I’ve been getting these phishing emails despite never being involved in any Roblox-related data breaches (as far as I’m aware). Not sure where they could have pulled the necessary information from.
1 Like
Such breaches IIRC are on HIBP, feel free to check if your email is on there
I have no idea how else they’d get the email addreses of top roblox developers.
9 Likes
glad i saw this post before checking my email today, i got one from an @accounts-roblox.com 
thank you for posting these advisories cause they really do help a lot
update 2025-04-20T07:00:00Z: just got one from a @mailbox.org?? and it didnt get flagged as spam but i can tell it’s fake so this is weird
4 Likes
classic scam attempt, fake emails, im surspriseied it still works on people
2 Likes
If they make it look convincing enough then most people who aren’t as technically inclined or scam-aware won’t even doubt it is real unless they notice the email address or some other oddity with the email.
3 Likes
Hey Creators,
Thanks to Roblox for the heads-up! Phishing scams are getting smarter every day — this one is especially dangerous because it mimics the official password reset flow and shows your real username and avatar 
If you got a sketchy email pretending to be a Roblox Security Alert, don’t click anything and double-check the sender. Only trust emails from no-reply@roblox.com.
Reminder to everyone:
- Never enter your password outside of the official Roblox site.
- Enable 2-step verification.
- Use strong, unique passwords.
We’re all part of this creative community — let’s protect each other by staying informed and reporting suspicious stuff 
Stay safe out there, and keep building awesome things! 
5 Likes
I received this email but I was surprised it was sent to an email address (an email address exclusive for one account) which isn’t contained in the RDC invite breaches. Even checked it with haveibeenpwned. Kinda unsettling with the prospect that there may have been a potential breach recently.
Here’s a snapshot of what it looks like to be on alert for:
From the whois domain info, it was registered recently. Allegedly they thought about 2fa and the fake site may attempt to detect if an account has it enabled in order to deceive victims for input of a recovery/authenticator code to “reset” their password.
8 Likes
uBlock Origin blocks that kind of stuff through default regex, thankfully.
1 Like
I also got false “Security Alert”, but my mail provider flagged it as spam, it was from noreply@accounts-roblox.com. The domain is already down.
1 Like
This was looked into, most of the users aren’t even on the RDC breach list
1 Like
There was never a public website, it only got used for the emails
The domain is still active
2 Likes
I don’t think it makes sense for them to be targeting random Robloxians.
I also saw this on a seperate related article.
It would make the most sense for them to be targeting developers.
2 Likes
I’ve created an email just for Roblox, and have never used it in any other website, and I got one of the scam emails.
There must have been a databreach on Roblox’s end that hasn’t been disclosed.
5 Likes
My friend who has never attended RDC received the phishing email. It’s not only targeting the RDC data breach emails, there must be something else too.
My friend had the same issue around 2-3 months ago; not only you. Frustrating that Roblox isn’t open about stuff like that.
to check if you got a fake roblox email, you need to check the domain of the email, if it’s
no-reply@roblox.com then it is a official email by roblox. But if it’s like no-reply-en@roblox.com then it’s a fake email, which roblox did not sended. I recommend also everyone, to install an anti virus, in case that you accidentally downloaded a virus through the fake email link. Change your password, email address and enable 2 step authentication so the hackers can’t go into your account and change stuff.
also, Roblox should not removed the PIN feature, as it was very useful, you remove it then you still alert us with this stuff. It’s better if you guys added the PIN feature back.
1 Like
Can confirm, I just received this email today, though I have no idea what that account is. It certainly made me panic for a second before realizing it was sent from a non-Roblox email.
Edit to add: I’ve never been to RDC, I’m not sure where they got my email, but it’s not the RDC breach.
2 Likes
