Jump to content

Welcome to Rune Tips, the first ever RuneScape help site. We aim to offer skill guides, quest guides, maps, calculators, informative databases, tips, and much more to help you get the most from the Massive Online Adventure Game, RuneScape, by Jagex Ltd © 2009.

Report Ad

Welcome to Forum.Tip.It
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
Photo

RuneScape account hacked - what did I do wrong?


  • Please log in to reply
16 replies to this topic

#1
ixfd64
[ Display Name History ]

ixfd64

    Demon Vanquisher

  • Members
  • 2,255 posts
  • Gender:Male
  • Location:California
  • Joined:19 June 2004
  • RuneScape Status:Semi-Retired
  • RSN:ixfd64
  • RSN2:ixfd64 rs2
My RuneScape account got hacked a few days ago.

I was trying to enter the April quiz contest last night when I noticed that I was unable to log in. Since I was able to access all of my other accounts, I figured that I had been "hacked." When I recovered my account about half an hour later, I noticed that my bank PIN was just seven hours away from getting deleted. In addition, my friends list had been cleared, and my default CC was set to a channel called "Team Hax." :rolleyes:

The good news is, I didn't lose any valuables. Phew! *kisses bank PIN* On the other hand, it's going to be a pain in the @$# to add all of my friends back.

I did search for my name on some well-known cheat sites but could find no mention of anyone bragging about "hacking" me, so I'm not sure why I was picked as a target. When I first got "hacked" in April 2003, I was fairly well known at that time because I was only the 40th person to get level 99 cooking. But since level 99 skills are very common these days, I don't think it was my stats that made me a target. However, I do have the distinction of being one of the first 2000 players to sign up, as well as a former player moderator. From what I've seen, these are considered valuable targets for account thieves.

My password was alphanumeric and had 11 characters, so I think it would have been very hard to guess. But then again, RuneScape passwords aren't that secure because they aren't case-sensitive and no longer support punctuation. HijackThis found no suspicious programs, and my recent virus scans had come up clean, so it couldn't have been a keylogger.

So I guess the "hacker" had guessed my password recovery answers. Admittedly, one of them could be found on my Wikipedia page, and two others weren't that hard to guess. I mean, just because I never explicitly told people what my favorite vacation spot was doesn't mean people couldn't deduce it from reading my blog, etc. Gotta love social engineering.

Incidentally, my AIM account also got hacked about two weeks ago, although I'm not sure if it had anything to do with this.

Lessons learned:

1. Don't set security questions whose answers can be easily deduced, even if they are not mentioned explicitly.
2. Similarly, when posting blog entries, etc., make sure that you don't accidentally answer a security question.

That having been said, was there anything else I could have done to prevent this?

I also have two other questions:

1. If I recover my account using the "stolen" option (as opposed to forgetting my password), will this automatically flag my account for investigation?
2. I know that Jagex does not give back stolen items. However, will they restore my friends list? I don't think I can recall all 100 names off the top of my head.
ixfd64.png

ARENAscape:

Baratus [AS] max hit: 166 with Moon Battle Hammer
ixfd64 [AS] max hit: 116 with (untitled spell #2)

#2
Jaffy1
[ Display Name History ]

Jaffy1

    Retired Crew Leader

  • Members
  • 3,556 posts
  • Gender:Female
  • Location:The Netherlands
  • Joined:7 May 2006
  • RuneScape Status:P2P
  • RSN:Ms Julie

I also have two other questions:

1. If I recover my account using the "stolen" option (as opposed to forgetting my password), will this automatically flag my account for investigation?
2. I know that Jagex does not give back stolen items. However, will they restore my friends list? I don't think I can recall all 100 names off the top of my head.

From what you've said I don't see what you've done wrong (if anything at all), but to help avoid being hacked, ensuring your login username is unknown may be useful. This can be done by changing your name twice, or once and wait for the "last known as" to disappear (new accounts have mail addresses as a login). Ooh, and since you were close to your pin cancellation time, get a 7 day delay instead of 3 (if you don't already have that). ;)

Obviously recovery questions should be memorable, but no-one should be able to guess them. If you want a tip, asking about very personal things may be a solution i.e. things you have told no-one (possibly a question about a past password or childhood memories?).

To answer the other two questions, I believe that checking the "stolen" option gives your query priority with regard to being reviewed. It's possible Jagex looks at other things too, but I don't know if or what exactly they would do.

It's also doubtful they'll restore your friends list, unfortunately, but I imagine the people you can't remember will pm you if you keep it at "on" mode?
Posted Image
Posted Image


Posted Image Tip.It Website Crew Leader
Quotes

#3
Nomrombom
[ Display Name History ]

Nomrombom

    Moss Giant Whipper

  • Members
  • 2,736 posts
  • Gender:Male
  • Location:US
  • Joined:28 June 2006
  • RuneScape Status:None
  • RSN:Nomrombom
No, Jagex can't restore your friends list. You'll either have to remember or just forget about it.

You didn't learn these lessons from Sarah Palin's little deal? Where some kid hacked her government email by guessing her recoveries?

Just a good thing you had a PIN. Better safe than sorry.
PM me for fitocracy invite

#4
reddawn509
[ Display Name History ]

reddawn509

    Ghost Cloak

  • Members
  • 1,919 posts
  • Gender:Male
  • Location:masquerading as a black bear..
  • Joined:5 July 2005
  • RuneScape Status:P2P
  • RSN:Yews Me
  • RSN2:Skeksis
You have a wikipedia page? :mellow:

If you've got information about yourself online, it might not be a bad idea to set random passwords or letters or something as the answers to your recovery questions, instead of actual information. Write them down or save them onto your computer, then you can have them but they'll be difficult to guess.

#5
D. V. Devnull
[ Display Name History ]

D. V. Devnull

    Dragon Slayer

  • Members
  • 5,058 posts
  • Gender:Male
  • Location:Slinking in shadow, finding site/forum bugs to kill...
  • Joined:1 July 2006
  • RuneScape Status:None
Pardon this blunt expression, but............... DDDDAAAAMMMMMNNNNNNIIIIITTTTT!!! :angry:

Well, this explains why I was showing as not on your friends list when I last checked your chat channel like yesterday or the day before, and definitely prior to some jerk changing your channel's name. Good thing I came back to Tip.It Forums, or I would never have seen something like this to alert me to what happened. Sorry to hear this happened to you, though. :(

However, I'm glad to hear you got your account back from the jerk(s) that stole it from you. If you want to get in touch, I've been bouncing between RuneScape and FunOrb's "Steel Sentinels" off and on. So feel free to add me back on and send a private chat message. I'll look forward to hearing from you, that's for sure. :)

~Mr. D. V. "Unholy Ouch! Glad to hear you got control back!" Devnull


(p.s.: One of my F2P stats fell below 2,000,000th place, so my combat's reading low. That should be showing as Cb Lvl 85 in my siggy...)

(p.p.s.: I don't believe this... I don't have you added to my buddy list on TIF as well? Adding now!)
Posted Image and normally with a cool mind.
(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

#6
Jaffy1
[ Display Name History ]

Jaffy1

    Retired Crew Leader

  • Members
  • 3,556 posts
  • Gender:Female
  • Location:The Netherlands
  • Joined:7 May 2006
  • RuneScape Status:P2P
  • RSN:Ms Julie

Write them down or save them onto your computer, then you can have them but they'll be difficult to guess.

It's a bad idea to save any kind of password/sensitive information on your computer.
Write them down if you must, but it's best if you can just remember them.
Posted Image
Posted Image


Posted Image Tip.It Website Crew Leader
Quotes

#7
Hegelstad
[ Display Name History ]

Hegelstad

    Varrock Guard

  • Members
  • 1,440 posts
  • Gender:Male
  • Location:Norway
  • Joined:11 April 2009
  • RuneScape Status:P2P
  • RSN:Hegelstad
  • Clan:Team Bring It
I recently changed all my recovery questions because some idiot from Germany added me on facebook and tried to social engineer me ;o

He asked a lot of questions about recovery questions in a way that you wouldn't think that you answered recovery questions, they are really clever. So be alert!

My lame drops:
6 Effigys
1 D Med - 1 D Dagger
1 Verac's Helmet - 1 Guthan's Platebody


#8
Jaffy1
[ Display Name History ]

Jaffy1

    Retired Crew Leader

  • Members
  • 3,556 posts
  • Gender:Female
  • Location:The Netherlands
  • Joined:7 May 2006
  • RuneScape Status:P2P
  • RSN:Ms Julie

I recently changed all my recovery questions because some idiot from Germany added me on facebook and tried to social engineer me ;o

Don't let random people add you on facebook. xD
Seriously though, some of those "kids" care too much... Why put in so much effort to "hack" someone?

Anyhow, if you can, try making it so only you know/can guess the answers to your recovery questions.
That excludes family and real life friends too.
Posted Image
Posted Image


Posted Image Tip.It Website Crew Leader
Quotes

#9
Hegelstad
[ Display Name History ]

Hegelstad

    Varrock Guard

  • Members
  • 1,440 posts
  • Gender:Male
  • Location:Norway
  • Joined:11 April 2009
  • RuneScape Status:P2P
  • RSN:Hegelstad
  • Clan:Team Bring It


I recently changed all my recovery questions because some idiot from Germany added me on facebook and tried to social engineer me ;o

Don't let random people add you on facebook. xD
Seriously though, some of those "kids" care too much... Why put in so much effort to "hack" someone?

Anyhow, if you can, try making it so only you know/can guess the answers to your recovery questions.
That excludes family and real life friends too.


He acted like he knew me, faked ID, so be careful out there!

My lame drops:
6 Effigys
1 D Med - 1 D Dagger
1 Verac's Helmet - 1 Guthan's Platebody


#10
pulli23
[ Display Name History ]

pulli23

    Moss Giant Whipper

  • Members
  • 2,601 posts
  • Joined:9 March 2006
jagex should allow for "unresettable" (apart from manual jagex intervention) bank pins. - If you go on holiday/taking a break of rs your bank pin is now worth nothing!

First they came to fishing
and I didn't speak out because I wasn't fishing

Then they came to the yews
and I didn't speak out because I didn't cut yews

Then they came for the ores
and I didn't speak out because I didn't collect ores

Then they came for me
and there was no one left to speak out for me.


#11
ixfd64
[ Display Name History ]

ixfd64

    Demon Vanquisher

  • Members
  • 2,255 posts
  • Gender:Male
  • Location:California
  • Joined:19 June 2004
  • RuneScape Status:Semi-Retired
  • RSN:ixfd64
  • RSN2:ixfd64 rs2
Thanks for the suggestions, Jaffy1.

However, the downside of changing display names is that it may confuse friends, especially those who haven't played in a long time. For example, I've often had to ask friends who have changed their display names to identify themselves after coming back from long breaks.

I know that some IM users will block/delete unfamiliar people on their buddy list, so I'd imagine that the same goes for RuneScape. Personally, I do not do this, but I obviously can't say the same for my friends.

You have a wikipedia page? :mellow:


User page, not article. I'm not that famous! :lol:
ixfd64.png

ARENAscape:

Baratus [AS] max hit: 166 with Moon Battle Hammer
ixfd64 [AS] max hit: 116 with (untitled spell #2)

#12
Jaffy1
[ Display Name History ]

Jaffy1

    Retired Crew Leader

  • Members
  • 3,556 posts
  • Gender:Female
  • Location:The Netherlands
  • Joined:7 May 2006
  • RuneScape Status:P2P
  • RSN:Ms Julie

Thanks for the suggestions, Jaffy1.

However, the downside of changing display names is that it may confuse friends, especially those who haven't played in a long time. For example, I've often had to ask friends who have changed their display names to identify themselves after coming back from long breaks.

I know that some IM users will block/delete unfamiliar people on their buddy list. I'd imagine that the same goes for RuneScape. Personally, I do not do this, but I obviously can't say the same for my friends.

You're welcome. :D
In the case of friends confusion, changing it once will do the trick.
If they recall your old username they can still enter your clan chat (it will take them to yours even after you've lost the "last known as" icon).

Hope that helps.
Posted Image
Posted Image


Posted Image Tip.It Website Crew Leader
Quotes

#13
Rocked
[ Display Name History ]

Rocked

    Retired Crew

  • Members
  • 2,939 posts
  • Gender:Male
  • Joined:12 October 2004
  • RuneScape Status:P2P
  • RSN:Rocked
  • RSN '07:Mtn Dew Dew
Do you tell people on the street that you're a Wikipedia admin? I wish I could tell people that at parties.

lalalasig2.png


#14
Wkw
[ Display Name History ]

Wkw

    Moss Giant Whipper

  • Members
  • 2,838 posts
  • Gender:Not Telling
  • Joined:25 February 2005
  • RuneScape Status:None
  • RSN:wkw
  • Clan:SODB
My recovery questions are something along the lines of
"what is on the empty action figured box in the computer room"
"how many usb ports does my old computer have"
"which number seat do i sit in class spell"
and "how many windows to the right"

Really
Lesse. I've never, ever taken a picture of that part of the room
Nor of my old computer.. but I think I've said it. But it isn't one of my questions
Only the people at my school know this. I added spell because "3" isn't a valid answer
Last one, you need to see my house to know that ^^



Don't make them "generic" questions. What is my mothers madein name is too generic. Same pet, first teacher, favorite food. All generic.

aaaaauserbar.gif

Wkw.png

Runescape player since January 2005
Ego Sum Deus Quo Malum Caligo et Barathum


 


#15
Michael
[ Display Name History ]

Michael

    Moss Giant Whipper

  • Members
  • 2,917 posts
  • Gender:Male
  • Location:UK
  • Joined:8 July 2006
  • RuneScape Status:None
  • RSN:Trollgazer

My recovery questions are something along the lines of
"what is on the empty action figured box in the computer room"
"how many usb ports does my old computer have"
"which number seat do i sit in class spell"
and "how many windows to the right"

Really
Lesse. I've never, ever taken a picture of that part of the room
Nor of my old computer.. but I think I've said it. But it isn't one of my questions
Only the people at my school know this. I added spell because "3" isn't a valid answer
Last one, you need to see my house to know that ^^



Don't make them "generic" questions. What is my mothers madein name is too generic. Same pet, first teacher, favorite food. All generic.


That's simple, you just don't actually answer the question but answer another question.

#16
Rock Hard
[ Display Name History ]

Rock Hard

    Hobgoblin Killer

  • Members
  • 1,652 posts
  • Gender:Male
  • Location:COME ON ENGLANNDDDDDD
  • Joined:1 November 2005
  • RuneScape Status:P2P
  • RSN:Rock Hard
  • RSN2:Rock s Hard

Do you tell people on the street that you're a Wikipedia admin? I wish I could tell people that at parties.


dw, tell them about your 3000 tipit posts and 91 rc instead
'Rock Hard' boss pure - 60/60 Attack | 99/99 Range | 1/1 Defence | 44/44 Prayer | 99/99 Strength | 99/99 Mage - level 79 combat EOC

## '07 Server ## "Best Runescape update ever: Removing 6 years of updates."

Posted Image

"Warning: If you are reading this then this warning is for you. Every word you read of this useless fine print is another second off your life. Don't you have other things to do? Is your life so empty that you honestly can't think of a better way to spend these moments? Or are you so impressed with authority that you give respect and credence to all that claim it? Do you read everything you're supposed to read? Do you think every thing you're supposed to think? Buy what you're told to want? Get out of your apartment. Meet a member of the opposite sex. Stop the excessive shopping and masturbation. Quit your job. Start a fight. Prove you're alive. If you don't claim your humanity you will become a statistic. You have been warned- Tyler"

#17
Avatar200
[ Display Name History ]

Avatar200

    Unicorn Horn

  • Members
  • 158 posts
  • Gender:Not Telling
  • Location:Malaysia
  • Joined:24 July 2004
  • RuneScape Status:Semi-Retired
  • RSN:Avatar200
My old cooking buddy in Draynor!! Hope you've done everything to prevent future attempts.. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users