Heads up: "Roon Security Alert"

Just wanted to share that someone is trying to hack into Roon accounts. They were 3 successful logins to my account from 3 different IPs. Luckily I got the “Roon Security Alert” e-mails and was able to change my password to something much stronger. In this case, it was my fault for using a super weak password that was pretty easy to “brute force”. My guess is that the hacking attempts are targeting the “community” forum’s login functionality and then ‘crawling’ the site for a credit card or other information.

I just wanted to let the community know, especially if you have a weak Roon password.


Thanks for letting us know.

If by chance our account gets hacked, what can we do? Can Roon recover it for us?

1 Like

My password was pretty crap, so thanks for the heads up.

1 Like

I’m sure someone from Roon would be a better resource…

In my case, I got a formatted e-mail that had a password reset button. You want to make sure that any URL is ‘official’. Something like “https://roonlabs.com/…”.

In this case, the e-mail forwards you to: https://roonlabs.com/reset?email=[YOUR_EMAIL_ADDRESS_HERE]

Clicking on that URL just sends another e-mail with reset instructions.

There is a feature request for Roon to use 2FA. I would add: with and authenticator app, not only SMS or email. If an unauthorized logon happens, it may be too late for mitigation.


Tagging @accounts

Thanks for the heads up. Password updated. :+1:

3 posts were split to a new topic: Password reset not working

Thanks for the heads up!

As Roon gets more popular, it’s very common for attacks like this to happen.

If you have a bad password, I suggest you change it to something far better.

Due to many account “takeovers”, we now require changing your email or password by resetting it. This requires access to your email account.

This also means you should have a secure password on your email account.


Thanks man, I took this as a good reason to put a strong password on, I was kind of slack on this. Good heads-up there.

Highly recommend using something last LastPass. It will generate a random character password for you and easily integrates in your browser to help your login’s.


I have recommendation for the additional security questions some sites have ( do not remember if Roon does it) - When they ask your for security questions create huge random strings and use that. Store them so don’t lose it. Otherwise, specially if you have social media, don’t use what they ask for. It could info easily inferred from your social media or your contacts. It is sometimes a pain, but well…

These saved my phone account - and this is important, since sites use your phone for 2FA. Someone tried to transfer it. When they were asked for mom’s maiden name, they tried the right one. I don’t have anything other than Linked in. But probably they got it from a contact… or even inferred from that.

Of course, instead of the real answer, I had a 256 chars long random string. The phone company gave me the pleasure to let me know they told the criminal “you are never gonna get it, you are a criminal!” :smiley:



Happened to me as well a while ago. It’s good to be vigilant.

If the account get hacked, can Roon recover it for us?

The real danger isn’t with Roon. Once hackers get hold of an email/password they will run these against any number of commonly used websites to see of your password has been reused, for example Google or on-line banking accounts or Amazon. Beware!

There is a huge market for accounts netflix/amazon ect,there is loads of dedicated forums on telegram discord selling everthing from vpn account s,which I’ve been guilty of buying to tidal and quboz selling for as low as a $1 for the information,I actually seen a member request passwords for sale for roon last week so id suggest change ur password on a regular basis.

I got this too and it was sent from “contact@roonlabs.com”. isn’t that the official one?