Roblox parental controls are a dystopian security disaster

A parent reported that their 14-year-old daughter's Roblox account was compromised when someone added themselves as a linked parent. The parent is unsure if the hacker obtained the daughter's password, and no email notification was sent to the parent's verified email address, despite the account being tied to it. Typically, an email would be sent for new logins on unrecognized devices, but none was received on the day of the incident. The parent suspects that two-factor authentication may not have prevented the issue even if it had been enabled on the account. The incident occurred on a Wednesday morning, and the parent expressed concern over the lack of notification. The security of Roblox's parental controls has been called into question as a result of this incident.