JavaScript User hacked Account (Roblox)

Hi everyone,

I wasn’t sure where to post this but I’m a bit desperate and scared, hoping that someone with experience or knows about JavaScript could help me protect my computer. I fell for a stupid trick following this YouTube video that someone had mentioned to me and this led to my account on Roblox getting hacked - getting everyting stolen off of it.

As for a reference to the code, here is the YouTube video (code is seen in their notepad which I copied):

I have contacted their support, but now I’m worried if he still has access to my computer or is it a one-time thing that only affected the Roblox webpage and that he was only able to get my Roblox account information? I’m worried about using my bank or logging into my e-mail thinking he still is able to pull information out of my computer. This guy has harassed me on Discord, so I’m concerned that it won’t just stop there.

The video basically ran some random JS script that probably screwed over your Roblox account. The game’s support team should be able to help you. Beyond that though you shouldn’t be at risk, if the game has any substantial security features built in (like not saving your credit card information in plain text) you shouldn’t see anything spread beyond the game.

However in the worst case that your credit card did leak, then just keep an eye on your back account, or if your really worried cancel your existing card and get a new one.

Long story short, don’t enter random stuff into any application without getting it vetted, especially if it sounds “too good to be true”. Roblox is very well known as an easy target for hackers to steal unaware peoples information as a lot of kids play the game.

Thank you so much! I was so worried if this affected my entire browser or something like that. Would you happen to know if this was a permanent thing (like once I use the code, is the hacker still able to pull information from my account or was this just a one-time thing?

Like if I went back and login on Roblox, that JavaScript won’t continue to pull my information to him right?

I honestly don’t know how that Roblox “site” works. Assuming it works anything similar to a website, externally ran scripts shouldn’t “still exist” after a page refresh.

For the script to “still be there” it would need to be saved and loaded and ran again when you go back to that “page”. The attack that originally hit you is similar to an XSS or Cross-Site Scripting attack. Since you had to “paste” the actual execution code into your “site”, as long as you don’t do this again, the malicious code shouldn’t be able to be “loaded” again.

The hacker got into your cookies through a bad link, stole your account, if you changed your password you should be fine, if your entire account got stolen before you could sign out then contact or their support.

Ima just assume this is resolved one way or the other.