Roon Security Alerts

Roon Core Machine

Roon Nucleus with no additional internal storage and latest software. Purchased a few weeks ago.

Networking Gear & Setup Details

Third Floor: The Roon Nucleus is connected by CAT6 Ethernet cable to a Luxul 12-port/8 PoE+ Gigabit Managed Switch model AMS-1208P. I have a M1 Mac Mini (2020, 8 GB, OS Monterey version 12.2.1) connected by ethernet to the switch.

Ground Floor: The managed switch is connected by CAT6 Ethernet cable to a Luxul 26-port/24 PoE+ Gigabit Managed Switch model AMS-2624P. This switch is plugged by CAT6 cable to a Xfinity xFI Gateway Router model name CGM4331COM by vendor Technicolor.

Connected Audio Devices

The 2 USB ports on the back of the Nucleus are used by my Amicool USB External DVD Drive (Amazon) and a Seagate 5 TB external desktop HDD model SRD0NF2.

The Roon remotes for DACs, Amps and Sonos speakers are an iPhone 13 Max and a 2019 12.9 inch iPad.

Number of Tracks in Library

5000+ tracks

Description of Issue

On several days of using my Roon account, I get a security alert stating that someone has logged in to my account in New York. I don’t live in New York. This warming has prompted me to change my username a few times now on the Roon website. It happened again today. I have been letting the Apple iPhone software pick out complex passwords for me. Any advice?


What’s the exact message? Does it mention an IP address? Time of day? Do you use a VPN? If there is a date stamp of the login attempt, have you been using your phone at that moment? Have you given anybody you know your login/password to Roon that could be triggering these alerts?

Another possibility is that your ISP is peering or terminating traffic in New York, so to Roon it appears that the login is coming from there. I have a number of services believe I am in Chicago and I am nowhere near it, it’s just where my internet interconnection terminates to that service.

This is the message I get. I have a VPN. I don’t know if I was using my phone at the moment that the message was generated. No one should know my login but me. I haven’t shared it with anyone.

@Robert_F, How could I find out if my ISP is peering or terminating traffic in New York?

Not sure why the image didn’t load. The message doesn’t include any specific time stamp or identifiers.

Craig, I’m not sure how to definitively test this. I work in telecommunications and have worked with all the major telecom providers and know many of the facilities where they terminate (e.g., my mobile and fiber connections both terminate in Chicago as I noted above, and I am served a lot of local Chicago area ads on my phone and laptop web browser vs. other locations).

Are you still having the issue? It seems as though the VPN may terminate in New York.

Thanks for the advice. The VPN is turned off on my phone. When I logged onto, I got this warning email:

New sign in detected

A new device from New York City, New York, United States of America just signed in to your Roon account. If this was you, you don’t need to do anything.

Note: Your location may be inaccurate since it was estimated using your IP address.

If this doesn’t sound right, please let us know by replying to this email, or visit this pageto reset your password.

The Roon team

Does this email warning occur only when you sign in? I use some secure settings on my web browser and need to log into the forum daily. I received a similar email every time I log in. If this is consistent with when you log into Roon or the forum, then it’s probably nothing to worry about.


It may be worth checking and possibly updating your password based on this post from a few hours ago:

WARP by Cloudflare?

Thanks so much for the advice. I experience the warning when I login to the forum. My VPN Is IPVanish.

I have changed my password each time I received the warning on the official Roon website.

You have a VPN, your location is where the VPN exits. That’s the point of the VPN.

@danny Thank you.

The VPN has been turned off for a couple weeks now. I’m still getting the attempted login alerts. The last message was Wednesday stating that a login attempt was made in Charlotte, North Carolina, USA. I don’t live there.

Cragi, did you sign into Roon or the community forum Wednesday?

I definitely logged into the forum and used Roon. I don’t remember trying to log into the Roon store.

I believe it’s capturing the forum and Core logins. My guess is your ISP is terminating in Charlotte which is a large peering and interconnection point on the internet for a number of major service providers.

1 Like

This topic was automatically closed 45 days after the last reply. New replies are no longer allowed.