Yep.
Here’s a chart that someone made to give you a better understanding 
6 Likes
It’s a horrible idea to get 2FA with phone number when you have email and auth app 2fa. SIM swapping is a thing.
If you play Bedwars, it’s like removing an obsidian bed defence and replacing it with blastproof ceramic.
2FA SMS should be a pointless feature imo
3 Likes
URLs can be spoofed too, using unicode. Roblox hacks aren’t that advanced yet as of 2022-05-21 but I’m betting that before 2023 it’ll happen.
More info:
2 Likes
Its possible and has been done but not all browsers render the text in unicode.
One of the worst things that exists is bookmarklets.
Bookmarklets are the dumbest thing that exists security wise because its so easy to phis with them. Bookmarklets are one of the most common ways of beamin on Roblox (excluding HAR).
So never trust bookmarks!
2 Likes
While that’s true, and people should be careful, Roblox has some policies that aren’t exactly user-friendly. Users that get their accounts compromised can only have one rollback done, per account, ever.
My account has existed for fourteen years, but if it gets compromised twice, the items on it are just gone, and the person who got into my stuff gets all of it.
The rollback policy could be updated to one per year, and I don’t think it would negatively affect the platform.
4 Likes
Well, only for less important passwords for example roblox accounts to play with. If it’s very valuable, should remember it yourself.
1 Like
FUN FACT: If you don’t buy premium, nobody can TOUCH your limiteds. Unless they buy it for you, which would leak their payment info and that’s how you can lawsue.
4 Likes
Using text message based 2FA is generally a bad security practice. Not only does sim jacking exist, text message aren’t very secure either, and they don’t work if you dont have your phone connected mobile internet.
App 2FA works offline and it can’t be simjacked.
1 Like
Couldn’t they just use gift cards?
This page seems to indicate they do
1 Like
I see. That would be a lot more complicated to track down if he hacker bought the giftcard with cash. 
The main point of that post was just why we have the ability to add a phone number if it’s practically useless? Roblox could support iMessage/RCS if they wanted to, I’m fully aware that SMS isn’t secure, it’s a 90s technology after all.
2 Likes
yeah but i’d expect the people with limiteds worth thousands of dollars to have premium in the first place since many of them are traders or developers.
Yes, Roblox should really make a “Bank” service, basically contact Roblox support maybe with a fee to lock some/all of your limiteds and a certain amount of Robux, which can only be taken out with a very very complicated process. In this case, those who relies on buying Roblox NFTs (Some people plays Roblox just to invest in Roblox NFTs (Limiteds)) wouldn’t be as easy to be stolen.
2 Likes
I’m sure this information can be traced back.
Online, CashStar has your payment methods. I’m sure Walmart keeps track of purchases done by debit and credit cards as well as cheque. Only way around this is to pay with cash. Who buys Roblox gift cards with cash anyways?
1 Like
Depending on your account value, bad actors will and have bought premium for the purpose of selling limiteds for extreme profit.
Also not all payments of premium are easily trackable. If they use their home PayPal/Credit Card sure, but what about gift cards? Stolen credit cards? Account compromisers aren’t always 14 year olds using their parents info to steal limiteds, it’s people who make serious money off of it.
If given the chance, bad actors will pay 5 dollars for a giftcard for 1k+ in return by selling stolen limiteds. Tracing back compromisers isn’t a good solution.
I agree.
I know how many bad people they are as I personally know certain staffs who does corruption.
How would an iMessage hotline for Roblox work? Explain further please.
Also I have not seen another company use iMessage to deliver verification codes…
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.