Jump to content

Has anyone else been hacked after not playing for a while?


Puccioso

Recommended Posts

Ok so, I'm not really pissed or whatever, I've pretty much quit playing RS as I did before, since I have no time for it. But a couple days ago, when I decided to get back at it (to play very moderately uh xD) after about a year without logging in, I found it hacked in a rather weird way...I had all my items still, with the most precious ones being in my inventory, noted, and all my cash was gone. Same thing happened to a couple of friends of mine...

I can't figure it out...I'm sure my computer's clean from any malware, and anyway I haven't logged in for about a year, while it looks like it was hacked about 3-4 months ago. My password was changed but it took me no time to recover it, and since then I've had no more problems. Did this happen to any of you?

 

PS: Oh I also found myself with nothing equipped sitting at GE.

My Runescape Toolkit Client

Core:

Skill data handling: 100% (for now)

Skin system: 80%

Script system for user made addons: 20%

Data (will add methods to retrieve it online, but for the features I want to add, like advanced skill/profit calculations, I need to have it all at hand at anytime):

Item database: 0%

Skill database: 15%

Bestiary: 0%

Features:

Grand Exchange support: 100%

Highscores support: 100%

Calculator support: 100%

Skill support: 80%

(All the stats showed are provvisory, further updates to my client might affect progress on those fields)

Link to comment
Share on other sites

Honestly if just your cash was gone and none of your items, I would check your recent offenses. Sounds like Jagex may have caught you macroing. I am not saying it is what happened, but it sounds like when they were wiping the wealth from accounts.

Boredom.png
Link to comment
Share on other sites

I thought I'd been hacked after nine months of inactivity but after checking a few things and punching in a few sums, I can't possibly have been. All my cash was gone, but my items were still there, a lot of them could have been sold too, so it just didn't make sense that I'd been hacked. I think looking at my herblore level, I must have spent all my stuff on that, and put the rest of my cash in MTK before quitting.

 

There's probably a rational explanation. I have no macro offenses, proven or otherwise, against my account.

Link to comment
Share on other sites

Honestly if just your cash was gone and none of your items, I would check your recent offenses. Sounds like Jagex may have caught you macroing. I am not saying it is what happened, but it sounds like when they were wiping the wealth from accounts.

Nope, the only offense I have is back in 2009 when I was doing merchanting and downloaded a crappy auto typer that got me a 3 days ban :\

And furthermore when I logged in (after more than 1 year not playing), it said my last login had been 3 months earlier, can't remember exactly but I think it was from China?

 

I'm sure I didn't spend them either, also because I had not even 1 gp in my bank and I would've never spent all my cash on skills. Furthermore I found myself with nothing equipped and all my valuable items (about 150m of stuff) sitting in my inventory, noted :?

My Runescape Toolkit Client

Core:

Skill data handling: 100% (for now)

Skin system: 80%

Script system for user made addons: 20%

Data (will add methods to retrieve it online, but for the features I want to add, like advanced skill/profit calculations, I need to have it all at hand at anytime):

Item database: 0%

Skill database: 15%

Bestiary: 0%

Features:

Grand Exchange support: 100%

Highscores support: 100%

Calculator support: 100%

Skill support: 80%

(All the stats showed are provvisory, further updates to my client might affect progress on those fields)

Link to comment
Share on other sites

But then why did this happen to, like, two friends of mine? I even began to think of a Jagex conspiracy xD

My Runescape Toolkit Client

Core:

Skill data handling: 100% (for now)

Skin system: 80%

Script system for user made addons: 20%

Data (will add methods to retrieve it online, but for the features I want to add, like advanced skill/profit calculations, I need to have it all at hand at anytime):

Item database: 0%

Skill database: 15%

Bestiary: 0%

Features:

Grand Exchange support: 100%

Highscores support: 100%

Calculator support: 100%

Skill support: 80%

(All the stats showed are provvisory, further updates to my client might affect progress on those fields)

Link to comment
Share on other sites

I'm sure this has happened to me too. I stopped playing for almost a year, and I lost a few items and such. It can't be macroing, as I am a legit player - I've played for years. I was hoping my PC wasn't infected. I think it was hacked as apposed to anything else, though. I remember getting a strange message left in my notes from someone who got into my account.

 

I'm glad they have the new system in place now, though.

Link to comment
Share on other sites

There are people who "specialise" in trying to recover accounts from retired or inactive accounts. This coupled with the often woefully inexperienced customer support staff can often mean accounts can be lost to "hackers" with very minimal information. Information which could be gleaned from database thefts from fansites or even from social networking sites like Facebook or Twitter.

 

I too once had my account stolen when I was quit for a few years. Nowadays Jagex gives us some much more secure tools to keep safe so always take advantage of them and activate JAG for enhanced security.

  • Like 1

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites

To a certain extent, I don't mind that situation. If that did happen, it's my fault for putting the information on Facebook in the first place and making the information available to the public, not Jagex's customer services team, and I accept the risk that if I quit and I'm not longer monitoring my account's activity, someone might try to take advantage of that. There has to be some level of personal responsibility, and now that we have JAG, if you fail to make use of it then you don't really deserve much sympathy.

  • Like 1
Link to comment
Share on other sites

In fact I don't mind it at all, as I've retired from Runescape anyway. I didn't know it was possible to recover an account with that minimal information tho, I feared someone managed to hack into the password database and was clever enough to hack just unused accounts :\ Meh, I'm being paranoid now.

Still that's pretty much weird, I don't use social networks and this the first time I join a fansite, I've always been very careful in keeping my account protected. I wonder how they could possibly steal informations to hack into my account... I suppose the old system was really flawed then (I don't even remember how password recovery worked before)

My Runescape Toolkit Client

Core:

Skill data handling: 100% (for now)

Skin system: 80%

Script system for user made addons: 20%

Data (will add methods to retrieve it online, but for the features I want to add, like advanced skill/profit calculations, I need to have it all at hand at anytime):

Item database: 0%

Skill database: 15%

Bestiary: 0%

Features:

Grand Exchange support: 100%

Highscores support: 100%

Calculator support: 100%

Skill support: 80%

(All the stats showed are provvisory, further updates to my client might affect progress on those fields)

Link to comment
Share on other sites

Sometimes people forget what they have put online and what questions they used. Years ago you may have put as one of your recovery questions something such as "Favourite album ". Now years later you might post on another forum thread such as The "Your favourite....?" game! what that was without realising the connection. For an inactive account this might be all the information required to eventually persuade Jagex they are you.

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites

Did you check your money pouch?

Yes. Took me a while to notice it, when I found it I thought for a second that I hadn't been hacked, but unfortunately it was as empty as it could be :(

My Runescape Toolkit Client

Core:

Skill data handling: 100% (for now)

Skin system: 80%

Script system for user made addons: 20%

Data (will add methods to retrieve it online, but for the features I want to add, like advanced skill/profit calculations, I need to have it all at hand at anytime):

Item database: 0%

Skill database: 15%

Bestiary: 0%

Features:

Grand Exchange support: 100%

Highscores support: 100%

Calculator support: 100%

Skill support: 80%

(All the stats showed are provvisory, further updates to my client might affect progress on those fields)

Link to comment
Share on other sites

I agree it sounds like someone botted on your account and Jagex wiped your money. At least you got the account back.

Impossible, I have no offences besides the one I got back in 2009. I think someone just managed to recover my account in the last year, but I don't get why he stole 80m cash and left me with more than 150m in items :\ Furthermore he left them all in my inventory.

My Runescape Toolkit Client

Core:

Skill data handling: 100% (for now)

Skin system: 80%

Script system for user made addons: 20%

Data (will add methods to retrieve it online, but for the features I want to add, like advanced skill/profit calculations, I need to have it all at hand at anytime):

Item database: 0%

Skill database: 15%

Bestiary: 0%

Features:

Grand Exchange support: 100%

Highscores support: 100%

Calculator support: 100%

Skill support: 80%

(All the stats showed are provvisory, further updates to my client might affect progress on those fields)

Link to comment
Share on other sites

Since they were in your inventory, I think they must have gotten interrupted before they had a chance to transfer them. Dunno why they didn't return and finish though.

  • Like 1

Silverfox30.png


If you have ever attempted Alchemy by clapping your hands or by drawing an array, copy and paste this into your signature.
^^^At least I'm not the only crazy one

Link to comment
Share on other sites

My previous (and as far as I am aware, my only) account compromise, it was probably as weird as it could be.

 

My cash pile were still there, in fact it grew LARGER, but some of the more 'valuable' items at the time (mostly collection items, such as approximately 8k Monkfish, about 6 Dragon Platelegs/Plateskirts, various other bits and pieces) were missing, I had assumed he GE'ed them for me.

 

IE, the hacker GE'ed some items in my bank, but left my cash pile in tact.

 

However, Trade limit was still in place back then, so I assume it was because of that. But it was a very weird hack situation.

tim_chenw2.png
6,924th to 30 hunting, 13,394th to 30 summoning, 52,993rd to 30 Divination

Kiln Record (Post-EoC): W 25 - L 0, 14 Uncut Onyx, 8 Jad hits received (Best record: Two in the same kiln)
Obby set renewed post update #2: 0

QBD drops: 21 crossbow parts, 3 Visages, 1 Kites, 2 Kits

Max Port Score [2205] Achieved: 27th April 2013 (World 2nd)

 

Farmyard Rampage ranking: 12th, 50,000 Kills.

 

Dragon Pickaxe Drops: 1 (Times after I first entered Battlefield: 2h)

Link to comment
Share on other sites

Yeah, it's most probably a situation of social engineering recovery.

I was hacked while I was inactive also. Although I did not get as lucky as you did. Unfortunately since the fansite databases have been compromised in the past, it is easy to recver a player if he or she was inexperienced enough to use some of the same details on a fansite that one used with RS account. That's what happened to me anyway.

purekilljoy.png

Link to comment
Share on other sites

Time to post something useful!

 

 

TL;DR: Accounts are never 100% safe, working customer service sucks, and I like 3.14.

 

Ok, so working as a customer service agent and supervisor for a major cellular telecommunications company in the technical support department and general customer service as well as having experience as a white-hat contracter, I learned a lot about ticket systems, customer personal information handling, and attitudes of both representatives and supervisors towards that data. This is something I have personally dealt with.

 

[spoiler=Story Time!]

 

One relevant example I can provide to this subject is the heavily modified (but real at the core) story of Mary Sue and her phone account recovery. Most details (names, locations, jobs, etc) have been changed to protect the customer this happened to as well as me for posting it (without breaking NDA).

 

Mary Sue was a successful business woman from New York City. She was an accountant in one part of a fortune 500 company. She had a husband and 3 kids. She was very good at managing her cell phone account on a regular basis. One day, Mary Sue received a temporary job assignment to Japan to start a foreign sector of the company. She would be over there for 6 months. She accepted the job and was eventually promoted to lead financial accountant for the corporation after an outstanding performance. When she returned, she found out her husband cheated on her, another woman named ShaNayNay was living with her husband in the house, and her husband sent the kids to private school for 6 more months in Sweden. After a very unhappy 2 months of going through divorce processes and getting her kids back, Mary Sue remembered about her cell phones so she decided to attempt to access her account only to find out it was under someone else's name. Mary Sue was feeling very unhappy.

 

When recovering the account Mary Sue provided the wonderful supervisor she spent an hour reaching, the aforementioned story, with her name, address, and secret question answer (which was the name of the dog). The kind supervisor followed procedure and restored the account under her name and disabled the active phones which would take effect on midnight EST the next day. The supervisor also provided the customer with a free phone voucher since she had been with us for 10 years.

 

One day later, the supervisor received an internal notice that a customer named Mary Sue had called in saying someone disabled her phones (when phones are disabled, the person can still reach customer service) and his name tag was on the log for who disabled the phones. It turned out that the person whom called in was in-fact Bob, someone who had doxed Mary Sue and obtained her dogs name from her facebook profile and knowing Mary Sue loved dogs, Bob figured that was her password. Bob also had a slightly feminine voice so with proper voice control, he pulled off a perfect female voice. Mary Sue was in fact away, but in the hospital for Chemotherapy for her Lung Cancer in Los Angles for 6 months, which was also on her facebook.

 

 

 

 

How the above story relates to Runescape is basically, as long as someone knows enough information about you or has infected you with malicious software, it is only a matter of time until they can access your Runescape account. Customer service agents and supervisors have protocols they have to follow in certain situations. In the story above, the supervisor was not at fault for giving access to the hijacker as the hijacker provided enough information to pass by as the actual owner. There is practically no way the supervisor could have known that the caller was the hijacker.

 

Now another note; Since the person in the story was away and did not log into the account for 6 months, it made the story provided by the hijacker even more realistic. Most people check access logs for stories like this. How this relates to Runescape is most players start playing before college and take a break during school for 3, 6, and even 12 months or more at a time. Also, people tend to move around, lose interest in playing, and take breaks. The longer you do not access your account, the easier it is for someone to hijack it. I am not saying that if you don't login for 6 months, someone will take your account. I am just saying that it will become easier to hack, even with JAG or any security measures in place.

 

With a game like Runescape, with JAG enabled, I can guarantee that if someone has your email, IP, and time, they can recover your account. The reason I added the criteria of time into play here is because it takes time to research the victim and obtain enough details about them. It takes time to develop a highly plausible story to send Jagex. It takes time to perform multiple attempts.

 

This has happened to me. During the fan sitehack wave about a year ago, the email I used with RuneScape was the same email I registered with a specific fan site, was obtained from the database. The passwords were totally different. All of my in-game passwords are a randomly generated string. After my email was obtained, it was only a matter of time until the hacker obtained the rest of the information from either database entries or logs from the fan site.

 

I blame Jagex for lack of common sense and detective skills. The IP address which last logged into my account was 10,000 miles from where I lived and was on a list of spamming and hacking IPs relating to both Minecraft, Runescape, and other games. I blamed them for making it too easy to recover accounts. I had an alternate account I never logged into since 2006. I legitimately forgot the password. Using a proxy, I submitted my real IP and information which was listed on an archived forum site from then provided a heartwarming story of why I haven't played in 6 years. Only 6 hours after the recovery request was submitted, I received an email saying it was successful. I know people make mistakes and stuff like this happens with Runescape or with other companies all the time. I have been on the other side and personally made that mistake of allowing a stranger access to someone else's account.

  • Like 2

wii_wheaton.png

[software Engineer] -

[Ability Bar Suggestion] - [Gaming Enthusiast]

Link to comment
Share on other sites

Wow, now this is very interesting. I guess some very useful information could be extracted from what you said, at least to make accounts a bit more protected. Still it's impressive how Jagex doesn't mind IPs when recovering accounts... Thinking about it it's not so unreasonable, as there could really be someone who moved thousands of miles from his home and decided to get back on Runescape, and I suppose it would be really hard for them to determine whether it's the truth, or just someone trying to steal an account. They can't deny all this kind of requests as that would prevent legit password recoveries, so they have to accept them all.

I must say, I've never looked at it this way.

My Runescape Toolkit Client

Core:

Skill data handling: 100% (for now)

Skin system: 80%

Script system for user made addons: 20%

Data (will add methods to retrieve it online, but for the features I want to add, like advanced skill/profit calculations, I need to have it all at hand at anytime):

Item database: 0%

Skill database: 15%

Bestiary: 0%

Features:

Grand Exchange support: 100%

Highscores support: 100%

Calculator support: 100%

Skill support: 80%

(All the stats showed are provvisory, further updates to my client might affect progress on those fields)

Link to comment
Share on other sites

This has happened to me. During the fan sitehack wave about a year ago, the email I used with RuneScape was the same email I registered with a specific fan site, was obtained from the database. The passwords were totally different. All of my in-game passwords are a randomly generated string. After my email was obtained, it was only a matter of time until the hacker obtained the rest of the information from either database entries or logs from the fan site.

 

I've seen quite a few hack attempts pass by during my absence from RS. The worst for me was also the fan sitehack armageddon last year. They'd got into one of my e-mail accounts, which was also the address to which my RS account was linked. Luckily, they didn't get into my RS account. Sadly, they then decided to hack into other accounts linked to that e-mail account, such as yahoo, etsy, twitter,... They changed all my passwords, not sure why though. Boredom? The hacked e-mail account was really more of a spam account and I got control over all my accounts again within minutes, so there was no damage done, but it gave me quite the scare nonetheless. Since then, I'm a lot more careful and use separate e-mail accounts for everything, even if it feels quite silly.

 

Even before that, I got Jagex e-mails from time to time that evidenced someone trying to get into my account but failing to get the recovery questions right. In my case, Jagex didn't fall for it, to my relief. It was just a weird feeling to see a game that wasn't even on my mind anymore cause such havoc.

Link to comment
Share on other sites

yep mine was hacked when i quit for a year lucky me the hacker did all bandos godwars so when i logged on had 10 sets of bandos 5 d claws and a load of other expensive items sold and made few around 200-300m,dunno why he didnt trade items

Edited by Randox
censor
Link to comment
Share on other sites

yep mine was hacked when i quit for a year lucky me the hacker did all bandos godwars so when i logged on had 10 sets of bandos 5 d claws and a load of other expensive items sold and made few around 200-300m,dunno why he didnt trade items

Woah, you really were lucky ;) In the end I have been as well, I didn't lose much.

My Runescape Toolkit Client

Core:

Skill data handling: 100% (for now)

Skin system: 80%

Script system for user made addons: 20%

Data (will add methods to retrieve it online, but for the features I want to add, like advanced skill/profit calculations, I need to have it all at hand at anytime):

Item database: 0%

Skill database: 15%

Bestiary: 0%

Features:

Grand Exchange support: 100%

Highscores support: 100%

Calculator support: 100%

Skill support: 80%

(All the stats showed are provvisory, further updates to my client might affect progress on those fields)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.