If you share the hash, your place can be stolen.
3 Likes
The guy who hacked into my game was nice c:
I checked my game and no code appears to have been altered or added, beyond this comment.
Still, it’s a bit scary that they were able to do this.
13 Likes
Are our games compromised? @Nightgaladeld
1 Like
alright ill have to temp uninstall it
thanks for the heads up,
kinda worried lol there’s 2 edits on that day to my game
Why @WebGL3D? Is there a way to disable this in extension preferences without disabling the extension?
1 Like
It is probably to lower the amount of people stealing assets. Animations used to be able to be stolen as model files this way.
I have a lot of cleaning and game reduxing to do then; I am not scanning one of my primary development places however. When I joined the team to actually get hands-on access to the place, I ran a couple scripts in the command bar for debugging purposes and discovered the existence of 1.9K+ scripts with brutally inefficient code. We don’t update it anymore since it’s old and we’re looking for something new. Given the circumstances we’re in, I highly doubt our game was unaffected.
cc @doser225
Damn, this sound scary not even joking. I’ll be sure to check out my places to see whether they have been affected. Thanks for letting us know!
1 Like
What I’m interested to know is why said individual or group of individuals seem to only have modified code for themselves, not to steal and leak games (yet). Leaving behind creepy messages too, surely gives me shivers.
2 Likes
Internal members of the forums should see this thread as it has some nice information on who is affected and so fourth.
1 Like
Thanks, I’ll ensure that Captivator hasn’t been compromised. I always edit my games on a local file on my computer so I can just upload the most recent file to wipe any potential changes the third party could have made.
1 Like
Thanks for the update. I somehow dodged the bullet. no update changes for Flee the Facility on 9/7 or 9/8.
When I got this email I thought it was a scam due to the pure obscurity of this alert (What exactly happened? What kind of edits could’ve been made specifically?) and that it has been delivered from a domain that is not roblox.com.
Anyways, does this mean that the places could’ve been stolen in the process?
If we don’t manage to find any edits in literally piles of source code, are we going to get further detailed information of which versions were uploaded by unfamiliar IPs, or is that completely on us from this point?
I have game features that grant items worth thousands of Robux every few weeks (pretty rare) and that code was written to be solid steel. If there’s a malicious code somewhere in there I wouldn’t know until it’s a bit too late. There are other places in the crafting system where merely changing one number would literally grant you items and not take crafting materials allowing you to “duplicate” items indefinetly.
Understanding the nature of this exploit would allow figuring out the key areas of altered game source. Could they edit anything, or just add new instances / scripts to the game?
Noticed that this thread explains a bit about the exploit:
https://devforum.roblox.com/t/additional-carry-on-from-recent-roblox-security-incident/53288
7 Likes
No dates have shown up but my game was stolen recently but the person uploaded it on 8/31/2017. Best guess it was an third party exploit not the servers.
Got a email over one of my places, but it was alright since nothing was modified on those dates.
1 Like
FYI, any diff tool can be used to spot the differences between two XML-format place files. I can vouch for Diffy.
3 Likes
Phew, so glad I haven’t programmed anything in 2 months… however.
@LeitrisArcade and @ConfidentCoding might want to hear this.
3 Likes