Child spends over $800 on 'Roblox' using password reset bypass
A viral video on TikTok shows a mother in distress after her child spent over $800 on "Roblox," but it could have been prevented with Screen Time.
"Roblox" is a very popular game that uses an in-game currency called Robux. It is an enticing, addicting game targeted at children willing to spend real money on cosmetics.
A TikTok influencer named Linzy Taylor shared a video describing her situation after her 10-year-old son had spent over $800 across eleven purchases inside "Roblox." The video has amassed 3.8 million views as of this article's publication.
Usually, stories like these involve the child using some form of deception to bypass a child lock or some lack of supervision from the parent. However, this time, all the child needed was their device passcode.
There was no Screen Time protection on the account, so the only protection the device had was the device passcode and Apple ID password. The child did not know their Apple ID password but had the passcode to access the device.
It isn't clear how he learned to do this, but it is an identical method used by thieves to steal iPhones and reset their Apple ID password.
Taylor's son was able to navigate to "Roblox" and initiate an in-app purchase. The device was set up to prompt for a password any time a purchase was initiated, so biometrics like Touch ID wouldn't work.
All the child needed to do was select "Forgot my password" and then enter his iPhone passcode. The password was reset to the one he chose, then he was free to make purchases.
By the time Taylor noticed the transactions piling up, it was too late. Her son had spent around $800 from her PayPal account that was linked for purchases.
What went wrong
All of the tech-savvy people reading this article already know what happened — there was no Screen Time passcode. This was a simple mistake to make as Taylor believed she had plenty of protection with just an Apple ID password.
AppleInsider reached out to the family and discussed the situation to ensure Screen Time was not enabled. Taylor admitted she had never heard of the feature and will gladly enable it to gain more control over her child's devices.
This is a common occurrence, as Apple does not actively advertise the feature. And she was right to believe a password would be enough.
Screen Time is a tool found within the Settings app, and it is indispensable to parents. App time limits can be set, purchases can be hidden behind a permission structure, and in this story's case, Apple ID passwords can be locked behind the Screen Time passcode.
If Screen Time was set up and the setting turned on, the Apple ID password could not be reset with only the device passcode.
We urge any parent to take a few minutes to set up Screen Time for their children. It isn't foolproof, as crafty kids have found ways to learn their parent's passcode to get by it, but it is an extra layer of protection.
View our guide on how to set up Screen Time and parental controls on iPhone and iPad.
Taylor has reached out to Apple for a refund, and it is pending.