My 14 year old daughter got hacked by someone who was able to add themselves as a "linked parent" to her account. I'm not even sure that this person got ahold of her password in the first place. All this happened on Wednesday morning (6/24/26) but on the day it happened I did not recieve a single email about any of this even though the account is tied to my email address (verified). Usually if there is a new log in on an unrecognized device I would have gotten an email about it, but nothing was sent on 6/24 to me. I suspect that even if two factor authentication was already added to her account it would have done nothing, because there was a two factor authentication passkey added to her account which was definitely not set up by her. But by using that newly created authentication passkey the "linked parent" was clearly able to log into her account (which I didn't get any emails about), go into every game and transfer out every last collectable thing she had collected since 2020.

And wouldn't you know it, Roblox says they aren't responsible for those lost collectables. All the christmas and birthday roblox gift cards from the last 6 years which were used to buy those collectable items are completely wiped away for fun by this "linked parent". My daughter is absolutely devastated by her loss of these collectables.

During the password reset process I had to disable two factor authentication to be able to log in to the account. Once in the account, the two factor passkey could not be removed from the account without having access to the passkey and I had to go through an AI chatbot to get that removed. The "linked parent" also changed the date of birth to make my daugter become 8 years old in Roblox and apparently for whatever reason you are only allowed to change the date of birth once, meaning I had to make request after request trying to get the date of birth changed. Every time I am making these support requests I have to prove I am a human (captcha), enter six digit email security codes, and then try to talk to an AI bot that only partially understands my issues. I can request to speak to a human which immediately ends the chat with the ai bot telling me a support request has been filed.

What is most baffling of all is that I had requested removing the "linked parent" in question and between both the AI and whatever support team is behind that AI, I could not get the "liked parent" removed. I even had one ticket closed out with an email response telling me "We are unable to update or modify the parental settings on your child’s account due to security reasons. Parental controls can be managed on the account with parent privileges linked to your child’s account." When I was talking to an AI bot about this they explained that the "linked parent" was the only person who could remove themselves from my child's account and trying to request anything beyond that answer was denied. I finally hit a wall in which I had made too many requests and they were no longer accepting form submissions from me. My wife is trying to work on this stuff now because I'm at a dead end. She was able to get the account moved to her email address because she had made payments to Roblox in the past to fund the account, but the "linked parent" is still there.

Why would I ever want to give money to Roblox again after all of this? Kids are more savvy than anyone else on that gaming system and will keep finding loopholes to do these sorts of things. No matter how many procedural layers of restricted communication are added this is only made worse because fundamentally Roblox assumes no liability for any lost items within a system where these collectables can be traded among friends or stolen from thieves. I don't know that Roblox will be able to solve these problems ever when their solutions seem to be actually making things worse. If you have any stock in Roblox I would say they are a STRONG SELL!