Goldenjkered Posted January 3, 2012 Share Posted January 3, 2012 I havn't played runescape in over a year, but I got an email today stating that I had new loyalty bonuses. I thought this was very weird, because I havn't been a member for ages. I tried to log onto my account to see that my password was wrong, so that's when it started to click that I may have been hacked. I reset my password using my email, and logged in to find that the hacker had literally hacked me today, and taken all that I was wearing from me (Bandos, Fury, Whip etc). However they didn't get into my bank, they had requested a bank pin cancellation, but obviously I have got onto my account and changed the password literally hours after the damage had been done. They only took what I was wearing (havn't played in ages but it must of been 50 mil+ worth), but as I said I literally do not play anymore so I don't really care. What I am worried about are my things like my accounts for other games, and my bank account details. The hacker seems to have put one month of subscription on my account using their own financial resources, as I tried to cancel any membership they had going but there only seems to be one month on there. Any advice on what to do? I am in the process of changing my email password, just wondering if theres anything else I should do. Whips: 3 Dragon Boots: 15 My 99's: Attack & Cooking Youtube Channel: http://www.youtube.com/user/Goldenjkered Link to comment Share on other sites More sharing options...
The Observer Posted January 3, 2012 Share Posted January 3, 2012 Did you visit the RS homepage, or at least what looked like the RS homepage, through the email? Link to comment Share on other sites More sharing options...
Goldenjkered Posted January 3, 2012 Author Share Posted January 3, 2012 No no, it was an actual email from Jagex stating that I had new loyalty points to spend (I assume because the hacker had just put membership on). I didn't open the email, my account was hacked some other way. I'm assuming using some kind of hacking software, because I havn't played RS in a year like I said, and I havn't touched any emails or anything of the like for that length of time either. My password was also a very strong password, and I have kept that password for the seven years that I used to play and I wasn't hacked once. Whips: 3 Dragon Boots: 15 My 99's: Attack & Cooking Youtube Channel: http://www.youtube.com/user/Goldenjkered Link to comment Share on other sites More sharing options...
The Observer Posted January 3, 2012 Share Posted January 3, 2012 Did you use that password on any other sites? Honestly, I believe they recovered it because if you didn't login to your RS account like you claim, you weren't able to login to submit your login information to the perpetrators at all. Your best bet would be to recover your account and change your passwords/recovery questions. If you use Gmail, I'd recommend using two step verification. Link to comment Share on other sites More sharing options...
Goldenjkered Posted January 3, 2012 Author Share Posted January 3, 2012 I've changed my password and my recovery questions, but it says the questions will be updated in 2 weeks and until then the previous recoverys will be used which is kind of stupid. Whips: 3 Dragon Boots: 15 My 99's: Attack & Cooking Youtube Channel: http://www.youtube.com/user/Goldenjkered Link to comment Share on other sites More sharing options...
Randox Posted January 3, 2012 Share Posted January 3, 2012 You were probably hijacked via an account recovery. That is the norm for accounts that are lost that haven't played in a while, since there wouldn't be any way to get the information by keylogger or phishing. Accounts that don't play in a while seem to be easier to recover as well, probably because they figure that you forogt your pass. I think just logging in like once a week for a minute would be enough to make it harder for someone else to recover you, since it establishes that you know your pass, and it establishes where your playing from. Link to comment Share on other sites More sharing options...
The Observer Posted January 3, 2012 Share Posted January 3, 2012 Might be worth it to post on this sticky on the RSOF as well: [qfc]275-276-10-62906860[/qfc] Link to comment Share on other sites More sharing options...
Goldenjkered Posted January 3, 2012 Author Share Posted January 3, 2012 How exactly would they recover it? Using my recovery questions? Whips: 3 Dragon Boots: 15 My 99's: Attack & Cooking Youtube Channel: http://www.youtube.com/user/Goldenjkered Link to comment Share on other sites More sharing options...
The Observer Posted January 3, 2012 Share Posted January 3, 2012 How exactly would they recover it? Using my recovery questions? Tip.it's forum database was stolen not too long ago after the site was compromised by hackers. This included hashed passwords, IP addresses as well as emails used for registration. They could've gotten your account one of two ways:if you used the same password on Tip it as you did on Runescape, or they could've used the IP address to help recover your account. There are other possible ways of course, but considering you've been a member of the community for so long, it's definitely a possibility. Link to comment Share on other sites More sharing options...
Aten Posted January 3, 2012 Share Posted January 3, 2012 Revealing too much personal information about yourself on any public forum/medium could make you a highly vulnerable account recovery victim. You won't even realize it until the hijacking occurs. Follow my road to 5.6/Gold Reaper/True Trim - DAT BLOG Link to comment Share on other sites More sharing options...
Lose No Hope Posted January 3, 2012 Share Posted January 3, 2012 Which is why recoveries should be random letters and numbers with no meaning. Keep a copy written down and it's one less thing to worry about. [hide]unbinding green's kidneys for ltk's heartdo you farm guam like me sir ltk[/hide] Link to comment Share on other sites More sharing options...
pulli23 Posted January 5, 2012 Share Posted January 5, 2012 Which is why recoveries should be random letters and numbers with no meaning. Keep a copy written down and it's one less thing to worry about.then why use recoveries at all? - Why not just use a password? If they can crack a random number of letters & signs once, they can do it multiple times too. First they came to fishingand I didn't speak out because I wasn't fishing Then they came to the yewsand I didn't speak out because I didn't cut yews Then they came for the oresand I didn't speak out because I didn't collect ores Then they came for meand there was no one left to speak out for me. Link to comment Share on other sites More sharing options...
pal2002 Posted January 5, 2012 Share Posted January 5, 2012 Account recoveries are sent to a real person (or hopefully they still are) so even if they got your recovery answers the jmod should still need to approve it. Hacking your password directly is prob much more likely. Change your rs pass literally to something that is not used anywhere else, and doing a good malware/keylog scan are the obvious things. I would prefer even to fail with honor than to win by cheating - Sophocles Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now