Roblox 的家长控制功能是一场反乌托邦的安全灾难。
我14岁的女儿的账户被黑客入侵,黑客成功将自己添加为她账户的“关联家长”。我甚至不确定这个人最初是如何获得她密码的。这一切发生在周三早上(6月24日),但在事件发生当天,我没有收到任何与此相关的电子邮件,尽管该账户与我的电子邮件地址(已验证)关联。通常情况下,如果有新的登录尝试来自未识别的设备,我会收到一封电子邮件,但在6月24日我没有收到任何邮件。我怀疑即使她的账户已经启用了双重身份验证,也无济于事,因为账户中添加了一个双重身份验证的密钥,这显然不是她设置的。但利用这个新创建的身份验证密钥,“关联家长”显然能够登录她的账户(我没有收到任何关于此的电子邮件),进入每个游戏,并转移她自2020年以来收集的所有可收集物品。
更令人震惊的是,Roblox表示他们对这些丢失的可收集物品不负责任。过去六年中用于购买这些可收集物品的所有圣诞节和生日Roblox礼品卡,竟然被这个“关联家长”完全抹去。我女儿对这些可收集物品的损失感到非常沮丧。
在重置密码的过程中,我不得不禁用双重身份验证才能登录账户。一旦进入账户,无法在没有密钥的情况下移除双重身份验证密钥,我还得通过一个人工智能聊天机器人来处理这个问题。“关联家长”还更改了出生日期,让我女儿在Roblox中变成了8岁,显然出于某种原因,您只能更改一次出生日期,这意味着我不得不一次又一次地请求更改出生日期。每次提交这些支持请求时,我都必须证明我是人类(验证码),输入六位数的电子邮件安全代码,然后尝试与一个只部分理解我问题的人工智能机器人对话。我可以请求与人类交谈,但这会立即结束与人工智能机器人的聊天,告诉我已经提交了支持请求。
最令人困惑的是,我曾请求移除这个“关联家长”,但无论是人工智能还是支持团队,我都无法将其移除。我甚至有一个工单被关闭,邮件回复告诉我:“由于安全原因,我们无法更新或修改您孩子账户上的家长设置。家长控制可以在与您孩子账户关联的家长权限下进行管理。”当我与人工智能机器人讨论这个问题时,他们解释说,“关联家长”是唯一可以从我孩子账户中移除自己的人员,任何超出这个答案的请求都被拒绝。我最终遇到了瓶颈,因为我提交了太多请求,他们不再接受我的表单提交。我的妻子现在正在处理这些问题,因为我已经无计可施。她能够将账户转移到她的电子邮件地址,因为她过去曾为该账户向Roblox付款,但“关联家长”仍然存在。
在经历了这一切之后,我为什么还会想再给Roblox送钱呢?孩子们在这个游戏平台上比任何人都更聪明,会不断找到漏洞来做这些事情。无论增加多少程序性限制沟通的层级,这只会让问题变得更糟,因为根本上Roblox对在一个可以在朋友之间交易或被小偷盗取的系统中丢失的物品不承担任何责任。我不知道Roblox是否能解决这些问题,因为他们的解决方案似乎实际上在让事情变得更糟。如果你在Roblox有任何股票,我会说这是一个强烈的卖出信号!
查看原文
My 14 year old daughter got hacked by someone who was able to add themselves as a "linked parent" to her account. I'm not even sure that this person got ahold of her password in the first place. All this happened on Wednesday morning (6/24/26) but on the day it happened I did not recieve a single email about any of this even though the account is tied to my email address (verified). Usually if there is a new log in on an unrecognized device I would have gotten an email about it, but nothing was sent on 6/24 to me. I suspect that even if two factor authentication was already added to her account it would have done nothing, because there was a two factor authentication passkey added to her account which was definitely not set up by her. But by using that newly created authentication passkey the "linked parent" was clearly able to log into her account (which I didn't get any emails about), go into every game and transfer out every last collectable thing she had collected since 2020.<p>And wouldn't you know it, Roblox says they aren't responsible for those lost collectables. All the christmas and birthday roblox gift cards from the last 6 years which were used to buy those collectable items are completely wiped away for fun by this "linked parent". My daughter is absolutely devastated by her loss of these collectables.<p>During the password reset process I had to disable two factor authentication to be able to log in to the account. Once in the account, the two factor passkey could not be removed from the account without having access to the passkey and I had to go through an AI chatbot to get that removed. The "linked parent" also changed the date of birth to make my daugter become 8 years old in Roblox and apparently for whatever reason you are only allowed to change the date of birth once, meaning I had to make request after request trying to get the date of birth changed. Every time I am making these support requests I have to prove I am a human (captcha), enter six digit email security codes, and then try to talk to an AI bot that only partially understands my issues. I can request to speak to a human which immediately ends the chat with the ai bot telling me a support request has been filed.<p>What is most baffling of all is that I had requested removing the "linked parent" in question and between both the AI and whatever support team is behind that AI, I could not get the "liked parent" removed. I even had one ticket closed out with an email response telling me "We are unable to update or modify the parental settings on your child’s account due to security reasons. Parental controls can be managed on the account with parent privileges linked to your child’s account." When I was talking to an AI bot about this they explained that the "linked parent" was the only person who could remove themselves from my child's account and trying to request anything beyond that answer was denied. I finally hit a wall in which I had made too many requests and they were no longer accepting form submissions from me. My wife is trying to work on this stuff now because I'm at a dead end. She was able to get the account moved to her email address because she had made payments to Roblox in the past to fund the account, but the "linked parent" is still there.<p>Why would I ever want to give money to Roblox again after all of this? Kids are more savvy than anyone else on that gaming system and will keep finding loopholes to do these sorts of things. No matter how many procedural layers of restricted communication are added this is only made worse because fundamentally Roblox assumes no liability for any lost items within a system where these collectables can be traded among friends or stolen from thieves. I don't know that Roblox will be able to solve these problems ever when their solutions seem to be actually making things worse. If you have any stock in Roblox I would say they are a STRONG SELL!