Jump to content

Jagex mod got hacked

_YB_

By _YB_
in General Discussion

 Share

Recommended Posts

Sy_Accursed

Sy_Accursed

Posted
Posted

I find this all quite unlikely.

1) We know jmods accounts can only be logged into from jagex HQ

2) Theres no videos of it

3) There NOTHING anywhere about runeHQ getting hacked, or locking down due to an attempted hack in response to the way this password was supposedly gotten.

 

All there is, is this forum post with 1 gif animation that could easily be faked.

Look at the post above you I even posted the password in this thread so you can look it up yourself.

 

But you can type any password in and get the account locked message once the account is locked, doesn't matter if its right or wrong; unless something got changed quite recently.

Plv6Dz6.jpg

Operation Gold Sparkles :: Chompy Kills ::  Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA Rewards

Dragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue

Link to comment
Share on other sites
  • Replies 86
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

RU_Insane

RU_Insane

Posted
Posted

I find this all quite unlikely.

1) We know jmods accounts can only be logged into from jagex HQ

2) Theres no videos of it

3) There NOTHING anywhere about runeHQ getting hacked, or locking down due to an attempted hack in response to the way this password was supposedly gotten.

 

All there is, is this forum post with 1 gif animation that could easily be faked.

 

Yes, you can log-in to the account from Jagex HQ, but you get locked-out if you login anywhere else. This is what happened to me when I tried it. The .GIF animation posted in the OP is real, I've seen the same result myself.

 

The question is, if there's no news about this (and a Google search confirms this objection), what's the panic for? If it took eight hours for Jagex to lock the account, I agree, someone would have had video or at least a few screen-shots glorifying their spoils. So I think it's been established that the .GIF is authentic insofar as that's what you should expect when you attempt to login outside of Jagex HQ. What's totally false is the claims that go along with it, except for the claim that the password was decrypted from RuneHQ (otherwise, how did they get the password?)

 

And no, Sy_Accursed, the password does work. I got "Invalid username or password" when I tried to login with other passwords. I got "Your account has been locked" when I logged in with the password posted.

 

The password is authentic, the .GIF posted is authentic, the only thing stopping anyone from logging-in and causing panic is that you can't login from outside of Jagex HQ.

RIP RU_Insane. August 3rd, 2005 - November 11th, 2012.
RU_Insane.png

 

My Stats on Old School RuneScape: 

RU_Insane.png
O4zgH.png
Reform Customer Support
Check Out My Threads UNRoA.gif
 

Link to comment
Share on other sites
_YB_

_YB_

Posted
  • Author
Posted

I find this all quite unlikely.

1) We know jmods accounts can only be logged into from jagex HQ

2) Theres no videos of it

3) There NOTHING anywhere about runeHQ getting hacked, or locking down due to an attempted hack in response to the way this password was supposedly gotten.

 

All there is, is this forum post with 1 gif animation that could easily be faked.

Look at the post above you I even posted the password in this thread so you can look it up yourself.

 

But you can type any password in and get the account locked message once the account is locked, doesn't matter if its right or wrong; unless something got changed quite recently.

You get password wrong message if you use other password.

 

Also the point is that the runehq db is leaked but its Decrypted in md5 which is one way encryption and only a bruteforce can decrypt it.

Link to comment
Share on other sites
RU_Insane

RU_Insane

Posted
Posted (edited)

[hide]

I find this all quite unlikely.

1) We know jmods accounts can only be logged into from jagex HQ

2) Theres no videos of it

3) There NOTHING anywhere about runeHQ getting hacked, or locking down due to an attempted hack in response to the way this password was supposedly gotten.

 

All there is, is this forum post with 1 gif animation that could easily be faked.

Look at the post above you I even posted the password in this thread so you can look it up yourself.

[/hide]

 

But you can type any password in and get the account locked message once the account is locked, doesn't matter if its right or wrong; unless something got changed quite recently.

You get password wrong message if you use other password.

 

Also the point is that the runehq db is leaked but its Decrypted in md5 which is one way encryption and only a bruteforce can decrypt it.

 

Ah, okay. So the perpetrators bruteforced to get the password. lol. I think it's sad that some of the JMods don't even follow their own procedures for account security. I mean, it doesn't matter in the end since the system prevents unauthorized logins. But really?

Edited by ForsakenMage
Shrinking the quote blocks

RIP RU_Insane. August 3rd, 2005 - November 11th, 2012.
RU_Insane.png

 

My Stats on Old School RuneScape: 

RU_Insane.png
O4zgH.png
Reform Customer Support
Check Out My Threads UNRoA.gif
 

Link to comment
Share on other sites
Kthx

Kthx

Posted
Posted (edited)

[hide]

I find this all quite unlikely.

1) We know jmods accounts can only be logged into from jagex HQ

2) Theres no videos of it

3) There NOTHING anywhere about runeHQ getting hacked, or locking down due to an attempted hack in response to the way this password was supposedly gotten.

 

All there is, is this forum post with 1 gif animation that could easily be faked.

Look at the post above you I even posted the password in this thread so you can look it up yourself.

 

But you can type any password in and get the account locked message once the account is locked, doesn't matter if its right or wrong; unless something got changed quite recently.

Nope. Type in something random (like "klajflsdjh4w") and you get the "this is an invalid account or pass word, nov 26 email change, etc." message. Type in [the password] and you get the "this account is locked" message [/hide]

 

Edit: put hide tags because it's already been mentioned trillions of times for easier reading management

Edited by Kimberly
Removed for Rule 1.7 - Volunteering Personal Information
Link to comment
Share on other sites
Makoto_the_Phoenix

Makoto_the_Phoenix

Posted
Posted (edited)

[hide]

I find this all quite unlikely.

1) We know jmods accounts can only be logged into from jagex HQ

2) Theres no videos of it

3) There NOTHING anywhere about runeHQ getting hacked, or locking down due to an attempted hack in response to the way this password was supposedly gotten.

 

All there is, is this forum post with 1 gif animation that could easily be faked.

Look at the post above you I even posted the password in this thread so you can look it up yourself.

 

But you can type any password in and get the account locked message once the account is locked, doesn't matter if its right or wrong; unless something got changed quite recently.

[/hide]

You get password wrong message if you use other password.

 

Also the point is that the runehq db is leaked but its Decrypted in md5 which is one way encryption and only a bruteforce can decrypt it.

 

MD5 is a one-way hash, not an encryption scheme. If the hash was unsalted (which isn't good in practice anyway), then a rainbow table could be used to match the hash with a phrase much faster than bruteforce.

 

Anyway.

 

JMods can only log in through the network that Jagex has. Unless you're on Jagex's internal network (like their VPN), knowing their login credentials is pretty useless.

Edited by ForsakenMage
Shrinking the quote blocks

Linux User/Enthusiast Full-Stack Software Engineer | Stack Overflow Member | GIMP User
s1L0U.jpg
...Alright, the Elf City update lured me back to RS over a year ago.

Link to comment
Share on other sites
Cheefoo

Cheefoo

Posted
Posted

Eh, so the JMOD was a bit foolish for using the same password at another place thats runescape related. But if their inbuilt security blocked anything from happening, whats the big problem?

 

Because Jagex is stupid boohoo fart fart stink lines

trains2.png

[spoiler=I LOVE MY STATION]

 

01001001001001110110110100100000010101000111011101100101011011000111011001100101

00100000011000010110111001100100001000000111011101101000011000010111010000100000

0110100101110011001000000111010001101000011010010111001100111111

Link to comment
Share on other sites
The Observer

The Observer

Posted
Posted

You cannot login to staff accounts outside of Jagex HQ or even recover them. If you try to recover it you get the message 'You cannot recover staff accounts.' It is a big problem for the staff member in question because he let his guard down, however, overall nothing happened because Jagex's security worked.

j0xPu5R.png

Link to comment
Share on other sites
Pirkka

Pirkka

Posted
Posted

The guy who knew the password should've traveled to Cambridge, hack their wi-fi and log-in there for massive lulz. Although hacking their wlan would be quite impossible, if their password isn't gaben.

Pirkka.png

40,919th person to access Turmoil. 21,559th person to access Overloads.

 

signatureteksti.png

 

 

Are there any hidden bonuses here?

 

No bonuses

 

Link to comment
Share on other sites
_YB_

_YB_

Posted
  • Author
Posted

... How would the OP know Jagex locked down the account after 8 hours?

To be honest I made a mistake it got leaked 20 hours ago made mistake with AM and PM. The original post of the leak on different forum got posted on 1:04AM GMT +1

Link to comment
Share on other sites
RU_Insane

RU_Insane

Posted
Posted

... How would the OP know Jagex locked down the account after 8 hours?

To be honest I made a mistake it got leaked 20 hours ago made mistake with AM and PM. The original post of the leak on different forum got posted on 1:04AM GMT +1

 

So Jagex locked the account after 20 hours? O_O

RIP RU_Insane. August 3rd, 2005 - November 11th, 2012.
RU_Insane.png

 

My Stats on Old School RuneScape: 

RU_Insane.png
O4zgH.png
Reform Customer Support
Check Out My Threads UNRoA.gif
 

Link to comment
Share on other sites
The_Fray

The_Fray

Posted
Posted

I wish I had access to a JMod account, I would happily go and ban all the bots at my favourite haunts all across Runescape. Wouldn't make much of a difference as they would come back after a few hours but it would be still worth it to have a few bot free hours.

 

I know this isn't exactly on topic but there is so little to discuss in this thread.

Link to comment
Share on other sites
Krampell

Krampell

Posted
Posted

So let me get this straight.

A J-mod got his pass leaked, people tried it but a Jagex lock prevented them from using the account and it was locked 20 hours later.

They never got access to anything ingame with the account.

What's the big deal about that? It's the same deal as if someone got a hold of a admin account here on tif but not actually using it.

 

Also, are people certain that you can use ALL of the J-mod powers from any computer if there was no lock to begin with?

What if the tools were only accessable from Jagex HQ?

Either way a J-mod didn't think clearly and it bit him in the ass, but it lead to nothing, boring...

Link to comment
Share on other sites
RU_Insane

RU_Insane

Posted
Posted

I wish I had access to a JMod account, I would happily go and ban all the bots at my favourite haunts all across Runescape. Wouldn't make much of a difference as they would come back after a few hours but it would be still worth it to have a few bot free hours.

 

I know this isn't exactly on topic but there is so little to discuss in this thread.

 

I agree. Let the players ban bots. That'd help a bit, even for a while. ^_^

RIP RU_Insane. August 3rd, 2005 - November 11th, 2012.
RU_Insane.png

 

My Stats on Old School RuneScape: 

RU_Insane.png
O4zgH.png
Reform Customer Support
Check Out My Threads UNRoA.gif
 

Link to comment
Share on other sites
Tim

Tim

Posted
Posted

The guy who knew the password should've traveled to Cambridge, hack their wi-fi and log-in there for massive lulz. Although hacking their wlan would be quite impossible, if their password isn't gaben.

http://www.youtube.com/watch?v=B9rrS32ctQk

 

So apparently someone in Jagex had their Account password breached and all we have is this one GIF basically showing NOTHING and not a single video...

 

:|

Popoto.~<3

Link to comment
Share on other sites
Makoto_the_Phoenix

Makoto_the_Phoenix

Posted
Posted

The only concern here is that runeHQ needs some plumming.

 

No, I don't think RuneHQ needs to find a place to put an air shaft. If it really is the case that RHQ's MD5 password table was compromised/leaked, they could do with a sweep of the server administrators.

Linux User/Enthusiast Full-Stack Software Engineer | Stack Overflow Member | GIMP User
s1L0U.jpg
...Alright, the Elf City update lured me back to RS over a year ago.

Link to comment
Share on other sites
Piu

Piu

Posted
Posted

^ I remember that very well lol. Was 2006/2007 I believe?

zuzmo.png

collio.png

[hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide]

Never gonna give you up.[/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide]

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites
Pete Party

Pete Party

Posted
Posted

The only concern here is that runeHQ needs some plumming.

Lol, as if tip.it, zybez.net, and a [cabbage]ton of other sites aren't hacked.

 

That is the past and I think that is not what we are discussing here.

Right now (or yesterday) runehq was hacked and their password got decrypted by hackers, not on tip.it zybez.net or any other site. (according to op)

 

What is runehq's next move/what did they do to prevent this in the future.

Me and the wise old man go way back.... he was a foolish boy back then.

 

 

My crystal armour idea.

Link to comment
Share on other sites
The Observer

The Observer

Posted
Posted

The only concern here is that runeHQ needs some plumming.

Lol, as if tip.it, zybez.net, and a [cabbage]ton of other sites aren't hacked.

 

That is the past and I think that is not what we are discussing here.

Right now (or yesterday) runehq was hacked and their password got decrypted by hackers, not on tip.it zybez.net or any other site. (according to op)

 

What is runehq's next move/what did they do to prevent this in the future.

 

They completely wiped their database and started fresh so that there's no longer any old code that can be used to compromise the site.

j0xPu5R.png

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept