Jump to content

Anyone hacked lately?


@Dan3HitU

Recommended Posts

Hackers have access to Damage Inc.'s databases. They have Tip.It's database too.

 

From those, they have possible previous passwords and IP. Which also gives them knowledge to your exact location.

 

Creation date of your account was leaked when you posted it on a thread here not long ago.

 

Given those information, some research and social engineering is all they need.

Sigh, "quotation needed" here.. Those things are just rambling without knowlenge:

 

anyone can see anyones IP adress: if you see my avatar you get an image from my server, and I see your IP adress.

First they came to fishing

and I didn't speak out because I wasn't fishing

 

Then they came to the yews

and I didn't speak out because I didn't cut yews

 

Then they came for the ores

and I didn't speak out because I didn't collect ores

 

Then they came for me

and there was no one left to speak out for me.

Link to comment
Share on other sites

  • Replies 141
  • Created
  • Last Reply

Top Posters In This Topic

I can back up Plasma that Damage Inc's database was hacked. Giving out the source would be questionable around here.

 

EDIT: Here's a safe link, from another fansite. Goes back to March.

 

http://forums.zybez.net/topic/1491806-damage-incorporated-forums-warning/

Prepare to Die! Path of Exile RPG

 

1emk2e.png

"Think where man's glory most begins and ends, and say my glory was I had such friends." Yeats

Link to comment
Share on other sites

I've been hacked twice but both of the times have been 100% my fault for being an idiot. Though neither resulted in any real losses (first one was my first account, level 67, and the second was my current account this year and I got everything off it plus recovered it).

 

I have a lot of time & respect for people that realise & admit it was there own fault when they are hacked, it's only very very rare cases that someone who has been hacked without putting a finger wrong, a case I've never actually seen with a RuneScape account.

 

Personally, all hacked accounts could have avoided if the account owner had proper security practices in place. You've either, downloaded something, clicked a doggy link, not had adequate protection in place or not done the required upkeep on your software.

 

Using the internet is like driving a car, if your alert & put proper practices into place you can avoid accidents, but yes there is the possibility of an accident you can't control unless your Dade Murphy.

 

With RuneScape though I doubt anyone with the power & knowledge to hack even the most secure of computers is going to waste & risk there time on a trivial account.

 

The people that are trying to steal accounts are using crude/ recycled ways that will not affect a person that properly secures themselves.

 

(before I get flamed: these are my own views & opinions)

Link to comment
Share on other sites

Nah I didn't hack anyone lately.

Nice one langer lol :P

 

I did get hacked a while ago because I did use my girlfriends computer and the paid virus scan (on yearly base yeah) didn't find the trojan, then after a few tries we tried an other virus scan and it saw the trojan... Had no bank pin set then, luckily he didn't knew how much tree seeds and clue rewards are worth... Got all my stuff back though from an old friend who doesn't play anymore.

http://sign.tip.it/1/2/79/260/essiw.png

Retired item crew

I would like to be credited as essiw at the website update & corrections forum. Thanks!

Link to comment
Share on other sites

Hackers have access to Damage Inc.'s databases. They have Tip.It's database too.

Our database hasn't been leaked

RIP Michaelangelopolous

u can control my tip it account, but youll never control how fine i am!

This is by FAR my favorite song:

 

I love N_odie and would never edit his posts! I love Rainy_Day too <3 And also Cowman_133. <33 Oh, and Laikrob is a going to hunt me down and kill me like a pest kangaroo if I reveal how awesome she is. I owe tripsis skittles. DarkDude feels like he's missing out. This is my siggy! - n_odie Rainy_Day MINE! - n_odie Rainy_Day And meol shouldn't feel left out. Oh, and Y_Guy is a noob awesome

 

Link to comment
Share on other sites

Hackers have access to Damage Inc.'s databases. They have Tip.It's database too.

Our database hasn't been leaked

 

Maybe not recently....

Like 6 years ago? :P

RIP Michaelangelopolous

u can control my tip it account, but youll never control how fine i am!

This is by FAR my favorite song:

 

I love N_odie and would never edit his posts! I love Rainy_Day too <3 And also Cowman_133. <33 Oh, and Laikrob is a going to hunt me down and kill me like a pest kangaroo if I reveal how awesome she is. I owe tripsis skittles. DarkDude feels like he's missing out. This is my siggy! - n_odie Rainy_Day MINE! - n_odie Rainy_Day And meol shouldn't feel left out. Oh, and Y_Guy is a noob awesome

 

Link to comment
Share on other sites

Hackers have access to Damage Inc.'s databases. They have Tip.It's database too.

Our database hasn't been leaked

 

Maybe not recently....

Like 6 years ago? :P

And as people should be changing their passwords regularly and using different passwords for different sites then it shouldn't be an issue any more.

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites

As been said, getting someone's IP is fairly simple to do(However associating an IP with a runescape account could be more difficult, although I could think of a few ways to do it).

I really doubt Jagex would unlock someones account based on only IP. If the person had access to previous passwords, that would be another step in the right direction, however I have had to recover my account before, and with all accurate information, except bank card details, it took me many attempts to get my account. I can only imagine how long it would take without accurate information.

w4M8t.png
Link to comment
Share on other sites

I've heard of this type of hacking. Basically there is a group of hackers that only target inactive accounts. Over months they will attempt to gain as much personal information about the account as they can. They may even attempt to hack your email account if they know it (to see if you have emails from Jagex that contain your past transactions - so delete those if you have not and store them somewhere on your computer/usb/external etc). They'll attempt to recover many times though fail, but at some point they will finally have a successful attempt.

 

Now as to why they only do this to inactive accounts? Because of bank pins. An active player will come to the realization their account has been compromised within a day or two after it actually happens. They'll re-recover the account, and cancel the bank pin cancellation request. From that point it's useless for the hacker to keep trying because all it will result in is an account lock, and the account will go back to the rightful owner anyway.

 

They go after players they know are loaded, or suspect to be loaded. They'll take your items, and sell them in the black market. To them a successful hack could be worth thousands, if not over $100,000 (as in the case of Chessy018).

 

I find it extremely stupid that Jagex does not notify you of a recovery attempt via in-game or maybe even via email/text (for inactive players). At least in that case you could completely prevent a successful hacking (and stealing of items) if the hacker actually manages to get on your account.

FairTraders.net (Merchant Guides + Grand Exchange Update Notifier)

Get FREE Grand Exchange updates through the website, by email, or through your mobile device!

 

ftsig.png

Link to comment
Share on other sites

Been "keylogged" once and have had my account recovered once.

About 2 years ago i stopped playing for a good 10 months. Account was as secure as could be but when i came back ~10months later i found my account had been quite active while i was gone. Few levels had been raised, my bank dropped from ~1.2b to 30m. The person that recovered my account had been pking a lot, without success i should add.

Not long after that i got keylogged somehow. No idea how but i used wiki quite often back then so i might have picked up something from that. Virus scan didnt stop it nor detect it. I had to manually look for it in my task manager.

 

Friend of mine also got keylogged about 2 or 3 days ago. He might have been to some dodgy sites, i'll never know. He got cleaned, basically. Virus scan didn't stop nor detect any threats either. Had to download and run malwarebytes before anything was detected. Sad days.

Link to comment
Share on other sites

Hackers have access to Damage Inc.'s databases. They have Tip.It's database too.

 

From those, they have possible previous passwords and IP. Which also gives them knowledge to your exact location.

 

Creation date of your account was leaked when you posted it on a thread here not long ago.

 

Given those information, some research and social engineering is all they need.

 

You sir have pretty much summed it all up, 3hitu if you have been registered on other runescape forums (even tip.it in some cases) hackers could have access to private info like email, isp, previous passwords...e.t.c

 

Also the fact that you are a fairly FAMOUS player and also INACTIVE and also! Wealthy makes you and obvious target.

Quite unfortunate tbh :/

Link to comment
Share on other sites

Hackers have access to Damage Inc.'s databases. They have Tip.It's database too.

Our database hasn't been leaked

 

Some hackers may have admin access on tip.it, believe it or not idc.

I assure you that no one other than Tip.It admins have access to our ACP. If someone else were to access it, we would know. We are extra careful about this and have multiple layers of security in place to prevent it from happening.

Posted Image

 

- 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting -

- 99 runecrafting - 99 prayer - 125 combat - 95 farming -

- Blog - DeviantART - Book Reviews & Blog

Link to comment
Share on other sites

No one has access to the Tip.it Admin CP unless they are in this usergroup. I assure you, every admin login and failed log in is logged with the IP address and the timestamp. This is from experience from my own clan boards which uses identical board software.

 

Additionally, there are many many layers of security which I'm sure have been put in place.

 

The only database that has been hacked recently has been Damage Inc's. If you registered on there and used the same password that you used for RuneScape, or even an old password, they could have recovered it with additional information by doing a bit of research.

 

There has been a lot of hacking incidents recently. Just try extra hard to keep your account secure and you should be fine. Remember that the email you have registered must also be secure. I personally use Gmail because my old hotmail account was hacked due to an insecure password, but again, just from personal experience.

 

This is just an example of the many ways you could have had your account accessed. You could have also been keylogged so that's the thing you need to check first.

j0xPu5R.png

Link to comment
Share on other sites

Jagex hands out accounts like they are nothing these days. It's very easy to recover an inactive account, look at all the top players that have been recovered recently. Jagex doesn't care at all, if you get just 1 or 2 questions right then the account is yours.

L2pullout.png
Link to comment
Share on other sites

Besides: the whole password system is encrypted: even admins can't see your password. What is it with all those stupidity here of people who don't know what they are talking about making false claims?

First they came to fishing

and I didn't speak out because I wasn't fishing

 

Then they came to the yews

and I didn't speak out because I didn't cut yews

 

Then they came for the ores

and I didn't speak out because I didn't collect ores

 

Then they came for me

and there was no one left to speak out for me.

Link to comment
Share on other sites

A lot of it is from people recovering accounts. Various groups hack websites and get their databases (fansites and forums are big targets specifically older ones). Someone got a hold of an older version of tip.its database. Also they go around the runescape classic forum on here and pick out names (because most likely the don't still play). If you are on damage incorporated they got hacked i think the beginning out august and their database was up for sale not too long ago. Also even when the passwords are encrypted if you have an semi easy password there are ways of "decrypting it" or at least having a website go through combos of passwords such as md5 and you can just search it on there http://www.md5decrypter.co.uk/.

 

Some bad language but you can see he has tip.its database

 

[hide]

meili.png

[/hide]

 

 

And anyone who spends 5 minutes on pastebin can find loads of userbase dumps for rs accounts. All of this info people post about themselves is just helpful for people trying to steal their account. The most valuable parts being the creation date(all the hacking sites have links to tip.its threads where you post when you started playing) and first password(which is usually easy to guess because most people who played back then had an easy password, or even search the 100 most used passwords).

jpegsigtest.jpg
Link to comment
Share on other sites

A lot of it is from people recovering accounts. Various groups hack websites and get their databases (fansites and forums are big targets specifically older ones). Someone got a hold of an older version of tip.its database. Also they go around the runescape classic forum on here and pick out names (because most likely the don't still play). If you are on damage incorporated they got hacked i think the beginning out august and their database was up for sale not too long ago. Also even when the passwords are encrypted if you have an semi easy password there are ways of "decrypting it" or at least having a website go through combos of passwords such as md5 and you can just search it on there http://www.md5decrypter.co.uk/.

 

Some bad language but you can see he has tip.its database

 

[hide]

meili.png

[/hide]

 

And anyone who spends 5 minutes on pastebin can find loads of userbase dumps for rs accounts. All of this info people post about themselves is just helpful for people trying to steal their account. The most valuable parts being the creation date(all the hacking sites have links to tip.its threads where you post when you started playing) and first password(which is usually easy to guess because most people who played back then had an easy password, or even search the 100 most used passwords).

 

Wow lol I wrote basically your post like 2 times , and both times some mod deleted it. YES. PoorLepRecon WAS Social Engineered , he was a Supermod at the time , basically everyone from 2004-2005 was dumped User/ip/email they didn't inform there members on tip.it though. ^^ Though that is just 1 of the incidents they haven't reported to there members.

Link to comment
Share on other sites

Moderators have been compromised in the past. It's not something that we're proud of but it's incredibly difficult to ensure that ~50 peoples' accounts are constantly secure. We always stay alert to monitor account activity so that we can be on top of things and take action if necessary. The admins are constantly working hard to improve our security to ensure that everyone's information remains private and safe. We have put out several security announcements on both the forum and main site, instructing people on how to best protect their accounts by beefing up their own security, using separate e-mails, etc. We do the best we can but at the end of the day, it's also up to the individuals to take certain measures to protect themselves.

Posted Image

 

- 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting -

- 99 runecrafting - 99 prayer - 125 combat - 95 farming -

- Blog - DeviantART - Book Reviews & Blog

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.