ixfd64 Posted April 6, 2011 Share Posted April 6, 2011 My RuneScape account got hacked a few days ago. I was trying to enter the April quiz contest last night when I noticed that I was unable to log in. Since I was able to access all of my other accounts, I figured that I had been "hacked." When I recovered my account about half an hour later, I noticed that my bank PIN was just seven hours away from getting deleted. In addition, my friends list had been cleared, and my default CC was set to a channel called "Team Hax." :rolleyes: The good news is, I didn't lose any valuables. Phew! *kisses bank PIN* On the other hand, it's going to be a pain in the @$# to add all of my friends back. I did search for my name on some well-known cheat sites but could find no mention of anyone bragging about "hacking" me, so I'm not sure why I was picked as a target. When I first got "hacked" in April 2003, I was fairly well known at that time because I was only the 40th person to get level 99 cooking. But since level 99 skills are very common these days, I don't think it was my stats that made me a target. However, I do have the distinction of being one of the first 2000 players to sign up, as well as a former player moderator. From what I've seen, these are considered valuable targets for account thieves. My password was alphanumeric and had 11 characters, so I think it would have been very hard to guess. But then again, RuneScape passwords aren't that secure because they aren't case-sensitive and no longer support punctuation. HijackThis found no suspicious programs, and my recent virus scans had come up clean, so it couldn't have been a keylogger. So I guess the "hacker" had guessed my password recovery answers. Admittedly, one of them could be found on my Wikipedia page, and two others weren't that hard to guess. I mean, just because I never explicitly told people what my favorite vacation spot was doesn't mean people couldn't deduce it from reading my blog, etc. Gotta love social engineering. Incidentally, my AIM account also got hacked about two weeks ago, although I'm not sure if it had anything to do with this. Lessons learned: 1. Don't set security questions whose answers can be easily deduced, even if they are not mentioned explicitly.2. Similarly, when posting blog entries, etc., make sure that you don't accidentally answer a security question. That having been said, was there anything else I could have done to prevent this? I also have two other questions: 1. If I recover my account using the "stolen" option (as opposed to forgetting my password), will this automatically flag my account for investigation?2. I know that Jagex does not give back stolen items. However, will they restore my friends list? I don't think I can recall all 100 names off the top of my head. ARENAscape: Baratus [AS] max hit: 166 with Moon Battle Hammer ixfd64 [AS] max hit: 116 with (untitled spell #2) Link to comment Share on other sites More sharing options...
Jaffy1 Posted April 6, 2011 Share Posted April 6, 2011 I also have two other questions: 1. If I recover my account using the "stolen" option (as opposed to forgetting my password), will this automatically flag my account for investigation?2. I know that Jagex does not give back stolen items. However, will they restore my friends list? I don't think I can recall all 100 names off the top of my head.From what you've said I don't see what you've done wrong (if anything at all), but to help avoid being hacked, ensuring your login username is unknown may be useful. This can be done by changing your name twice, or once and wait for the "last known as" to disappear (new accounts have mail addresses as a login). Ooh, and since you were close to your pin cancellation time, get a 7 day delay instead of 3 (if you don't already have that). ;) Obviously recovery questions should be memorable, but no-one should be able to guess them. If you want a tip, asking about very personal things may be a solution i.e. things you have told no-one (possibly a question about a past password or childhood memories?). To answer the other two questions, I believe that checking the "stolen" option gives your query priority with regard to being reviewed. It's possible Jagex looks at other things too, but I don't know if or what exactly they would do. It's also doubtful they'll restore your friends list, unfortunately, but I imagine the people you can't remember will pm you if you keep it at "on" mode? Tip.It Website Crew Leader[hide=Quotes]I love it how Jafje comes outa nowhere and answers my questionsHehe now we know what real life does...drugs, drugs, more drugs. Thank god we are addicted to something that won't kill us. [/hide] Link to comment Share on other sites More sharing options...
Nomrombom Posted April 6, 2011 Share Posted April 6, 2011 No, Jagex can't restore your friends list. You'll either have to remember or just forget about it. You didn't learn these lessons from Sarah Palin's little deal? Where some kid hacked her government email by guessing her recoveries? Just a good thing you had a PIN. Better safe than sorry. PM me for fitocracy invite Link to comment Share on other sites More sharing options...
reddawn509 Posted April 6, 2011 Share Posted April 6, 2011 You have a wikipedia page? :mellow: If you've got information about yourself online, it might not be a bad idea to set random passwords or letters or something as the answers to your recovery questions, instead of actual information. Write them down or save them onto your computer, then you can have them but they'll be difficult to guess. Link to comment Share on other sites More sharing options...
D. V. Devnull Posted April 6, 2011 Share Posted April 6, 2011 Pardon this blunt expression, but............... DDDDAAAAMMMMMNNNNNNIIIIITTTTT!!! :angry: Well, this explains why I was showing as not on your friends list when I last checked your chat channel like yesterday or the day before, and definitely prior to some jerk changing your channel's name. Good thing I came back to Tip.It Forums, or I would never have seen something like this to alert me to what happened. Sorry to hear this happened to you, though. :( However, I'm glad to hear you got your account back from the jerk(s) that stole it from you. If you want to get in touch, I've been bouncing between RuneScape and FunOrb's "Steel Sentinels" off and on. So feel free to add me back on and send a private chat message. I'll look forward to hearing from you, that's for sure. :) ~Mr. D. V. "Unholy Ouch! Glad to hear you got control back!" Devnull (p.s.: One of my F2P stats fell below 2,000,000th place, so my combat's reading low. That should be showing as Cb Lvl 85 in my siggy...) (p.p.s.: I don't believe this... I don't have you added to my buddy list on TIF as well? Adding now!) and normally with a cool mind.(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.) Link to comment Share on other sites More sharing options...
Jaffy1 Posted April 6, 2011 Share Posted April 6, 2011 Write them down or save them onto your computer, then you can have them but they'll be difficult to guess.It's a bad idea to save any kind of password/sensitive information on your computer.Write them down if you must, but it's best if you can just remember them. Tip.It Website Crew Leader[hide=Quotes]I love it how Jafje comes outa nowhere and answers my questionsHehe now we know what real life does...drugs, drugs, more drugs. Thank god we are addicted to something that won't kill us. [/hide] Link to comment Share on other sites More sharing options...
Hegelstad Posted April 6, 2011 Share Posted April 6, 2011 I recently changed all my recovery questions because some idiot from Germany added me on facebook and tried to social engineer me ;o He asked a lot of questions about recovery questions in a way that you wouldn't think that you answered recovery questions, they are really clever. So be alert! My lame drops:6 Effigys1 D Med - 1 D Dagger1 Verac's Helmet - 1 Guthan's Platebody Link to comment Share on other sites More sharing options...
Jaffy1 Posted April 6, 2011 Share Posted April 6, 2011 I recently changed all my recovery questions because some idiot from Germany added me on facebook and tried to social engineer me ;oDon't let random people add you on facebook. xDSeriously though, some of those "kids" care too much... Why put in so much effort to "hack" someone? Anyhow, if you can, try making it so only you know/can guess the answers to your recovery questions. That excludes family and real life friends too. Tip.It Website Crew Leader[hide=Quotes]I love it how Jafje comes outa nowhere and answers my questionsHehe now we know what real life does...drugs, drugs, more drugs. Thank god we are addicted to something that won't kill us. [/hide] Link to comment Share on other sites More sharing options...
Hegelstad Posted April 6, 2011 Share Posted April 6, 2011 I recently changed all my recovery questions because some idiot from Germany added me on facebook and tried to social engineer me ;oDon't let random people add you on facebook. xDSeriously though, some of those "kids" care too much... Why put in so much effort to "hack" someone? Anyhow, if you can, try making it so only you know/can guess the answers to your recovery questions. That excludes family and real life friends too. He acted like he knew me, faked ID, so be careful out there! My lame drops:6 Effigys1 D Med - 1 D Dagger1 Verac's Helmet - 1 Guthan's Platebody Link to comment Share on other sites More sharing options...
pulli23 Posted April 6, 2011 Share Posted April 6, 2011 jagex should allow for "unresettable" (apart from manual jagex intervention) bank pins. - If you go on holiday/taking a break of rs your bank pin is now worth nothing! First they came to fishingand I didn't speak out because I wasn't fishing Then they came to the yewsand I didn't speak out because I didn't cut yews Then they came for the oresand I didn't speak out because I didn't collect ores Then they came for meand there was no one left to speak out for me. Link to comment Share on other sites More sharing options...
ixfd64 Posted April 6, 2011 Author Share Posted April 6, 2011 Thanks for the suggestions, Jaffy1. However, the downside of changing display names is that it may confuse friends, especially those who haven't played in a long time. For example, I've often had to ask friends who have changed their display names to identify themselves after coming back from long breaks. I know that some IM users will block/delete unfamiliar people on their buddy list, so I'd imagine that the same goes for RuneScape. Personally, I do not do this, but I obviously can't say the same for my friends. You have a wikipedia page? :mellow: User page, not article. I'm not that famous! :lol: ARENAscape: Baratus [AS] max hit: 166 with Moon Battle Hammer ixfd64 [AS] max hit: 116 with (untitled spell #2) Link to comment Share on other sites More sharing options...
Jaffy1 Posted April 6, 2011 Share Posted April 6, 2011 Thanks for the suggestions, Jaffy1. However, the downside of changing display names is that it may confuse friends, especially those who haven't played in a long time. For example, I've often had to ask friends who have changed their display names to identify themselves after coming back from long breaks. I know that some IM users will block/delete unfamiliar people on their buddy list. I'd imagine that the same goes for RuneScape. Personally, I do not do this, but I obviously can't say the same for my friends.You're welcome. :DIn the case of friends confusion, changing it once will do the trick.If they recall your old username they can still enter your clan chat (it will take them to yours even after you've lost the "last known as" icon). Hope that helps. Tip.It Website Crew Leader[hide=Quotes]I love it how Jafje comes outa nowhere and answers my questionsHehe now we know what real life does...drugs, drugs, more drugs. Thank god we are addicted to something that won't kill us. [/hide] Link to comment Share on other sites More sharing options...
la la la Posted April 6, 2011 Share Posted April 6, 2011 Do you tell people on the street that you're a Wikipedia admin? I wish I could tell people that at parties. Link to comment Share on other sites More sharing options...
Wkw Posted April 6, 2011 Share Posted April 6, 2011 My recovery questions are something along the lines of"what is on the empty action figured box in the computer room""how many usb ports does my old computer have""which number seat do i sit in class spell"and "how many windows to the right" ReallyLesse. I've never, ever taken a picture of that part of the roomNor of my old computer.. but I think I've said it. But it isn't one of my questionsOnly the people at my school know this. I added spell because "3" isn't a valid answerLast one, you need to see my house to know that ^^ Don't make them "generic" questions. What is my mothers madein name is too generic. Same pet, first teacher, favorite food. All generic. Runescape player since 2005 Ego Sum Deus Quo Malum Caligo et Barathum Link to comment Share on other sites More sharing options...
Michael Posted April 6, 2011 Share Posted April 6, 2011 My recovery questions are something along the lines of"what is on the empty action figured box in the computer room""how many usb ports does my old computer have""which number seat do i sit in class spell"and "how many windows to the right" ReallyLesse. I've never, ever taken a picture of that part of the roomNor of my old computer.. but I think I've said it. But it isn't one of my questionsOnly the people at my school know this. I added spell because "3" isn't a valid answerLast one, you need to see my house to know that ^^ Don't make them "generic" questions. What is my mothers madein name is too generic. Same pet, first teacher, favorite food. All generic. That's simple, you just don't actually answer the question but answer another question. Link to comment Share on other sites More sharing options...
Rock Hard Posted April 6, 2011 Share Posted April 6, 2011 Do you tell people on the street that you're a Wikipedia admin? I wish I could tell people that at parties. dw, tell them about your 3000 tipit posts and 91 rc instead 'Rock Hard' boss pure - 60/60 Attack | 99/99 Range | 1/1 Defence | 44/44 Prayer | 99/99 Strength | 99/99 Mage - level 79 combat EOC ## '07 Server ## "Best Runescape update ever: Removing 6 years of updates." "Warning: If you are reading this then this warning is for you. Every word you read of this useless fine print is another second off your life. Don't you have other things to do? Is your life so empty that you honestly can't think of a better way to spend these moments? Or are you so impressed with authority that you give respect and credence to all that claim it? Do you read everything you're supposed to read? Do you think every thing you're supposed to think? Buy what you're told to want? Get out of your apartment. Meet a member of the opposite sex. Stop the excessive shopping and masturbation. Quit your job. Start a fight. Prove you're alive. If you don't claim your humanity you will become a statistic. You have been warned- Tyler" Link to comment Share on other sites More sharing options...
Avatar200 Posted April 7, 2011 Share Posted April 7, 2011 My old cooking buddy in Draynor!! Hope you've done everything to prevent future attempts.. :) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now