Jump to content
Sign in to follow this  
Goldenjkered

Just recently hacked and I need some advice

Recommended Posts

I havn't played runescape in over a year, but I got an email today stating that I had new loyalty bonuses. I thought this was very weird, because I havn't been a member for ages. I tried to log onto my account to see that my password was wrong, so that's when it started to click that I may have been hacked. I reset my password using my email, and logged in to find that the hacker had literally hacked me today, and taken all that I was wearing from me (Bandos, Fury, Whip etc). However they didn't get into my bank, they had requested a bank pin cancellation, but obviously I have got onto my account and changed the password literally hours after the damage had been done. They only took what I was wearing (havn't played in ages but it must of been 50 mil+ worth), but as I said I literally do not play anymore so I don't really care. What I am worried about are my things like my accounts for other games, and my bank account details. The hacker seems to have put one month of subscription on my account using their own financial resources, as I tried to cancel any membership they had going but there only seems to be one month on there. Any advice on what to do? I am in the process of changing my email password, just wondering if theres anything else I should do.


Goldenjkered.png

 

Whips: 3 Dragon Boots: 15

 

My 99's: Attack & Cooking

 

Youtube Channel: http://www.youtube.com/user/Goldenjkered

Share this post


Link to post
Share on other sites

Did you visit the RS homepage, or at least what looked like the RS homepage, through the email?


j0xPu5R.png

Share this post


Link to post
Share on other sites

No no, it was an actual email from Jagex stating that I had new loyalty points to spend (I assume because the hacker had just put membership on). I didn't open the email, my account was hacked some other way. I'm assuming using some kind of hacking software, because I havn't played RS in a year like I said, and I havn't touched any emails or anything of the like for that length of time either. My password was also a very strong password, and I have kept that password for the seven years that I used to play and I wasn't hacked once.


Goldenjkered.png

 

Whips: 3 Dragon Boots: 15

 

My 99's: Attack & Cooking

 

Youtube Channel: http://www.youtube.com/user/Goldenjkered

Share this post


Link to post
Share on other sites

Did you use that password on any other sites?

 

Honestly, I believe they recovered it because if you didn't login to your RS account like you claim, you weren't able to login to submit your login information to the perpetrators at all. Your best bet would be to recover your account and change your passwords/recovery questions. If you use Gmail, I'd recommend using two step verification.


j0xPu5R.png

Share this post


Link to post
Share on other sites

I've changed my password and my recovery questions, but it says the questions will be updated in 2 weeks and until then the previous recoverys will be used which is kind of stupid.


Goldenjkered.png

 

Whips: 3 Dragon Boots: 15

 

My 99's: Attack & Cooking

 

Youtube Channel: http://www.youtube.com/user/Goldenjkered

Share this post


Link to post
Share on other sites

You were probably hijacked via an account recovery. That is the norm for accounts that are lost that haven't played in a while, since there wouldn't be any way to get the information by keylogger or phishing. Accounts that don't play in a while seem to be easier to recover as well, probably because they figure that you forogt your pass. I think just logging in like once a week for a minute would be enough to make it harder for someone else to recover you, since it establishes that you know your pass, and it establishes where your playing from.

Share this post


Link to post
Share on other sites

Might be worth it to post on this sticky on the RSOF as well:

 

[qfc]275-276-10-62906860[/qfc]


j0xPu5R.png

Share this post


Link to post
Share on other sites

How exactly would they recover it? Using my recovery questions?

 

Tip.it's forum database was stolen not too long ago after the site was compromised by hackers. This included hashed passwords, IP addresses as well as emails used for registration. They could've gotten your account one of two ways:

if you used the same password on Tip it as you did on Runescape, or they could've used the IP address to help recover your account. There are other possible ways of course, but considering you've been a member of the community for so long, it's definitely a possibility.


j0xPu5R.png

Share this post


Link to post
Share on other sites

Revealing too much personal information about yourself on any public forum/medium could make you a highly vulnerable account recovery victim. You won't even realize it until the hijacking occurs.


Follow my road to IFB/5.4/MOA/True Trim - DAT BLOG

Share this post


Link to post
Share on other sites

Which is why recoveries should be random letters and numbers with no meaning. Keep a copy written down and it's one less thing to worry about.


[hide]

unbinding green's kidneys for ltk's heart

do you farm guam like me sir ltk

[/hide]

Share this post


Link to post
Share on other sites

Which is why recoveries should be random letters and numbers with no meaning. Keep a copy written down and it's one less thing to worry about.

then why use recoveries at all? - Why not just use a password?

 

If they can crack a random number of letters & signs once, they can do it multiple times too.


First they came to fishing

and I didn't speak out because I wasn't fishing

 

Then they came to the yews

and I didn't speak out because I didn't cut yews

 

Then they came for the ores

and I didn't speak out because I didn't collect ores

 

Then they came for me

and there was no one left to speak out for me.

Share this post


Link to post
Share on other sites

Account recoveries are sent to a real person (or hopefully they still are) so even if they got your recovery answers the jmod should still need to approve it. Hacking your password directly is prob much more likely.

 

Change your rs pass literally to something that is not used anywhere else, and doing a good malware/keylog scan are the obvious things.


I would prefer even to fail with honor than to win by cheating - Sophocles

php1CLVGLAM.jpg

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.