pulli23 Posted September 9, 2011 Share Posted September 9, 2011 Hackers have access to Damage Inc.'s databases. They have Tip.It's database too. From those, they have possible previous passwords and IP. Which also gives them knowledge to your exact location. Creation date of your account was leaked when you posted it on a thread here not long ago. Given those information, some research and social engineering is all they need.Sigh, "quotation needed" here.. Those things are just rambling without knowlenge: anyone can see anyones IP adress: if you see my avatar you get an image from my server, and I see your IP adress. First they came to fishingand I didn't speak out because I wasn't fishing Then they came to the yewsand I didn't speak out because I didn't cut yews Then they came for the oresand I didn't speak out because I didn't collect ores Then they came for meand there was no one left to speak out for me. Link to comment Share on other sites More sharing options...
BioIce Posted September 9, 2011 Share Posted September 9, 2011 I can back up Plasma that Damage Inc's database was hacked. Giving out the source would be questionable around here. EDIT: Here's a safe link, from another fansite. Goes back to March. http://forums.zybez.net/topic/1491806-damage-incorporated-forums-warning/ Prepare to Die! Path of Exile RPG "Think where man's glory most begins and ends, and say my glory was I had such friends." Yeats Link to comment Share on other sites More sharing options...
RoswellCrash Posted September 9, 2011 Share Posted September 9, 2011 I've been hacked twice but both of the times have been 100% my fault for being an idiot. Though neither resulted in any real losses (first one was my first account, level 67, and the second was my current account this year and I got everything off it plus recovered it). I have a lot of time & respect for people that realise & admit it was there own fault when they are hacked, it's only very very rare cases that someone who has been hacked without putting a finger wrong, a case I've never actually seen with a RuneScape account. Personally, all hacked accounts could have avoided if the account owner had proper security practices in place. You've either, downloaded something, clicked a doggy link, not had adequate protection in place or not done the required upkeep on your software. Using the internet is like driving a car, if your alert & put proper practices into place you can avoid accidents, but yes there is the possibility of an accident you can't control unless your Dade Murphy. With RuneScape though I doubt anyone with the power & knowledge to hack even the most secure of computers is going to waste & risk there time on a trivial account. The people that are trying to steal accounts are using crude/ recycled ways that will not affect a person that properly secures themselves. (before I get flamed: these are my own views & opinions) - Twitter | RuneScape FB Group | My PC Link to comment Share on other sites More sharing options...
langer Posted September 9, 2011 Share Posted September 9, 2011 Nah I didn't hack anyone lately. Follow the progress of top players and my weekly updates here: 200M in all SkillsLatest Milestones Chart update : page 602Latest top 15 update : page 6026 slowest skills chart : page 563 Link to comment Share on other sites More sharing options...
essiw Posted September 9, 2011 Share Posted September 9, 2011 Nah I didn't hack anyone lately.Nice one langer lol :P I did get hacked a while ago because I did use my girlfriends computer and the paid virus scan (on yearly base yeah) didn't find the trojan, then after a few tries we tried an other virus scan and it saw the trojan... Had no bank pin set then, luckily he didn't knew how much tree seeds and clue rewards are worth... Got all my stuff back though from an old friend who doesn't play anymore. http://sign.tip.it/1/2/79/260/essiw.png Retired item crew I would like to be credited as essiw at the website update & corrections forum. Thanks! Link to comment Share on other sites More sharing options...
jimmy_jim Posted September 9, 2011 Share Posted September 9, 2011 Hackers have access to Damage Inc.'s databases. They have Tip.It's database too. Our database hasn't been leaked RIP Michaelangelopolousu can control my tip it account, but youll never control how fine i am!This is by FAR my favorite song: I love N_odie and would never edit his posts! I love Rainy_Day too <3 And also Cowman_133. <33 Oh, and Laikrob is a going to hunt me down and kill me like a pest kangaroo if I reveal how awesome she is. I owe tripsis skittles. DarkDude feels like he's missing out. This is my siggy! - n_odie Rainy_Day MINE! - n_odie Rainy_Day And meol shouldn't feel left out. Oh, and Y_Guy is a noob awesome Link to comment Share on other sites More sharing options...
Heisenberg Posted September 9, 2011 Share Posted September 9, 2011 Hackers have access to Damage Inc.'s databases. They have Tip.It's database too. Our database hasn't been leaked Maybe not recently.... Link to comment Share on other sites More sharing options...
jimmy_jim Posted September 9, 2011 Share Posted September 9, 2011 Hackers have access to Damage Inc.'s databases. They have Tip.It's database too. Our database hasn't been leaked Maybe not recently....Like 6 years ago? :P RIP Michaelangelopolousu can control my tip it account, but youll never control how fine i am!This is by FAR my favorite song: I love N_odie and would never edit his posts! I love Rainy_Day too <3 And also Cowman_133. <33 Oh, and Laikrob is a going to hunt me down and kill me like a pest kangaroo if I reveal how awesome she is. I owe tripsis skittles. DarkDude feels like he's missing out. This is my siggy! - n_odie Rainy_Day MINE! - n_odie Rainy_Day And meol shouldn't feel left out. Oh, and Y_Guy is a noob awesome Link to comment Share on other sites More sharing options...
Mercifull Posted September 9, 2011 Share Posted September 9, 2011 Hackers have access to Damage Inc.'s databases. They have Tip.It's database too. Our database hasn't been leaked Maybe not recently....Like 6 years ago? :PAnd as people should be changing their passwords regularly and using different passwords for different sites then it shouldn't be an issue any more. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
n64jive Posted September 9, 2011 Share Posted September 9, 2011 As been said, getting someone's IP is fairly simple to do(However associating an IP with a runescape account could be more difficult, although I could think of a few ways to do it).I really doubt Jagex would unlock someones account based on only IP. If the person had access to previous passwords, that would be another step in the right direction, however I have had to recover my account before, and with all accurate information, except bank card details, it took me many attempts to get my account. I can only imagine how long it would take without accurate information. Link to comment Share on other sites More sharing options...
Unb34t4bl3 Posted September 9, 2011 Share Posted September 9, 2011 I've heard of this type of hacking. Basically there is a group of hackers that only target inactive accounts. Over months they will attempt to gain as much personal information about the account as they can. They may even attempt to hack your email account if they know it (to see if you have emails from Jagex that contain your past transactions - so delete those if you have not and store them somewhere on your computer/usb/external etc). They'll attempt to recover many times though fail, but at some point they will finally have a successful attempt. Now as to why they only do this to inactive accounts? Because of bank pins. An active player will come to the realization their account has been compromised within a day or two after it actually happens. They'll re-recover the account, and cancel the bank pin cancellation request. From that point it's useless for the hacker to keep trying because all it will result in is an account lock, and the account will go back to the rightful owner anyway. They go after players they know are loaded, or suspect to be loaded. They'll take your items, and sell them in the black market. To them a successful hack could be worth thousands, if not over $100,000 (as in the case of Chessy018). I find it extremely stupid that Jagex does not notify you of a recovery attempt via in-game or maybe even via email/text (for inactive players). At least in that case you could completely prevent a successful hacking (and stealing of items) if the hacker actually manages to get on your account. FairTraders.net (Merchant Guides + Grand Exchange Update Notifier)Get FREE Grand Exchange updates through the website, by email, or through your mobile device! Link to comment Share on other sites More sharing options...
Noxx Posted September 9, 2011 Share Posted September 9, 2011 Been "keylogged" once and have had my account recovered once.About 2 years ago i stopped playing for a good 10 months. Account was as secure as could be but when i came back ~10months later i found my account had been quite active while i was gone. Few levels had been raised, my bank dropped from ~1.2b to 30m. The person that recovered my account had been pking a lot, without success i should add.Not long after that i got keylogged somehow. No idea how but i used wiki quite often back then so i might have picked up something from that. Virus scan didnt stop it nor detect it. I had to manually look for it in my task manager. Friend of mine also got keylogged about 2 or 3 days ago. He might have been to some dodgy sites, i'll never know. He got cleaned, basically. Virus scan didn't stop nor detect any threats either. Had to download and run malwarebytes before anything was detected. Sad days. Link to comment Share on other sites More sharing options...
rudes7 Posted September 9, 2011 Share Posted September 9, 2011 Hackers have access to Damage Inc.'s databases. They have Tip.It's database too. From those, they have possible previous passwords and IP. Which also gives them knowledge to your exact location. Creation date of your account was leaked when you posted it on a thread here not long ago. Given those information, some research and social engineering is all they need. You sir have pretty much summed it all up, 3hitu if you have been registered on other runescape forums (even tip.it in some cases) hackers could have access to private info like email, isp, previous passwords...e.t.c Also the fact that you are a fairly FAMOUS player and also INACTIVE and also! Wealthy makes you and obvious target.Quite unfortunate tbh :/ Link to comment Share on other sites More sharing options...
rudes7 Posted September 9, 2011 Share Posted September 9, 2011 Hackers have access to Damage Inc.'s databases. They have Tip.It's database too. Our database hasn't been leaked Some hackers may have admin access on tip.it, believe it or not idc. Link to comment Share on other sites More sharing options...
tripsis Posted September 9, 2011 Share Posted September 9, 2011 Hackers have access to Damage Inc.'s databases. They have Tip.It's database too. Our database hasn't been leaked Some hackers may have admin access on tip.it, believe it or not idc.I assure you that no one other than Tip.It admins have access to our ACP. If someone else were to access it, we would know. We are extra careful about this and have multiple layers of security in place to prevent it from happening. - 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting - - 99 runecrafting - 99 prayer - 125 combat - 95 farming - - Blog - DeviantART - Book Reviews & Blog Link to comment Share on other sites More sharing options...
Jmmy Posted September 9, 2011 Share Posted September 9, 2011 LOLEveryone who gets hacked always says the same stuff... Protip _ stop watching those videos Link to comment Share on other sites More sharing options...
The Observer Posted September 9, 2011 Share Posted September 9, 2011 No one has access to the Tip.it Admin CP unless they are in this usergroup. I assure you, every admin login and failed log in is logged with the IP address and the timestamp. This is from experience from my own clan boards which uses identical board software. Additionally, there are many many layers of security which I'm sure have been put in place. The only database that has been hacked recently has been Damage Inc's. If you registered on there and used the same password that you used for RuneScape, or even an old password, they could have recovered it with additional information by doing a bit of research. There has been a lot of hacking incidents recently. Just try extra hard to keep your account secure and you should be fine. Remember that the email you have registered must also be secure. I personally use Gmail because my old hotmail account was hacked due to an insecure password, but again, just from personal experience. This is just an example of the many ways you could have had your account accessed. You could have also been keylogged so that's the thing you need to check first. Link to comment Share on other sites More sharing options...
L2Pullout Posted September 9, 2011 Share Posted September 9, 2011 Jagex hands out accounts like they are nothing these days. It's very easy to recover an inactive account, look at all the top players that have been recovered recently. Jagex doesn't care at all, if you get just 1 or 2 questions right then the account is yours. Link to comment Share on other sites More sharing options...
4nr Posted September 9, 2011 Share Posted September 9, 2011 It's because the appeal system is automated for the most part, so an actual person most likely never ever sees it. Link to comment Share on other sites More sharing options...
jasignhagj Posted September 9, 2011 Share Posted September 9, 2011 I went in a couple months ago and changed all my recovs to random strings of text which I have saved on an encrypted memory stick I keep hidden in my room. Having anything even remotely guessable is asking for trouble. Link to comment Share on other sites More sharing options...
pulli23 Posted September 9, 2011 Share Posted September 9, 2011 Besides: the whole password system is encrypted: even admins can't see your password. What is it with all those stupidity here of people who don't know what they are talking about making false claims? First they came to fishingand I didn't speak out because I wasn't fishing Then they came to the yewsand I didn't speak out because I didn't cut yews Then they came for the oresand I didn't speak out because I didn't collect ores Then they came for meand there was no one left to speak out for me. Link to comment Share on other sites More sharing options...
SixFootOne Posted September 9, 2011 Share Posted September 9, 2011 A lot of it is from people recovering accounts. Various groups hack websites and get their databases (fansites and forums are big targets specifically older ones). Someone got a hold of an older version of tip.its database. Also they go around the runescape classic forum on here and pick out names (because most likely the don't still play). If you are on damage incorporated they got hacked i think the beginning out august and their database was up for sale not too long ago. Also even when the passwords are encrypted if you have an semi easy password there are ways of "decrypting it" or at least having a website go through combos of passwords such as md5 and you can just search it on there http://www.md5decrypter.co.uk/. Some bad language but you can see he has tip.its database [hide][/hide] And anyone who spends 5 minutes on pastebin can find loads of userbase dumps for rs accounts. All of this info people post about themselves is just helpful for people trying to steal their account. The most valuable parts being the creation date(all the hacking sites have links to tip.its threads where you post when you started playing) and first password(which is usually easy to guess because most people who played back then had an easy password, or even search the 100 most used passwords). Link to comment Share on other sites More sharing options...
Defil3d Posted September 10, 2011 Share Posted September 10, 2011 A lot of it is from people recovering accounts. Various groups hack websites and get their databases (fansites and forums are big targets specifically older ones). Someone got a hold of an older version of tip.its database. Also they go around the runescape classic forum on here and pick out names (because most likely the don't still play). If you are on damage incorporated they got hacked i think the beginning out august and their database was up for sale not too long ago. Also even when the passwords are encrypted if you have an semi easy password there are ways of "decrypting it" or at least having a website go through combos of passwords such as md5 and you can just search it on there http://www.md5decrypter.co.uk/. Some bad language but you can see he has tip.its database [hide][/hide] And anyone who spends 5 minutes on pastebin can find loads of userbase dumps for rs accounts. All of this info people post about themselves is just helpful for people trying to steal their account. The most valuable parts being the creation date(all the hacking sites have links to tip.its threads where you post when you started playing) and first password(which is usually easy to guess because most people who played back then had an easy password, or even search the 100 most used passwords). Wow lol I wrote basically your post like 2 times , and both times some mod deleted it. YES. PoorLepRecon WAS Social Engineered , he was a Supermod at the time , basically everyone from 2004-2005 was dumped User/ip/email they didn't inform there members on tip.it though. ^^ Though that is just 1 of the incidents they haven't reported to there members. Link to comment Share on other sites More sharing options...
tripsis Posted September 10, 2011 Share Posted September 10, 2011 Moderators have been compromised in the past. It's not something that we're proud of but it's incredibly difficult to ensure that ~50 peoples' accounts are constantly secure. We always stay alert to monitor account activity so that we can be on top of things and take action if necessary. The admins are constantly working hard to improve our security to ensure that everyone's information remains private and safe. We have put out several security announcements on both the forum and main site, instructing people on how to best protect their accounts by beefing up their own security, using separate e-mails, etc. We do the best we can but at the end of the day, it's also up to the individuals to take certain measures to protect themselves. - 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting - - 99 runecrafting - 99 prayer - 125 combat - 95 farming - - Blog - DeviantART - Book Reviews & Blog Link to comment Share on other sites More sharing options...
meister14 Posted September 10, 2011 Share Posted September 10, 2011 Speaking of hackings... has anyone seen a response from chessy018 about her account being hacked? Donate to S_U__O__M_I !!!!!!!!!!!!! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now