Roblox is a super-popular game with kids nowadays. It's not a game itself, but rather a platform where you build a character which can play other games built by either users or companies. There are over 100,000 Roblox games, some of which actually make a lot of money. The most popular game, "Adopt Me", actually has a team of 30 full time developers working on it!

Anyway, Roblox has an in-game currency called "Robux". Robux are roughly equivalent to 1 cent each. You can get them in various ways. Most people buy them directly from Roblox (which is what generates the income for the company), but you can also earn them if you create your own game, or by creating virtual items/accessories for people to buy.

Benjamin really loves Roblox, and like most parents of Roblox-playing kids, I buy him Robux every so often, especially for occasions. He also is a "Roblox Premium" member, which gets him 450 Robux per month automatically.

Anyway, Ben had 4800 Robux in his account because I had recently given him a gift, which is worth approximately $48.

On December 1, he found a mysterious item for 500 Robux ($5) was bought on his account. He didn't do it, and the item was so strange and useless that it didn't look likely that he would have done it -- either accidentally or otherwise. However, at the same time, there were no indications that his account was compromised in any way. His password still worked, and nothing else was tampered with.

I sent e-mail to support asking for the 500 Robux back. Unfortunately this support is run out of India, and is total shit. They mostly communicate with form letters.

It took several tries to get them to understand that he did NOT lose access to his account -- just that 500 Robux had been jacked. Finally they understood and refunded the 500. I still wondered how it happened. I chalked it up to some insider exploit, especially because the account which had received his 500 Robux was banned and deleted shortly after our complaint.

Today, Ben found that his entire 4800 had been drained, in similar fashion. It's not clear why the hacker didn't do this the first time.

I wrote to Roblox again, and they sent me a form letter saying that Ben had literally used up his "one time", and therefore gets nothing.




Apparently Roblox got tired of dealing with irresponsible kids who let their accounts get compromised repeatedly (or kids who would regret in-game purchases and lied about being hacked), so their blanket solution was a "one time rollback", where each account gets one and only one chance for a complete restore to 24 hours prior to the incident. After that, you are fucked. I have since read stories of people losing hundreds of thousands of Robux (worth thousands of $), and support told them to eat shit.

I never asked or agreed to this rollback. I simply asked for the 500 Robux back, and that was the solution they employed. Now they're saying we can't get our 4800 back because we already used our "one time". Well, there's no fucking way I would have used the one-time rollback over a matter of $5, had they been clear about it.

Indian support now just keeps sending me form letters in response, basically telling me to go pound sand.

There is no way to call them. They ended phone support earlier this year, using the pandemic as an excuse. (Bovada did something similar, as have other companies which are using the pandemic as an excuse to provide poor customer service.)

Terrible.

BTW, since then, I think I tracked down the source of the compromise. I think it was through a Google Chrome Roblox extension which steals the cookies and essentially allows them to log in as him, without using the password.

The sad thing is that Ben loves the game so much that I can't charge it back on my credit card, or they will ban him, and he will be devastated. Obviously I'm not doing that.

They really need regulation for in-app and in-game purchases. Huge hole in the law right now.