Jump to content
Sign in to follow this  
cocacolabottle

Someone keeps using and locking my account

Recommended Posts

Hey Tip.it,

 

I've been playing Runescape on and off since '04 and I've been a member of these forums since '05. Up to a month ago, I had never been hacked or anything similar as I've always been a player who respects the rules and doesn't try to download bogus runescape add-ons and such.

 

Last month however, I wanted to log in and I noticed my password had been changed. At this point, I have to confess that I never bothered to set any recovery questions as I thought my information was safe. This may have been one of the more stupid things I've done in my playing. Anyway, I resetted my password, changed it, set recoveries and I finally got access to my account again. I noticed it had been completely cleaned of my lifetime earnings (not extremely much, but still something like 80M coins in total) and my character was standing in Canifis holding all the 20 effigies I had collected while doing slayer.

 

Up to today, I hadn't had any problems. That is, until I tried to log into this new account that I made a few weeks ago and I got a message saying the account was locked. Furthermore, my recovery questions had also been deleted. At this point, I should also mention that during the last few months, my Hotmail password has also been mysteriously changed once. So now I'm guessing that, since the 'hacker' got access to both accounts, he must have access to my Hotmail account. This is the only way he would be able to change my passwords, right?

 

I've obviously just changed my Hotmail password again to be sure and installed all the latest Windows updates to make sure my virus scanner is fuctioning correctly. But is there anything else I can do? I hate that I've lost all my earnings and I'm now left with about 100K on my level 135 account.. It sucks that shit like this happens.


99 Slayer since August 2007.

Share this post


Link to post
Share on other sites
he must have access to my Hotmail account. This is the only way he would be able to change my passwords, right?

 

Wrong.

 

Tip.it got hacked. It's databases with ip-s, passwords and emails got leaked all over the internet.

Now if your tip.it's password matches your previous RuneScape password, it can easily be used to recover your account.

 

 

I've been playing Runescape on and off since '04

Not a smart thing to tell on public forums as the account creation date is one of the things needed when recovering an account.

Edited by Kaur

Share this post


Link to post
Share on other sites
he must have access to my Hotmail account. This is the only way he would be able to change my passwords, right?

 

Wrong.

 

Let me tell you a story tip.it admins try to hide/cover up.

Tip.it got hacked. It's databases with ip-s, passwords and emails got leaked all over the internet.

Now if your tip.it's password matches your previous RuneScape password, it can easily be used to recover your account.

 

Wow.. Not what I was expecting. This definitely answers my question, thanks for the reply!


99 Slayer since August 2007.

Share this post


Link to post
Share on other sites
he must have access to my Hotmail account. This is the only way he would be able to change my passwords, right?

 

Wrong.

 

Let me tell you a story tip.it admins try to hide/cover up.

Tip.it got hacked. It's databases with ip-s, passwords and emails got leaked all over the internet.

Now if your tip.it's password matches your previous RuneScape password, it can easily be used to recover your account.

 

 

I've been playing Runescape on and off since '04

Not a smart thing to tell on public forums as the account creation date is one of the things needed when recovering an account.

No.

 

Nobody is trying to hide anything, tip.it did get hacked. After the hack we were all told to change our passwords to all accounts that shared the same password as our TIF account. And way to be dramatic, `leaked all over the internet`, if it has been leaked all over, you should have no problem producing a link. Besides how did you jump to the conclusion that the OP got hacked because TIF got hacked.

 

Also you need the approximate date of when the account was created to recover it, saying that you have been playing since `04 will not get you the account.

Share this post


Link to post
Share on other sites
he must have access to my Hotmail account. This is the only way he would be able to change my passwords, right?

 

Wrong.

 

Let me tell you a story tip.it admins try to hide/cover up.

Tip.it got hacked. It's databases with ip-s, passwords and emails got leaked all over the internet.

Now if your tip.it's password matches your previous RuneScape password, it can easily be used to recover your account.

 

 

I've been playing Runescape on and off since '04

Not a smart thing to tell on public forums as the account creation date is one of the things needed when recovering an account.

No.

 

Nobody is trying to hide anything, tip.it did get hacked. After the hack we were all told to change our passwords to all accounts that shared the same password as our TIF account. And way to be dramatic, `leaked all over the internet`, if it has been leaked all over, you should have no problem producing a link. Besides how did you jump to the conclusion that the OP got hacked because TIF got hacked.

 

Yeah no-one is trying to hide anything; after the hacking all forum accounts got 'locked' and required password reset to access and admins reasserted major warnings that you should not use same password for any two things and if your forum password had matched rs or anything else to change them asap.

 

And it certainly did not got leaked all over the internet, yes the hackers got the data and it has been used (people getting junk mail and stuff) but it certainly hasn't shown up on mass 'all over the internet.'


Plv6Dz6.jpg

Operation Gold Sparkles :: Chompy Kills ::  Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA Rewards

Dragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue

Share this post


Link to post
Share on other sites

No.

 

Nobody is trying to hide anything, tip.it did get hacked. After the hack we were all told to change our passwords to all accounts that shared the same password as our TIF account. And way to be dramatic, `leaked all over the internet`, if it has been leaked all over, you should have no problem producing a link. Besides how did you jump to the conclusion that the OP got hacked because TIF got hacked.

 

Alright, maybe they are not hiding it but they are not doing anything to let people know about this either.

I would give you a link but this would lead to more hackings, would you seriously want that?

The conclusion - it's obvious. Smart people like cocacolabottle do not falll for phishers and keyloggers therefore there is only one option left - recovering.

Share this post


Link to post
Share on other sites

No passwords were leaked afaik, only the hashes. Which (I have been told, not very good with cryptography myself) probably means no accounts were actually compromised.


Supporter of Zaros | Quest Cape owner since 22 may 2010 | No skills below 99 | Total level 2595 | Completionist Cape owner since 17th June 2013 | Suggestions

99 summoning (18th June 2011, previously untrimmed) | 99 farming (14th July 2011) | 99 prayer (8th September 2011) | 99 constitution (10th September 2011) | 99 dungeoneering (15th November 2011)

99 ranged (28th November 2011) | 99 attack, 99 defence, 99 strength (11th December 2011) | 99 slayer (18th December 2011) | 99 magic (22nd December 2011) | 99 construction (16th March 2012)

99 herblore (22nd March 2012) | 99 firemaking (26th March 2012) | 99 cooking (2nd July 2012) | 99 runecrafting (12th March 2012) | 99 crafting (26th August 2012) | 99 agility (19th November 2012)

99 woodcutting (22nd November 2012) | 99 fletching (31st December 2012) | 99 thieving (3rd January 2013) | 99 hunter (11th January 2013) | 99 mining (21st January 2013) | 99 fishing (21st January 2013)

99 smithing (21st January 2013) | 120 dungeoneering (17th June 2013) | 99 divination (24th November 2013)

Tormented demon drops: twenty effigies, nine pairs of claws, two dragon armour slices and one elite clue | Dagannoth king drops: two dragon hatchets, two elite clues, one archer ring and one warrior ring

Glacor drops: four pairs of ragefire boots, one pair of steadfast boots, six effigies, two hundred lots of Armadyl shards, three elite clues | Nex split: Torva boots | Kalphite King split: off-hand drygore mace

30/30 Shattered Heart statues completed | 16/16 Court Cases completed | 25/25 Choc Chimp Ices delivered | 500/500 Vyrewatch burned | 584/584 tasks completed | 4000/4000 chompies hunted

Share this post


Link to post
Share on other sites

No.

 

Nobody is trying to hide anything, tip.it did get hacked. After the hack we were all told to change our passwords to all accounts that shared the same password as our TIF account. And way to be dramatic, `leaked all over the internet`, if it has been leaked all over, you should have no problem producing a link. Besides how did you jump to the conclusion that the OP got hacked because TIF got hacked.

 

Alright, maybe they are not hiding it but they are not doing anything to let people know about this either.

I would give you a link but this would lead to more hackings, would you seriously want that?

The conclusion - it's obvious. Smart people like cocacolabottle do not falll for phishers and keyloggers therefore there is only one option left - recovering.

 

 

There was a big notice left up about it for a month or two. What more do you expect them to do?

It happened like 4 months ago, they can't leave a notice up forever; the vast majority of active accounts saw the notice and dealt with reactivating forum accounts etc within a month or 2.


Plv6Dz6.jpg

Operation Gold Sparkles :: Chompy Kills ::  Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA Rewards

Dragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue

Share this post


Link to post
Share on other sites

No passwords were leaked afaik, only the hashes. Which (I have been told, not very good with cryptography myself) probably means no accounts were actually compromised.

It's only a matter of minutes to turn the hash into the password.(unless your password looks like 6t¤#sdDFD45¤%sGSDSGD#%46sdSDg.s6)

Share this post


Link to post
Share on other sites

Kaur's creative accusations aside..

 

To answer the OPs question, everyone would be wise to remember not to use the same passwords on different sites. That includes mail accounts, forum accounts, RuneScape accounts, and whatever other accounts you may have.

 

If they had access to your hotmail account you should ensure it held no sensitive information. If it did, act accordingly.


ms_julie.png

jafjepediasig.jpg

 

 

angel2w.gif Tip.It Website Crew Leader

[hide=Quotes]

I love it how Jafje comes outa nowhere and answers my questions

Hehe now we know what real life does...drugs, drugs, more drugs. Thank god we are addicted to something that won't kill us.

[/hide]

Share this post


Link to post
Share on other sites

Kaur's creative accusations aside..

 

To answer the OPs question, everyone would be wise to remember not to use the same passwords on different sites. That includes mail accounts, forum accounts, RuneScape accounts, and whatever other accounts you may have.

 

If they had access to your hotmail account you should ensure it held no sensitive information. If it did, act accordingly.

Thanks, I do think I'm creative too :)))

 

However even if you are wise now(which 90% of people aren't), you most likely were not wise 8 years ago when you made your accounts and were 12 years old.

Share this post


Link to post
Share on other sites

However even if you are wise now(which 90% of people aren't), you most likely were not wise 8 years ago when you made your accounts and were 12 years old.

Well, I am very sorry to disappoint you there. I quite liked remembering my variations. :P

 

To add what was previously said, some "scammers" or "hackers" try to get recovery information out of players by befriending them and casually asking them for their recovery answers ("What's your favourite food?" and what have you). Therefore it is also recommended that when you set recovery questions, they cannot be guessed by others - not even the ones closest to you.

 

Using codes or "passwords" for unasked questions would be an example.


ms_julie.png

jafjepediasig.jpg

 

 

angel2w.gif Tip.It Website Crew Leader

[hide=Quotes]

I love it how Jafje comes outa nowhere and answers my questions

Hehe now we know what real life does...drugs, drugs, more drugs. Thank god we are addicted to something that won't kill us.

[/hide]

Share this post


Link to post
Share on other sites

Make your actual ingame passwords different from your forum passwords.

 

That being said myself, on several forums I use the same password, but for all games I play I use different passwords lol.

 

Get some better security on your computer, that's all I can add.


douvdFX.jpg


 


Blog


Trimmed | Master Quester | Final Boss


Boss pets: Bombi | Shrimpy | Ellie | Tz-Rek Jad | Karil the Bobbled | Mega Ducklings


120s: Dungeoneering | Invention

Share this post


Link to post
Share on other sites
he must have access to my Hotmail account. This is the only way he would be able to change my passwords, right?

 

Wrong.

 

Let me tell you a story tip.it admins try to hide/cover up.

Tip.it got hacked. It's databases with ip-s, passwords and emails got leaked all over the internet.

Now if your tip.it's password matches your previous RuneScape password, it can easily be used to recover your account.

Yeah the fact that we had a huge newspost about it shows we really tried to cover it up :P


Posted Image

 

- 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting -

- 99 runecrafting - 99 prayer - 125 combat - 95 farming -

- Blog - DeviantART - Book Reviews & Blog

Share this post


Link to post
Share on other sites

No.

 

Nobody is trying to hide anything, tip.it did get hacked. After the hack we were all told to change our passwords to all accounts that shared the same password as our TIF account. And way to be dramatic, `leaked all over the internet`, if it has been leaked all over, you should have no problem producing a link. Besides how did you jump to the conclusion that the OP got hacked because TIF got hacked.

 

Alright, maybe they are not hiding it but they are not doing anything to let people know about this either.

I would give you a link but this would lead to more hackings, would you seriously want that?

The conclusion - it's obvious. Smart people like cocacolabottle do not falll for phishers and keyloggers therefore there is only one option left - recovering.

Then perhaps you can do us all a favour and provide this link to the admins just so that they can warn users that some of their information is out there.

Share this post


Link to post
Share on other sites

Sorry, my bad Tripsis :mellow:

 

 

Then perhaps you can do us all a favour and provide this link to the admins just so that they can warn users that some of their information is out there.

Here, I have this list of the people affected:

http://forum.tip.it/members/

Share this post


Link to post
Share on other sites

Sorry, my bad Tripsis :mellow:

 

 

Then perhaps you can do us all a favour and provide this link to the admins just so that they can warn users that some of their information is out there.

Here, I have this list of the people affected:

http://forum.tip.it/members/

Not sure if a bad troll? My gut instincts are normally correct.

 

Anyway, yes we announced widely about the incident that happened to out forum database, people should never use the same password on RuneScape that they do on Tip.it.


( ͡° ͜ʖ ͡°)

RIP Michaelangelopolous

Share this post


Link to post
Share on other sites

Yeah not only did we have the news post we also had a forum post (which at the time linked to the site homepage which had said news post), as well as a big red banner on all the forum skins for months if you were logged out.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.