Skip to content
View in the app

A better way to browse. Learn more.

Tip.It Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Hacked: A story of Ignorance

Featured Replies

My apologies if this is in the wrong section, I'm a nwecomer here.

 

I started off Runescape in 2004. I remember that clearly because the oldest seasonal toy I had was a yo-yo. Since then, I've progressed slowly, reaching level 90 in 2011. Throughout the 7 years, I have been on and of Runescape, finding myself too bored to both play it, and too bored with nothing to play. Finding Tip.it was partly due to luck, as I've had enough of stumbling around the basement during the Quest "Ernest the chicken".

 

Until the day I got hacked, which I have no idea when, I have had a enjoyable hack-free experience, not many problems except for a few accounts of spamming (I was young...). I regularly logged in to try out some new events, quests (I was a member) and skills. Yes, I am a very slow player. Show me a training ground and I would probably die of boredom in minutes. I find more fun in doing Quests and Tasks, both of which, personally, gives me more satisfaction than walking around and killing off, say a thousand green dragons or lesser demons.

 

Anyway, my account was relatively poor. I have a mere 2m gp in my bank, a couple of rune sets, and absolutely nothing of value. This is where I want to bring your attention to. I ahve absolutely no idea when did the hacking begin. When I last logged in, I was taking part the cryptic clues fest earlier this year. My account was still intact, and I logged off in the Jolly Boar inn. I've went on a mini-hiatus, regularly logging in to check on my account (perhaps once every 3 weeks? I have no idea). A warning came from Jagex to my email, asking me to clarify if I had been trying to sell my accound. I admit, I got a slight shock, but with all the spam mail I get from the internet everyday, I was wary that it was a hoax to get my password. So I simply went to check on my character. Still acting like a rock in the Jolly Boar inn. I breathed a sigh of relief. Nothing seemed off at that time. Since I was still on hiatus, I just logged off and forget about the whole incident. A few months later (I've lost track of time), yet another warning email came. I was indignant, just how many botters have got their hands on my email address? So I went back to log in, and decided to play Runescape again for a while.

 

Deciding to go dungeoneering for a bit, I made my way to a bank and proceed to take my ring. Something seemed off. EVERYTHING was intact as it should be, but the large stack of gold (to me) was missing from it's usual spot. Thinking I had misplaced it, I tried searching for it in vain. Nothing.

 

My bank is catagorised into sections, with commodity, runes, potions/food, F2P skills, Armors, "Fancy/Fun Armors", keys and P2P skills. In the commodity tab, my money was gone, but everything was left intact. When I checked my runes tab, all my runes were missing. The "Fancy Armor" section was untouched, but my Rune sets (platebody, platelegs, shield etc.) were pilfered. All that is left was a couple of Rune Daggers, some skilling equipment. In short, My account was simply robbed of all it's money and armor.

 

Well, the shock registered in my mind, but that little loss hardly accounts for anything. After all, my accound still belongs to me, I've done a full virus scan and changed my password. What disturbed me was the fact that the hackers made the effort to return back to the exact location my character was in before they begin their enjoyable task. This lulled me into a false sense of security, since all I do is to log in and check if my character is out of place. Perhaps I was foolish, gullible enough to believe that my account was imprevious to hacking. I mean, really, a level 90 character with a bank that is worth about 2.5m in all?

 

The absolute worse part is that I was ignorant of the hacking taking place. How could I have let my account literally get hacked right under my nose?

 

I apologise and thank you for your time if you have taken the time to read my rant (or story?). I wanted to share my experience, so that you, the reader, know to do much more than to merely check if your character has moved from his/her spot if you are on a hiatus.

 

I probably would continue playing Runescape, since 2.5m isn't much of a problem to scale (I still have my stuff, except for armor). Except that I would take yet another hiatus. Guess this was my wake up call. Once again, thank you for your time, See you during the Hhalloween event!

You have probably been "recovered" which means there is no need for keyloggers in your computer. Its enough that there is information about you in the interweb to pull off a successfull recovery. If your password (or any of the earliest passwords you've had) were too easy to guess, that made the recovery even easier.

 

Solution for this problem is that don't fill the Internets with your real life details and use a different password (which should NOT be "myname123" or "mynamemyage") in Runescape than you use in other sites. The worst mistake people do is to use the same password EVERYWHERE because it makes it so much easier to remember.

Neppgggg.png

Let's not get into a flaming war and keep this on topic please.

 

Sorry to hear about your hacking OP. It's almost never expected.

[hide]

unbinding green's kidneys for ltk's heart

do you farm guam like me sir ltk

[/hide]

You have probably been "recovered" which means there is no need for keyloggers in your computer. Its enough that there is information about you in the interweb to pull off a successfull recovery. If your password (or any of the earliest passwords you've had) were too easy to guess, that made the recovery even easier.

 

There are more ways to "recover" an account without putting sensitive information on your computer. The perpetrator could of instead been around the computer that has a history of the account's loggin and installed a software discreetly without

the owner knowing it was downloaded. The perp could of been an acquaintance or a friend of the hacked person. Second of all, he could of been phished out of his details but overlooked it. There are plenty of people who do stupid things on

the web but doesn't want to admit it in public. Seriously, who really wants to tell to everyone who's reading this thread, "Hey, i got hacked because "Jagex" sent me a false representation mail and i decided to check it out but it stole my password and everything instead."

Consider yourself very fortunate. Once the hacker had access to your account, nothing was stopping him from changing your password or completely compromising your account entirely. The fact that the hacker when through the effort to only remove your valuables and leave nothing out of place is strange, but understandable. They got what they wanted, and completely ruining your account would only be spiteful.

 

It would be akin to breaking into someone's house while they're out of town, stealing their valuables, and just before you make a clean getaway you turn back and burn the house to the ground. Let this be a lesson to you, though. The next hacker may not be so forgiving, so be sure to have a good password, recovery questions, and don't download so much porn open any shady e-mails as well as scan your computer regularly. Hackers are sneaky, but if you're careful they don't have a snowball's chance in hell to take your account.

trains2.png

[spoiler=I LOVE MY STATION]

 

01001001001001110110110100100000010101000111011101100101011011000111011001100101

00100000011000010110111001100100001000000111011101101000011000010111010000100000

0110100101110011001000000111010001101000011010010111001100111111

Sorry to hear for your loss.

 

I'll gladly give 2M and the value of whatever else they had stolen, let me know.

RIP Michaelangelopolous

Its funny when you think about it. These days, if you decide to take a break from RuneScape and return after a few weeks, you can't just cut yourself off like you used too do. Way back when, you were still able to log out, stay off RuneScape for weeks/months/years, return and find your account untouched and safe like you left it. Now however, if you decide to take a break, you need to log in at least every 3 or 7 days (depending on which setting your bank pin is), check to make sure your bank pin has not been canceled, then log off again.

I know it's only a game, and it's only pixels, but the time spend gathering those pixels are real. And yes, when you get hacked you do feel robbed.

 

 

Post like these just continue to prove how much MMO's go on to affect peoples lives.

 

Let's take for instance that I have a video game that I like to play. Let's say something happens, and the save data for the game becomes corrupt. I now have two options: I can start all over, or I can move on with my life. Most people would choose one or the other and not think twice about it. But for some reason, when someone is hacked in runescape, they feel the need to come onto the forums and make a long post about it.

 

I don't get it.

 

 

If your video game data becomes corrupt it's usually due to some factor beyond human control. So there's no feeling of betrayal. When someone, however, logs into an account you have been working on for god knows how long, takes the things you worked on getting and makes it their own, the feeling of betrayal is strong. In fact cyber theft is a crime in many countries now (i think). So i think an honest person getting hacked is worthy of a post.

 

 

I really think there should be a sticky for this though, if there isn't already.

I think the OP is being a little hard on himself about his state of "ignorance".

 

That said:

 

A warning came from Jagex to my email, asking me to clarify if I had been trying to sell my accound. I admit, I got a slight shock, but with all the spam mail I get from the internet everyday, I was wary that it was a hoax to get my password. So I simply went to check on my character. Still acting like a rock in the Jolly Boar inn. I breathed a sigh of relief. Nothing seemed off at that time. Since I was still on hiatus, I just logged off and forget about the whole incident. A few months later (I've lost track of time), yet another warning email came.

 

Did you click on any of the links in those emails? Jagex doesn't email you about your account. They will contact you in-game over the message centre instead.

 

If you clicked on the links provided in those emails, that is how they got your account.

 

In any event, to be an honest player and for someone to have gained access to one's character on here isn't an issue of ignorance, as much as it is a commentary on how ruthless these gold-miners have now become ...

 

:unsure:

nyuseg.png

I think the OP is being a little hard on himself about his state of "ignorance".

 

That said:

 

A warning came from Jagex to my email, asking me to clarify if I had been trying to sell my accound. I admit, I got a slight shock, but with all the spam mail I get from the internet everyday, I was wary that it was a hoax to get my password. So I simply went to check on my character. Still acting like a rock in the Jolly Boar inn. I breathed a sigh of relief. Nothing seemed off at that time. Since I was still on hiatus, I just logged off and forget about the whole incident. A few months later (I've lost track of time), yet another warning email came.

 

Did you click on any of the links in those emails? Jagex doesn't email you about your account. They will contact you in-game over the message centre instead.

 

If you clicked on the links provided in those emails, that is how they got your account.

 

In any event, to be an honest player and for someone to have gained access to one's character on here isn't an issue of ignorance, as much as it is a commentary on how ruthless these gold-miners have now become ...

 

:unsure:

I have been emailed about my account when I was recovering after it was hacked by jagex and (atleast I think) there was a link to the rs site in it to log into check my account. Maybe I'm remembering wrong but I think they did. :P

Slayer; it's just what I do.
Thanks Hugger 88 for the awesome siggy!

Click show if you want to see achievements.

TheKoolKandy.png
siggy3s.png
Achievments: Maxed/Comp'd 7th of August 2012. 120 Dungeoneering sometime early december 2011. 99 Slayer achieved October 22nd, 2010. 99 Prayer achieved September 99 18th 2010. Summoning achieved September 14th 2010. 99 Defence achieved May 8th 2010. 99 Constituton achieved April 24th 2010. 99 Attack achieved on January 29th 2010 at 8:00 PM. Questpoint Cape on August 30th 2009.99 Strength (11:47 P.M. August 17 2009).

Did you click on any of the links in those emails? Jagex doesn't email you about your account. They will contact you in-game over the message centre instead.

 

If you clicked on the links provided in those emails, that is how they got your account.

 

In any event, to be an honest player and for someone to have gained access to one's character on here isn't an issue of ignorance, as much as it is a commentary on how ruthless these gold-miners have now become ...

 

:unsure:

 

Yes they do. I've received legit e-mails on changing the registered e-mail of an account. I've also received several other confirmation e-mails, all legit.

They don't, however, send you mail with your blackmarks or "warnings".

crossed_body.png

You can recover your account without placing sensitive information on your computer.

You have probably been "recovered" which means there is no need for keyloggers in your computer. Its enough that there is information about you in the interweb to pull off a successfull recovery. If your password (or any of the earliest passwords you've had) were too easy to guess, that made the recovery even easier.

 

Solution for this problem is that don't fill the Internets with your real life details and use a different password (which should NOT be "myname123" or "mynamemyage") in Runescape than you use in other sites. The worst mistake people do is to use the same password EVERYWHERE because it makes it so much easier to remember.

No.. when you recover an account, the password changes.

Use a bank PIN

Rozanante.png

 

Rozanante.png

 

Still the proud owner of Quest Cape since 8th December 2007

All skills used to be 70 or higher. (Dang you Dungeoneering. Oh wait, it's not a skill...)

Drops: Whips 8, Black Mask 8, D/Skirt 1, D/Spear 1, D/Shield Left Half 1, D/Boots 12, G/Maul 4, Range Ammy 1, Hexcrest 1.

Create an account or sign in to comment

Important Information

By using this site, you agree to our Terms of Use.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.