On May 24, 2022, at 2:39 P.M. The Developer Forum encountered a caching issue, resulting in a small number of users appearing to be temporarily logged into another user’s Developer Forum account. Our team quickly took the appropriate steps to set the forum under maintenance while we investigated the root cause.
We have already reached out to the handful of users who may have had personal information (such as IP Address) exposed and are working to resolve any concerns. If you have not received a direct message from us on the forums, your account was not affected.
Timeline (PT):
2:43pm First user report & team began the investigation
3:02pm Forum taken down for maintenance
3:15pm Root cause discovered and countermeasures added to prevent going forward
5:18pm Forum access restored to users
As a cautionary measure, we logged out all users from the Developer Forum.
We have identified the source of this caching issue and we are working to prevent this from happening in the future. Thank you to our community members who quickly alerted us.
Oh… that how i got log off yesterday, Nevertheless, Geat job to all the roblox engineers to take measure steps causing the least risk as possible to the users, and goodluck!
We have already reached out to the handful of users affected by this issue and are working to resolve any concerns. If you have not received a direct message from us on the forums, your account was not affected.
I didn’t receive any messages about this, despite one of my friends telling me (and showing me with photo evidence) that they were in my account during this brief period.
Some of my notifications were particularly confidential, and I received no follow up notification regarding this issue. When can I expect to receive one? My trust in the devforums has narrowed throughout the years but this recent breach and no follow up from Roblox - especially considering that multiple people messaged me regarding being able to access my account notifications - when potential confidential information has been exposed to multiple people has severed it entirely. When can I expect to receive a message to reassure me and many others affected that something this severe wont happen again?
Apologies, let me clarify and I’ll also update the post above.
The individuals we messaged are those we identified as potentially being in a state where their personal information (such as IP Address) could have been visible during the window.
Not even surprised at this point when I hear of Roblox personal data or entire game leaks or outages- just a constant. At least you were transparent, so there’s that I guess.
It’s bound to happen again since you are dealing with roblox, there is no way to reassure you in the future since predicting the future is way too hard/impossible, there has to be a procedure before you know for sure whether you were breached or not. What can be said though is that hopefully the staff gained some insight on how to secure our accounts in the future through the outage.
This makes me wonder if anyone got into my account but just said nothing about it
Why weren’t users who had extremely confidential information available to other users contacted?? This is absolutely on the same level as potential IP disclosure when any information can be contained in private messages, including personal information, NDA contract details, private 1-on-1 conversations with other developers and various other confidential information, shown to any user lucky enough to land on your profile when refreshing the page. How can we be 100% positive that this severe breach will not happen again, when we have been given no sign of reassurance?
Very glad I wasn’t affected by this. My personal info could of been leaked. Just wanted to say thank you to all the engineers at Roblox that acted on this quickly much appreciated!
The issues you described might not be relevant in this case. I’m certain that “appearing” to be logged into another person’s account wouldn’t authenticate access to somebody’s DevForum messages, among many other things
Otherwise, the truth might be sugarcoated with wording such as “appearing,” which may just be another reason not to trust the DevForum.
Have people reported that they were able to access the messages within the notifications? Are the notifications themselves sensitive information?
You only receive a message if you info, like your IP address was leaked. I too was into other accounts, and saw that a few people were in mine, and I didn’t get a message, so I am good.