The .ROBLOSECURITY cookie is a browser cookie used by the Roblox website to store user sessions in a web browser. Its content is a hash that is used by the website to determine what user account the user agent is logged in. This means that if a user can be tricked through social engineering into revealing the content of this cookie; users who are aware of it can log into the account of the user by creating a cookie named “.ROBLOSECURITY” with the content revealed by the user. The hash used by the .ROBLOSECURITY cookie is only valid for a limited time.
Users who gave away their .ROBLOSECURITY must immediately change their password, log out, and log back in. Logging in will create a new .ROBLOSECURITY cookie.
Cookie loggers that are called .ROBLOXSECURITY, do exist, they are .exe files with no context but have a trojan that will log your .ROBLOSECURITY cookie when you join a game, giving them full access to your account. To get rid of them on Windows,
Step 1: Press WINDOWS+R at the same time
Step 2: Type %LOCALAPPDATA% in to the text box on the "Run" window
Step 3: Right click on the "Roblox" Folder and delete it.
Step 4: Go to recycle bin, and empty it.
Step 5: Reinstall ROBLOX and, Reset your password and email, and press the "Sign out of all sessions" button.
Now you are safe. A browser extension might have been installed, Remove all roblox related ones from a non-trusted source.