Just recently hacked and I need some advice

[Goldenjkered]

I havn't played runescape in over a year, but I got an email today stating that I had new loyalty bonuses. I thought this was very weird, because I havn't been a member for ages. I tried to log onto my account to see that my password was wrong, so that's when it started to click that I may have been hacked. I reset my password using my email, and logged in to find that the hacker had literally hacked me today, and taken all that I was wearing from me (Bandos, Fury, Whip etc). However they didn't get into my bank, they had requested a bank pin cancellation, but obviously I have got onto my account and changed the password literally hours after the damage had been done. They only took what I was wearing (havn't played in ages but it must of been 50 mil+ worth), but as I said I literally do not play anymore so I don't really care. What I am worried about are my things like my accounts for other games, and my bank account details. The hacker seems to have put one month of subscription on my account using their own financial resources, as I tried to cancel any membership they had going but there only seems to be one month on there. Any advice on what to do? I am in the process of changing my email password, just wondering if theres anything else I should do.

[The Observer]

Did you visit the RS homepage, or at least what looked like the RS homepage, through the email?

[Goldenjkered]

No no, it was an actual email from Jagex stating that I had new loyalty points to spend (I assume because the hacker had just put membership on). I didn't open the email, my account was hacked some other way. I'm assuming using some kind of hacking software, because I havn't played RS in a year like I said, and I havn't touched any emails or anything of the like for that length of time either. My password was also a very strong password, and I have kept that password for the seven years that I used to play and I wasn't hacked once.

[The Observer]

Did you use that password on any other sites?

 

Honestly, I believe they recovered it because if you didn't login to your RS account like you claim, you weren't able to login to submit your login information to the perpetrators at all. Your best bet would be to recover your account and change your passwords/recovery questions. If you use Gmail, I'd recommend using two step verification.

[Goldenjkered]

I've changed my password and my recovery questions, but it says the questions will be updated in 2 weeks and until then the previous recoverys will be used which is kind of stupid.

[Randox]

You were probably hijacked via an account recovery. That is the norm for accounts that are lost that haven't played in a while, since there wouldn't be any way to get the information by keylogger or phishing. Accounts that don't play in a while seem to be easier to recover as well, probably because they figure that you forogt your pass. I think just logging in like once a week for a minute would be enough to make it harder for someone else to recover you, since it establishes that you know your pass, and it establishes where your playing from.

[The Observer]

Might be worth it to post on this sticky on the RSOF as well:

 

[qfc]275-276-10-62906860[/qfc]

[Goldenjkered]

How exactly would they recover it? Using my recovery questions?

[The Observer]

How exactly would they recover it? Using my recovery questions?

 

Tip.it's forum database was stolen not too long ago after the site was compromised by hackers. This included hashed passwords, IP addresses as well as emails used for registration. They could've gotten your account one of two ways:

if you used the same password on Tip it as you did on Runescape, or they could've used the IP address to help recover your account. There are other possible ways of course, but considering you've been a member of the community for so long, it's definitely a possibility.

[Aten]

Revealing too much personal information about yourself on any public forum/medium could make you a highly vulnerable account recovery victim. You won't even realize it until the hijacking occurs.

[Lose No Hope]

Which is why recoveries should be random letters and numbers with no meaning. Keep a copy written down and it's one less thing to worry about.

[pulli23]

Which is why recoveries should be random letters and numbers with no meaning. Keep a copy written down and it's one less thing to worry about.

then why use recoveries at all? - Why not just use a password?

 

If they can crack a random number of letters & signs once, they can do it multiple times too.

[pal2002]

Account recoveries are sent to a real person (or hopefully they still are) so even if they got your recovery answers the jmod should still need to approve it. Hacking your password directly is prob much more likely.

 

Change your rs pass literally to something that is not used anywhere else, and doing a good malware/keylog scan are the obvious things.