The .ROBLOSECURITY cookie is a browser cookie used by the Roblox website to store user sessions in a web browser. Its content is a hash that is used by the website to determine what user account the user agent is logged in. This means that if a user can be tricked through social engineering into revealing the content of this cookie; users who are aware of it can log into the account of the user by creating a cookie named “.ROBLOSECURITY” with the content revealed by the user. The hash used by the .ROBLOSECURITY cookie is only valid for a limited time.
Users who gave away their .ROBLOSECURITY must immediately click the "Sign out of all other sessions" button, located in their Roblox settings page. Doing this will create a new .ROBLOSECURITY cookie.
If anyone asks for your .ROBLOSECURITY cookie, don't give it to them! Additionally, if someone asks you to use Inspect Element and download a .HAR (HTTP Archive) file, do not give it to them either, as that file contains your .ROBLOSECURITY cookie.
If you have followed the steps and do not have access to your account, try resetting your password at https://www.roblox.com/login/forgot-password-or-username
If you are unable to reset your password, contact Roblox Support from an email address that has been associated with the account. They can also recover some stolen assets, like limiteds or Robux, if this is the first time the account has been compromised.
Cookie logger removal guides
There are many different types of cookie loggers, but below is a guide to removing the most common.
Logger removal guide (Windows)
- Step 1
- Press the WINDOWS and R keys at the same time.
- Step 2
%LOCALAPPDATA%into the text box in the "Run" window and press the enter key.
- Step 3
- Right-click on the "Roblox" Folder and delete it.
- Alternatively, you can also click the folder and press Shift+Delete to permanently delete the file, skipping Step 4.
- Step 4
- Click on the Recycle Bin icon on your desktop then click on the "Empty Recycle Bin" button.
- Step 5
- Open your preferred browser and check your extensions:
Make sure every extension here was installed by you and is trusted. Pay special attention to extensions that appear to be related to Roblox. A small userbase and negative reviews can help indicate a logger. If you find a suspicious extension, uninstall it.
- Step 6
- Search for the 'Control Panel' by going to File Explorer, in the address bar, search "control panel" then clicking "Control Panel".
- Step 7
- Under "Programs", click "Uninstall a program".
Make sure all programs here were installed by you and are trusted. Pay special attention to programs that appear to be related to Roblox. If you find a suspicious program, uninstall it. However, do not uninstall programs created by Microsoft. Some of the programs from Microsoft are necessary for your computer to function correctly; if deleted, it may cause problems to your computer in the future.
- Step 8
- Scan your PC using an installed antivirus that you trust. Windows Defender will usually be fine, but for extra security use the free version of Bitdefender, Avast or Malwarebytes. (Microsoft also has a great list of 3rd party antivirus software that they trust and recommend, but most are paid software.)
- Step 9
- Go to roblox.com in your browser. Log in, reinstall Roblox, reset your password and email in your settings, log out and then back in and press the "Sign out of all sessions" button in your settings.