Security improvement Robux transactions

Hi,

Today I got hacked and stolen 126k robux. I have absolutely no idea about the source of the breach bu the person had fully access to my account. The did made a pass on another account and bought it with mine. I hope that I can get refunder my 126k robux as I need it to live.

Roblox has now a robux, a currency that has a value in dollars and it is ridiculously protected in my opinion.
So that why I am writing this thread. I have a few ideas to improve the account security to prevent robux stealing for example.

1: The ability to make a login different that the account name, I don’t want to connect to “Sofloann” I want to have a login like a password, a secret login that no one can guess…

2: A phone number message whith a unique generated code per actions (my bank does that for any type of transaction). So if this guy has access to my account, and if he tries to buy something I will receieve a message with the code via my phone’s messages. Then he would be stopped because he would have to enter the code. And I would know instaltly that I have a security breach on my account.
That would have be to enabled in the security settings if you wish to use it, and that would work for any rate, from 1 robux to infinity to ensure the control. Disabling would require a last phone message code.

3: A simple machine bounded account, allowing my account to be connected only my devices mac adresses (I think it is mac adress). Just like node locked softwares licenses. You could add, remove and see the machines that are conected of wants to get connected.

I think that we really need an improvement on the security, if the Roblox company wants us to live from the robux revenues they must give us the security we deserve, because now I’m anxious and I feel unsafe. I don’t even know if the support can refund that transaction.
It looked so easy for that person that hacked me, I had no warning of a new machine being connected, and I’m lucky I only had 126k robux and not a million…

Thanks a lot for reading,

I hope this gets some consideration,

Florian.

33 Likes

This doesn’t help much in terms of security, it doesn’t provide additional factors of authentication. You should just make sure you have a strong password that is unique to Roblox, don’t reuse passwords between sites.

Phone 2SV through SMS/call isn’t safe. This is vulnerable to SIM swapping attacks which are occurring more frequently over the past few years.

Roblox is working on two-factor authenticator (through TOTP apps like Google Authenticator), which is safer than SMS as 2SV, and apparently should be releasing in August 2021 (next month): https://devforum.roblox.com/t/2sv-authenticator-beta/1294082

8 Likes

Oh thats amazing news, thanks :slight_smile:

5 Likes