Roblox recognizes the important role that our user community and a community of security researchers play in helping to keep Roblox and our community safe. If you think you’ve found a security issue on any of our products, please let us know via our program on https://hackerone.com/roblox.
Please pay special attention to the program's scope to ensure any testing you perform doesn't violate the program's policy.
Successful security bug submissions are eligible for financial rewards. Check the program's details for current reward amounts.
Responsible Disclosure Guidelines
We will investigate legitimate reports and make every effort to quickly correct any vulnerability. To encourage responsible reporting, we will not take legal action against you nor ask law enforcement to investigate you provided you comply with the following responsible disclosure guidelines:
- Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC).
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.
- Do not modify or access data that does not belong to you.
- Give Roblox a reasonable time to correct the issue before making any information public.
- Security research is limited to Roblox client binaries, game server, and web application.
Thank you for helping to keep the Roblox community safe.