Cookie Logger / .ROBLOSECURITY
KUH-kee LOG-er
Definition
The technical heart of most account theft (see Beamed). Instead of stealing a password, the attacker tricks the victim into running a script, installing a browser extension, or visiting a fake site that copies their Roblox login cookie (named .ROBLOSECURITY). With that cookie they log in as the victim — and because it's an already-logged-in session, it bypasses both the password AND two-factor authentication.
Example Usage
“He pasted some 'free skin' code into the browser console and got beamed.”
Note for Parents
This is exactly why two rules matter: never paste code into your browser's console, and never install a Roblox extension someone sends you. 2FA protects the login step, but a stolen session cookie sidesteps it — so the real defence is never handing the cookie over. If an account suddenly logs out or loses items, change the password immediately (that invalidates the stolen cookie). See Beamed, Phishing, Offerwall.