Dont really know if this goes in Bugs or Features, so I’ll post it here.
SIM Swapping is a big issue recently plauging the Roblox developer community…
Until just now, I though Roblox couldn’t really do much about it given how it’s out of their control, however, on Roblox, its possible to reset your password using SMS.
I am more than certain that this is the method that these attackers have been using so why it hasn’t been removed is beyond me, considering how SMS verification is insecure.
If you need something to do to protect your account, remove your phone number from your account.
Roblox should prioritize emails over phone numbers as emails have more protection than phone numbers. To gain access with an email; you need a password and separate 2FA (if enabled) for said email. To gain access with a phone number, you just need to know the number and PI of the person.
If Roblox really needs security to do these features; use the already existing 2FA. It’s not that hard to set up and most people who can set up a Roblox account can also set up an email if they want to go the less secure route of 2FA (always recommend using an auth app, security key, or your device’s biometrics).
A bit off-topic but still relevant: Roblox could continue using captchas for bot prevention, but I think that if you have 2FA; skip the captcha and use a 2FA prompt.
