What is hacking?
When an account is “hacked”, it means that it has been compromised or rather, someone else besides you has access to your account and can make changes to it. This is actually phishing and does not mean that the ROBLOX site was compromised. Almost every single time an account is compromised, it is because the account owner did something (maybe by accident) that helped the "hacker" get access to their account. The weakest link in security is generally the human. That is why it's important to employ good security practices on ROBLOX and online.
If you know how to keep your account safe, and how to spot and stay away from scams, there's very little chance that your account will ever be compromised.
What should I do if my account is compromised?
If you can, you should change your password right away. Go to your Account page and click “Change Password”. If you were able to change your password, also make sure that your email address is verified on the Account page. If it isn't make sure to verify it. Verifying your email address alerts you to changes in your password or email address on your account.
If you're not able to access your account, contact Customer Service at firstname.lastname@example.org or through their integrated Contact Us page at http://roblox.com/Support. Provide your username and details on how your account was compromised. Be sure to contact Customer Service from the original account email address or, if a purchase has been made on the account, from the original billing email address. Don’t panic; they’ll assist you as quickly as possible and help you to get your account back.
How can I keep my account secure?
The most important step to take is to never give out personal information, such as your password or sensitive computer information like cookies, files or even seemingly random bits of text or other information from your browser or your computer. Requests for this information are often combined with fake offers of free currency (Robux), items, or Builders Club. They may claim to be an official ROBLOX survey or promotion (we cover how to know a real ROBLOX promotion/survey below). The only thing you'll get from these fake offers is a stolen account with all your items and currency taken.
Important ways to keep your account secure:
- Have a strong password. ROBLOX requires a password be 6-20 characters long and have 2 numbers and 4 letters, but we also recommend using non-alphanumeric characters (e.g. @#%-). Make sure your password cannot easily be guessed. It should be something only you would know. Including your user name as part of your password is never a good idea.
- Log out of your account any time you use a public or shared computer such as at school or a library, or after using a computer at another person's house. Remember to disable autocomplete-forms for your ROBLOX account on public computers.
- Never download any program or an executable file (.exe) from an untrustworthy source and always have your parent's assistance and permission before doing so.
- Never change your email address on the account to someone else’s. Doing so will allow that person to get password resets for your account.
- Verify your email address. Verifying your email address alerts you to changes in your password or email address on your account.
- Don’t fall for fake promotions, surveys or scams. ROBLOX promotions and surveys are always announced on ROBLOX's official blog or via the notification system and they will NEVER ask you for your password. If anyone asks you for your password in a survey or an offer for free memberships or Robux, this is a scam to steal your account. Again, ROBLOX Staff will NEVER ask you for your password.
- If a ‘friend’ asks for access to your account, do not give them any information for any reason whatsoever. It is very important to maintain that your ROBLOX account password belongs to you and no one else. (Except possibly your parents, if your young.)
- User different passwords for different accounts. Your ROBLOX password should be unique among the host of accounts you own on the internet. This way, if one account is compromised, your ROBLOX one will not be.
- If someone asks you to give them a line of code from your browser or Roblox Studio that has something to do with the term ‘.ROBLOSECURITY’, do not do it. This is a way to breach users who have 2-Factor Authentication enabled since .ROBLOSECURITY is the temporary login cookie used by 2FA that confirms you are logged into your account with valid credentials.
Exploits and Reporting Abuse
Sometimes, the word "hacking" is used to mean exploiting. Exploiting is against the Terms of Service for ROBLOX. Exploiting or cheating is unfair to all ROBLOX players and creates a poor experience for everyone. This will lead to the deletion of your account. Most exploits are just a scam to get you to download malware, such as a keylogger or other phishing program that can be used to steal any personal information you have on your computer, including your ROBLOX password. Don't exploit; it's not worth it. If there's a feature you'd like to see on ROBLOX, use our Suggestions Forum.
If you see someone asking for passwords or other personal information, posting offsite links, or attempt to exploit or sharing exploits, please use the 'Report Abuse' buttons located throughout the site. Reporting allows our Moderators to remove the content and moderate the accounts. These are violations of the ROBLOX Terms of Service and Community Rules and Guidelines.