Jump to content

RuneScape account hacked - what did I do wrong?


ixfd64

Recommended Posts

My RuneScape account got hacked a few days ago.

 

I was trying to enter the April quiz contest last night when I noticed that I was unable to log in. Since I was able to access all of my other accounts, I figured that I had been "hacked." When I recovered my account about half an hour later, I noticed that my bank PIN was just seven hours away from getting deleted. In addition, my friends list had been cleared, and my default CC was set to a channel called "Team Hax." :rolleyes:

 

The good news is, I didn't lose any valuables. Phew! *kisses bank PIN* On the other hand, it's going to be a pain in the @$# to add all of my friends back.

 

I did search for my name on some well-known cheat sites but could find no mention of anyone bragging about "hacking" me, so I'm not sure why I was picked as a target. When I first got "hacked" in April 2003, I was fairly well known at that time because I was only the 40th person to get level 99 cooking. But since level 99 skills are very common these days, I don't think it was my stats that made me a target. However, I do have the distinction of being one of the first 2000 players to sign up, as well as a former player moderator. From what I've seen, these are considered valuable targets for account thieves.

 

My password was alphanumeric and had 11 characters, so I think it would have been very hard to guess. But then again, RuneScape passwords aren't that secure because they aren't case-sensitive and no longer support punctuation. HijackThis found no suspicious programs, and my recent virus scans had come up clean, so it couldn't have been a keylogger.

 

So I guess the "hacker" had guessed my password recovery answers. Admittedly, one of them could be found on my Wikipedia page, and two others weren't that hard to guess. I mean, just because I never explicitly told people what my favorite vacation spot was doesn't mean people couldn't deduce it from reading my blog, etc. Gotta love social engineering.

 

Incidentally, my AIM account also got hacked about two weeks ago, although I'm not sure if it had anything to do with this.

 

Lessons learned:

 

1. Don't set security questions whose answers can be easily deduced, even if they are not mentioned explicitly.

2. Similarly, when posting blog entries, etc., make sure that you don't accidentally answer a security question.

 

That having been said, was there anything else I could have done to prevent this?

 

I also have two other questions:

 

1. If I recover my account using the "stolen" option (as opposed to forgetting my password), will this automatically flag my account for investigation?

2. I know that Jagex does not give back stolen items. However, will they restore my friends list? I don't think I can recall all 100 names off the top of my head.

ixfd64.png

 

ARENAscape:

 

Baratus [AS] max hit: 166 with Moon Battle Hammer

ixfd64 [AS] max hit: 116 with (untitled spell #2)

Link to comment
Share on other sites

I also have two other questions:

 

1. If I recover my account using the "stolen" option (as opposed to forgetting my password), will this automatically flag my account for investigation?

2. I know that Jagex does not give back stolen items. However, will they restore my friends list? I don't think I can recall all 100 names off the top of my head.

From what you've said I don't see what you've done wrong (if anything at all), but to help avoid being hacked, ensuring your login username is unknown may be useful. This can be done by changing your name twice, or once and wait for the "last known as" to disappear (new accounts have mail addresses as a login). Ooh, and since you were close to your pin cancellation time, get a 7 day delay instead of 3 (if you don't already have that). ;)

 

Obviously recovery questions should be memorable, but no-one should be able to guess them. If you want a tip, asking about very personal things may be a solution i.e. things you have told no-one (possibly a question about a past password or childhood memories?).

 

To answer the other two questions, I believe that checking the "stolen" option gives your query priority with regard to being reviewed. It's possible Jagex looks at other things too, but I don't know if or what exactly they would do.

 

It's also doubtful they'll restore your friends list, unfortunately, but I imagine the people you can't remember will pm you if you keep it at "on" mode?

ms_julie.png

jafjepediasig.jpg

 

 

angel2w.gif Tip.It Website Crew Leader

[hide=Quotes]

I love it how Jafje comes outa nowhere and answers my questions

Hehe now we know what real life does...drugs, drugs, more drugs. Thank god we are addicted to something that won't kill us.

[/hide]

Link to comment
Share on other sites

No, Jagex can't restore your friends list. You'll either have to remember or just forget about it.

 

You didn't learn these lessons from Sarah Palin's little deal? Where some kid hacked her government email by guessing her recoveries?

 

Just a good thing you had a PIN. Better safe than sorry.

PM me for fitocracy invite

Link to comment
Share on other sites

You have a wikipedia page? :mellow:

 

If you've got information about yourself online, it might not be a bad idea to set random passwords or letters or something as the answers to your recovery questions, instead of actual information. Write them down or save them onto your computer, then you can have them but they'll be difficult to guess.

Link to comment
Share on other sites

Pardon this blunt expression, but............... DDDDAAAAMMMMMNNNNNNIIIIITTTTT!!! :angry:

 

Well, this explains why I was showing as not on your friends list when I last checked your chat channel like yesterday or the day before, and definitely prior to some jerk changing your channel's name. Good thing I came back to Tip.It Forums, or I would never have seen something like this to alert me to what happened. Sorry to hear this happened to you, though. :(

 

However, I'm glad to hear you got your account back from the jerk(s) that stole it from you. If you want to get in touch, I've been bouncing between RuneScape and FunOrb's "Steel Sentinels" off and on. So feel free to add me back on and send a private chat message. I'll look forward to hearing from you, that's for sure. :)

 

~Mr. D. V. "Unholy Ouch! Glad to hear you got control back!" Devnull

 

 

(p.s.: One of my F2P stats fell below 2,000,000th place, so my combat's reading low. That should be showing as Cb Lvl 85 in my siggy...)

 

(p.p.s.: I don't believe this... I don't have you added to my buddy list on TIF as well? Adding now!)

tifuserbar-dsavi_x4.jpg and normally with a cool mind.

(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

Link to comment
Share on other sites

Write them down or save them onto your computer, then you can have them but they'll be difficult to guess.

It's a bad idea to save any kind of password/sensitive information on your computer.

Write them down if you must, but it's best if you can just remember them.

ms_julie.png

jafjepediasig.jpg

 

 

angel2w.gif Tip.It Website Crew Leader

[hide=Quotes]

I love it how Jafje comes outa nowhere and answers my questions

Hehe now we know what real life does...drugs, drugs, more drugs. Thank god we are addicted to something that won't kill us.

[/hide]

Link to comment
Share on other sites

I recently changed all my recovery questions because some idiot from Germany added me on facebook and tried to social engineer me ;o

 

He asked a lot of questions about recovery questions in a way that you wouldn't think that you answered recovery questions, they are really clever. So be alert!

My lame drops:
6 Effigys
1 D Med - 1 D Dagger
1 Verac's Helmet - 1 Guthan's Platebody

Link to comment
Share on other sites

I recently changed all my recovery questions because some idiot from Germany added me on facebook and tried to social engineer me ;o

Don't let random people add you on facebook. xD

Seriously though, some of those "kids" care too much... Why put in so much effort to "hack" someone?

 

Anyhow, if you can, try making it so only you know/can guess the answers to your recovery questions.

That excludes family and real life friends too.

ms_julie.png

jafjepediasig.jpg

 

 

angel2w.gif Tip.It Website Crew Leader

[hide=Quotes]

I love it how Jafje comes outa nowhere and answers my questions

Hehe now we know what real life does...drugs, drugs, more drugs. Thank god we are addicted to something that won't kill us.

[/hide]

Link to comment
Share on other sites

I recently changed all my recovery questions because some idiot from Germany added me on facebook and tried to social engineer me ;o

Don't let random people add you on facebook. xD

Seriously though, some of those "kids" care too much... Why put in so much effort to "hack" someone?

 

Anyhow, if you can, try making it so only you know/can guess the answers to your recovery questions.

That excludes family and real life friends too.

 

He acted like he knew me, faked ID, so be careful out there!

My lame drops:
6 Effigys
1 D Med - 1 D Dagger
1 Verac's Helmet - 1 Guthan's Platebody

Link to comment
Share on other sites

jagex should allow for "unresettable" (apart from manual jagex intervention) bank pins. - If you go on holiday/taking a break of rs your bank pin is now worth nothing!

First they came to fishing

and I didn't speak out because I wasn't fishing

 

Then they came to the yews

and I didn't speak out because I didn't cut yews

 

Then they came for the ores

and I didn't speak out because I didn't collect ores

 

Then they came for me

and there was no one left to speak out for me.

Link to comment
Share on other sites

Thanks for the suggestions, Jaffy1.

 

However, the downside of changing display names is that it may confuse friends, especially those who haven't played in a long time. For example, I've often had to ask friends who have changed their display names to identify themselves after coming back from long breaks.

 

I know that some IM users will block/delete unfamiliar people on their buddy list, so I'd imagine that the same goes for RuneScape. Personally, I do not do this, but I obviously can't say the same for my friends.

 

You have a wikipedia page? :mellow:

 

User page, not article. I'm not that famous! :lol:

ixfd64.png

 

ARENAscape:

 

Baratus [AS] max hit: 166 with Moon Battle Hammer

ixfd64 [AS] max hit: 116 with (untitled spell #2)

Link to comment
Share on other sites

Thanks for the suggestions, Jaffy1.

 

However, the downside of changing display names is that it may confuse friends, especially those who haven't played in a long time. For example, I've often had to ask friends who have changed their display names to identify themselves after coming back from long breaks.

 

I know that some IM users will block/delete unfamiliar people on their buddy list. I'd imagine that the same goes for RuneScape. Personally, I do not do this, but I obviously can't say the same for my friends.

You're welcome. :D

In the case of friends confusion, changing it once will do the trick.

If they recall your old username they can still enter your clan chat (it will take them to yours even after you've lost the "last known as" icon).

 

Hope that helps.

ms_julie.png

jafjepediasig.jpg

 

 

angel2w.gif Tip.It Website Crew Leader

[hide=Quotes]

I love it how Jafje comes outa nowhere and answers my questions

Hehe now we know what real life does...drugs, drugs, more drugs. Thank god we are addicted to something that won't kill us.

[/hide]

Link to comment
Share on other sites

My recovery questions are something along the lines of

"what is on the empty action figured box in the computer room"

"how many usb ports does my old computer have"

"which number seat do i sit in class spell"

and "how many windows to the right"

 

Really

Lesse. I've never, ever taken a picture of that part of the room

Nor of my old computer.. but I think I've said it. But it isn't one of my questions

Only the people at my school know this. I added spell because "3" isn't a valid answer

Last one, you need to see my house to know that ^^

 

 

 

Don't make them "generic" questions. What is my mothers madein name is too generic. Same pet, first teacher, favorite food. All generic.

Runescape player since 2005
Ego Sum Deus Quo Malum Caligo et Barathum


 

Link to comment
Share on other sites

My recovery questions are something along the lines of

"what is on the empty action figured box in the computer room"

"how many usb ports does my old computer have"

"which number seat do i sit in class spell"

and "how many windows to the right"

 

Really

Lesse. I've never, ever taken a picture of that part of the room

Nor of my old computer.. but I think I've said it. But it isn't one of my questions

Only the people at my school know this. I added spell because "3" isn't a valid answer

Last one, you need to see my house to know that ^^

 

 

 

Don't make them "generic" questions. What is my mothers madein name is too generic. Same pet, first teacher, favorite food. All generic.

 

That's simple, you just don't actually answer the question but answer another question.

Link to comment
Share on other sites

Do you tell people on the street that you're a Wikipedia admin? I wish I could tell people that at parties.

 

dw, tell them about your 3000 tipit posts and 91 rc instead

'Rock Hard' boss pure - 60/60 Attack | 99/99 Range | 1/1 Defence | 44/44 Prayer | 99/99 Strength | 99/99 Mage - level 79 combat EOC

 

## '07 Server ## "Best Runescape update ever: Removing 6 years of updates."

 

Rock_Hard.png

 

"Warning: If you are reading this then this warning is for you. Every word you read of this useless fine print is another second off your life. Don't you have other things to do? Is your life so empty that you honestly can't think of a better way to spend these moments? Or are you so impressed with authority that you give respect and credence to all that claim it? Do you read everything you're supposed to read? Do you think every thing you're supposed to think? Buy what you're told to want? Get out of your apartment. Meet a member of the opposite sex. Stop the excessive shopping and masturbation. Quit your job. Start a fight. Prove you're alive. If you don't claim your humanity you will become a statistic. You have been warned- Tyler"

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.