I actually just fell victim to the .ROBLOXSECURITY backdoor and has all my limited flushed out to an unknown account.
2 step verification is useful however hackers are exploiting creative ways to gain access to a user account. This issue should be looked at by Roblox and perhaps warn players regarding potential phishing and social engineer scams.
I am a professional developer and this exactly is the kind of culture that is preventing me from developing professional titles on Roblox as a platform. Not only are we dealing with a low-liquid digital currency (robux), but in addition, there is a ton of exploits on account security. Roblox is limiting its own platform by removing the basic support for account security. No one wants to be compromised.
For context, I was hacked after providing the .ROBLOSECURITY because I thought a user wanted my avatar model…
Hey Pluto, before getting socially engineered and getting beamed, I thought my account was safe. I did not even know that the beaming (.ROBLOSECURITY) scam was a thing. As a professional developer, this is very scary. Having an account compromised after performing all the necessary steps from unsuspected social engineering. I do not think players, especially developers, should be punished.
This is on point with what I felt/thought when I initially saw the notice. I raced to my account’s settings to make sure <worst case scenario> didn’t occur. Roblox is expected to be at the bare minimum somewhat conscience of the most likely implications that broadcasting such a notification in the most ambiguous possible manner will inevitably carry. It’s like if you were mailed a letter by <local governing body> that you should lock your front door; the people who don’t already do so are going to interpret this as “oh yeah, I should probably get on that”, but the people who were already doing so are going to be under the impression that they weren’t already.
This reminded me of that 2018 Hawaii false missile alert.
The issue on Roblox’s part regarding the beaming methods (which are all basically performed the same way) is that they’ve only really treated the symptom and never the cause. The cause is that beaming methods sidestep the .ROBLOSECURITY cookie’s warning which outlines the damage it can cause if it happens to get into the wrong hands.
I’ve said it before on this topic but, the beaming methods really only function by pulling the victim’s attention away from what the malicious person is after. It’s like they’re vacuuming your house’s floor (in front of you) to later search the vacuum’s bag to find a dropped house key- so they can later invite themselves inside (whether or not you’re home). I think that analogy makes sense, hopefully.
Damn I wanted to say the exact same thing lol
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.