Jump to content

Jagex mod got hacked


_YB_
 Share

Recommended Posts

Some hackers found out that there was someone registered with a @jagex.com email on the RuneHQ forums. They decrypted the password ( because all forums are using encryption methods to keep their passwords save). And found out that it was the same password as the runescape account Mod Kelvin. Few minuts after the discover it got wildly leaked and mass people logged in on it.

This is the info that got mass leaked ( removed the password & IP):

 

Mod Edit: Removed personal information.

 

Gif image that I just took:

8ozBa.gif

 

what are your thoughts on it that even a j-mod uses the same password for forums and their ingame account.

Edited by Kimberly
Removed for Rule 1.7 - Volunteering Personal Information
Link to comment
Share on other sites

  • Replies 86
  • Created
  • Last Reply

Top Posters In This Topic

Until someone provides me with video proof of them playing on the account, I will call this one fake.

If you logged in you got force logged out the reason that happened I think was because you can only log in from the office.

Link to comment
Share on other sites

I could have sworn the actual mod accounts were restricted from being used anywhere but the Jagex offices, for this exact reason.

 

That's what I thought too because of an incident many years before THIS.

Link to comment
Share on other sites

Yeah im sure mod accounts are instant locked anywhere outside of Jagex HQ, or at least that's what Jagex says.

It took them 8 hours to lock the account.

Soo then is there a video of the ensuing chaos?

Read my previous post you got instantly logged out when you tried to log in.

Link to comment
Share on other sites

Yeah im sure mod accounts are instant locked anywhere outside of Jagex HQ, or at least that's what Jagex says.

It took them 8 hours to lock the account.

Soo then is there a video of the ensuing chaos?

Read my previous post you got instantly logged out when you tried to log in.

But if people logged into it (and in 8 hours I'm sure someone did) then there must be a video of it somewhere.

 

f2punitedfcbanner_zpsf83da077.png

THE place for all free players to connect, hang out and talk about how awesome it is to be F2P.

So, Kaida is the real version of every fictional science-badass? That explains a lot, actually...

Link to comment
Share on other sites

Eh, so the JMOD was a bit foolish for using the same password at another place thats runescape related. But if their inbuilt security blocked anything from happening, whats the big problem?

safersbanner.png

Play Safe! smile.gif - Got useful information for the tip.it website? Post here!

Link to comment
Share on other sites

Eh, so the JMOD was a bit foolish for using the same password at another place thats runescape related. But if their inbuilt security blocked anything from happening, whats the big problem?

I think it's the fact that it appears some of their own don't take the same strict precautions of protecting their account, regardless of built-in security measures, as many of us have learned to do over the years and what Jagex themselves have recommended as well. And if it really did take that long for that account to get locked, then Jagex needs to reexamine the security of such accounts, even if it is just a case of stupidly using the same password in another location.

Link to comment
Share on other sites

They have like 300 mods and we know a lot of Jagex mods aren't the brightest so it was bound to happen eventually. As far as I can tell this guy was head of community management, which explains why he was on a fan site. It also explains his lack of security because he probably doesn't know better. I wouldn't be surprised if he doesn't even play RS lol.

L2pullout.png
Link to comment
Share on other sites

Eh, so the JMOD was a bit foolish for using the same password at another place thats runescape related. But if their inbuilt security blocked anything from happening, whats the big problem?

This.

That is assuming that this is real to begin with. There's a lot to suggest that it isn't.

Link to comment
Share on other sites

You can't log into a jagex acc anywhere aside from jagex hq

 

You would see blue phats buying at 1gp ea from mass spawing if someone managed it (I know they cant directly trade but remember the rotten potato? Sure its possible to get by that restriction somehow if you could)

 

edit: futher proof - just try entering mod kelvin into username/pass, obvious fake is obvious

Check it out, huge amount of effort has gone into this massive mod!

ODG6e0M.png

[hide=old sig]

newsig.png

[/hide]

Link to comment
Share on other sites

[hide]

Yeah im sure mod accounts are instant locked anywhere outside of Jagex HQ, or at least that's what Jagex says.

It took them 8 hours to lock the account.

Soo then is there a video of the ensuing chaos?

[/hide]

Read my previous post you got instantly logged out when you tried to log in.

But if people logged into it (and in 8 hours I'm sure someone did) then there must be a video of it somewhere.

 

This. You said it took them eight hours to lock the account, then you said you got logged out when you tried to log in. Which is it? And if it's the first case, there must be video or even photos,so where are those?

Edited by ForsakenMage
Shrinking the quote blocks

RIP RU_Insane. August 3rd, 2005 - November 11th, 2012.
RU_Insane.png

 

My Stats on Old School RuneScape: 

RU_Insane.png
O4zgH.png
Reform Customer Support
Check Out My Threads UNRoA.gif
 

Link to comment
Share on other sites

The fault here is entirely on the jagex mod

 

 

Definitely. I know it's too late now, but it'd be interesting to see the consequences had the perpetrators been able to login to the account. Get some real [cabbage] started :P

inb4rollback

 

I did a Google search for "Mod Kelvin hacked" and the only result that came up was this one. I searched for "Jagex Mod hacked" and this thread came up, but the other results were junk. I'm calling shenanigans.

RIP RU_Insane. August 3rd, 2005 - November 11th, 2012.
RU_Insane.png

 

My Stats on Old School RuneScape: 

RU_Insane.png
O4zgH.png
Reform Customer Support
Check Out My Threads UNRoA.gif
 

Link to comment
Share on other sites

[hide]

Yeah im sure mod accounts are instant locked anywhere outside of Jagex HQ, or at least that's what Jagex says.

It took them 8 hours to lock the account.

Soo then is there a video of the ensuing chaos?

Read my previous post you got instantly logged out when you tried to log in.

[/hide]

But if people logged into it (and in 8 hours I'm sure someone did) then there must be a video of it somewhere.

 

This. You said it took them eight hours to lock the account, then you said you got logged out when you tried to log in. Which is it? And if it's the first case, there must be video or even photos,so where are those?

You couldn't even get in the lobby or get on the forums, when you tried to log in on the homepage it said Login Successful but then nothing happened. You couldn't do anything but its just about the fact that even their own mods make mistakes about their choice of passwords. The only thing that they changed now is that you get a locked account message when you try to log in (took them 8 hours to lock it).

 

Mod Edit: Removed personal information.

 

imagine if it was found out on the day of RuneFest and someone logged in on it.... (Jagex mods can log in there).

Edited by ForsakenMage
Removed for Rule 1.7 - Volunteering Personal Information
Link to comment
Share on other sites

[hide]

Yeah im sure mod accounts are instant locked anywhere outside of Jagex HQ, or at least that's what Jagex says.

It took them 8 hours to lock the account.

Soo then is there a video of the ensuing chaos?

Read my previous post you got instantly logged out when you tried to log in.

But if people logged into it (and in 8 hours I'm sure someone did) then there must be a video of it somewhere.

[/hide]

 

This. You said it took them eight hours to lock the account, then you said you got logged out when you tried to log in. Which is it? And if it's the first case, there must be video or even photos,so where are those?

You couldn't even get in the lobby or get on the forums, when you tried to log in on the homepage it said Login Successful but then nothing happened. You couldn't do anything but its just about the fact that even their own mods make mistakes about their choice of passwords. The only thing that they changed now is that you get a locked account message when you try to log in (took them 8 hours to lock it).

 

Mod Edit: Removed personal information

 

imagine if it was found out on the day of RuneFest and someone logged in on it.... (Jagex mods can log in there).

 

I'd be hard-pressed to believe that Jagex didn't at least change the password, after what was technically a major security breach (even if due to mod failure). But okay, if that's what the password is, I'll try logging in. >.> I'll doubt it'll work though, just saying. :P

Edited by ForsakenMage
Shrinking the quote blocks

RIP RU_Insane. August 3rd, 2005 - November 11th, 2012.
RU_Insane.png

 

My Stats on Old School RuneScape: 

RU_Insane.png
O4zgH.png
Reform Customer Support
Check Out My Threads UNRoA.gif
 

Link to comment
Share on other sites

You couldn't even get in the lobby or get on the forums, when you tried to log in on the homepage it said Login Successful but then nothing happened. You couldn't do anything but its just about the fact that even their own mods make mistakes about their choice of passwords. The only thing that they changed now is that you get a locked account message when you try to log in (took them 8 hours to lock it).

 

Mod Edit: Removed personal information

 

imagine if it was found out on the day of RuneFest and someone logged in on it.... (Jagex mods can log in there).

Then what's the point? He used his work account password on a site, when it's impossible for anyone to use that account outside of his office? It's less a mistake and more confidence in the security system (Which worked).

 

All the evidence we have that this even happened is your word and a low quality gif. If it took 8 hours to lock the account, we'd have heard about it hours ago. Somebody would have leaked it, especially since access to a jmod account is the average 'Scaper's wet dream.

 

It's the kind of thing that Tip.Iters would instantly believe, since everyone here seems convinced that Jagex requires all employees to have a double digit IQ. Remember the "Dungeoneering can't be botted" thing?

Link to comment
Share on other sites

To anyone who's interested, the password does in fact work, but like missingno said, the failure to breach past the point of lock-out is a sign of foresight in light of Jagex incompetence. I got the same result (locked-out) when I tried to log-in. So the account has technically been breached in that the correct password was retrieved, but no actual harm was done to it thanks to their security. As far as the "logging in and causing chaos" scenario though, that's [cabbage], don't worry about it.

RIP RU_Insane. August 3rd, 2005 - November 11th, 2012.
RU_Insane.png

 

My Stats on Old School RuneScape: 

RU_Insane.png
O4zgH.png
Reform Customer Support
Check Out My Threads UNRoA.gif
 

Link to comment
Share on other sites

I find this all quite unlikely.

1) We know jmods accounts can only be logged into from jagex HQ

2) Theres no videos of it

3) There NOTHING anywhere about runeHQ getting hacked, or locking down due to an attempted hack in response to the way this password was supposedly gotten.

 

All there is, is this forum post with 1 gif animation that could easily be faked.

Plv6Dz6.jpg

Operation Gold Sparkles :: Chompy Kills ::  Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA Rewards

Dragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue

Link to comment
Share on other sites

I find this all quite unlikely.

1) We know jmods accounts can only be logged into from jagex HQ

2) Theres no videos of it

3) There NOTHING anywhere about runeHQ getting hacked, or locking down due to an attempted hack in response to the way this password was supposedly gotten.

 

All there is, is this forum post with 1 gif animation that could easily be faked.

Look at the post above you I even posted the password in this thread so you can look it up yourself. And about the RuneHQ DB it got leaked on many rule-breaking sites.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.