Jump to content
TheLad1

Hacked :(

Recommended Posts

Guys,

 

It's finally happened, despite having (what I thought) a clean PC & Authenticator on my account I've tried to log in this morning to find I've been hacked.

 

Checking my e-mail account shows 5 messages from Jagex confirming the change of my password & e-mail address, these were all sent whilst I was sleeping & as such couldn't do anything about it.  I've obviously done an appeal & am now waiting for the response, as it's a Sunday morning I'm not hopeful for a speedy turnaround.

 

From 200m Slayer to Hacked in 1 week :(

 

I'm hoping my Bank Pin is secure for a couple more days..........................unless thats been key-logged as well.

 

If you see me in game, can you challenge me just in case someone has already purchased my account.

 

Any opther suggestions as to how I can potentially speed up the recovery of my account.

 

Cheers

 

 


the_lad_1.png

 

Share this post


Link to post
Share on other sites

Bank pins can't be keylogged.

 

Also in this instance it sounds like the flaw in your security was the email address as gaining access to that is the only way to bypass/remove the authenticator other than literally stealing the physical device running the authenticator.


Plv6Dz6.jpg

Operation Gold Sparkles :: Chompy Kills ::  Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA Rewards

Dragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue

Share this post


Link to post
Share on other sites

Well, A/c recovered.

 

4.5 billion of items no longer there + 1 bil of gp,  they had access to my Bank as well.

 

Think it may well be the spur I need to quit, my membership is due for renewal in January & I don't suppose I'll now bother renewing it.

 

I hope Mr Hacker / RWT'er you really enjoyed yourself last night on my gains over the past 11 years & manged to destroy this in less than 12 hours.


the_lad_1.png

 

Share this post


Link to post
Share on other sites

How did they manage to bypass your bank pin.. How is that possible?


4K469.png

"Night gathers, and now my watch begins. It shall not end until my death. I shall take no wife, hold no lands, father no children. I shall wear no crowns and win no glory. I shall live and die at my post. I am the sword in the darkness. I am the watcher on the walls. I am the shield that guards the realms of men. I pledge my life and honor to the Night's Watch, for this night and all the nights to come."

"An imperfect man can do great deeds, and a great man imperfect ones.

Share this post


Link to post
Share on other sites

How did they manage to bypass your bank pin.. How is that possible?

 

That's exactly what I want to know - thought my Bank would at least be safe, would have only lost c 100m then :(

 

Anyone know of a working Jaegx e-mail, the one I've used previously just bounces back now, I've written them a nice e-mail & could do with a reply.


the_lad_1.png

 

Share this post


Link to post
Share on other sites

Honestly the fact that they got into your email to by pass authenticator and do recoveries and got past your bank pin suggests to me it is someone you know in some way shape or form.

 

For one thing a simple keylogger can't get your bank pin - this means whoever hacked you entered the correct bank pin.

Which either means they knew it outright or knew enough about you to narrow it down to some possiblities (ie dob, signifcant dates etc)

 

Then for another, though entirely possible to marry up an email account to an rs account via keylogging it's not exactly a common route of hacking - firstly because it means keylogging a lot of stuff and then working through the data to find multiple accounts and secondly because if you are going to go after someones email there so much more to gain than a runescape account.

Meaning more often than not again this would suggest its someone with some knowledge of you - enough knowledge to know precisely what email the account is on and know enough to recover a 'forgotten password' for that account


Plv6Dz6.jpg

Operation Gold Sparkles :: Chompy Kills ::  Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA Rewards

Dragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue

Share this post


Link to post
Share on other sites

Honestly the fact that they got into your email to by pass authenticator and do recoveries and got past your bank pin suggests to me it is someone you know in some way shape or form.

 

For one thing a simple keylogger can't get your bank pin - this means whoever hacked you entered the correct bank pin.

Which either means they knew it outright or knew enough about you to narrow it down to some possiblities (ie dob, signifcant dates etc)

 

Then for another, though entirely possible to marry up an email account to an rs account via keylogging it's not exactly a common route of hacking - firstly because it means keylogging a lot of stuff and then working through the data to find multiple accounts and secondly because if you are going to go after someones email there so much more to gain than a runescape account.

Meaning more often than not again this would suggest its someone with some knowledge of you - enough knowledge to know precisely what email the account is on and know enough to recover a 'forgotten password' for that account

 

They sent a request to find out all accounts associated with my e-mail address (see below), Jagex oblidged them by sending a nice list of my accounts & I assume they then married the RS names & my e-mail address to change password etc.

 

No-one irl has access to my Runescape details.

 

 

 

You requested details of all login names associated with this email address. 

 

We found 4 accounts that can be used to log in to RuneScape and other Jagex games. 

 

Fork Sake

Kin L

The Lad1

****my e-mail address here*************

 

If you did not submit this forgot login request, you can safely ignore this email - your accounts will remain secure. 

 

Kind regards, 

 

Jagex Account Support


the_lad_1.png

 

Share this post


Link to post
Share on other sites

 

Honestly the fact that they got into your email to by pass authenticator and do recoveries and got past your bank pin suggests to me it is someone you know in some way shape or form.

 

For one thing a simple keylogger can't get your bank pin - this means whoever hacked you entered the correct bank pin.

Which either means they knew it outright or knew enough about you to narrow it down to some possiblities (ie dob, signifcant dates etc)

 

Then for another, though entirely possible to marry up an email account to an rs account via keylogging it's not exactly a common route of hacking - firstly because it means keylogging a lot of stuff and then working through the data to find multiple accounts and secondly because if you are going to go after someones email there so much more to gain than a runescape account.

Meaning more often than not again this would suggest its someone with some knowledge of you - enough knowledge to know precisely what email the account is on and know enough to recover a 'forgotten password' for that account

 

They sent a request to find out all accounts associated with my e-mail address (see below), Jagex oblidged them by sending a nice list of my accounts & I assume they then married the RS names & my e-mail address to change password etc.

 

No-one irl has access to my Runescape details.

 

 

 

You requested details of all login names associated with this email address. 

 

We found 4 accounts that can be used to log in to RuneScape and other Jagex games. 

 

Fork Sake

Kin L

The Lad1

****my e-mail address here*************

 

If you did not submit this forgot login request, you can safely ignore this email - your accounts will remain secure. 

 

Kind regards, 

 

Jagex Account Support

 

Jesus did they send that email from your already hacked email account? If not that is a special kind of stupid on their part.

 

In the past when I tried a request like that they made it a type of puzzle for me so that if it was a hacker they would still need to know close to my account name.

For example it went: You account name is Fr**_S**el*


Sig

Share this post


Link to post
Share on other sites

That still strongly suggests they knew a lot about you.

No-one is going to to just hack a random email address then contact jagex on the off chance it is an Runescape account.

 

This is the method of someone who knows the owner of this email address has a runescape account obtaining the final piece of information required to hack that account - the login name.

With that information secured and access to the email it simply becomes a matter of recovering a lost password.

 

And again there is no way they can bypass your bank pin and it can't be keylogged - this means the hacker knew enough about you to guess your bank pin.


Plv6Dz6.jpg

Operation Gold Sparkles :: Chompy Kills ::  Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA Rewards

Dragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue

Share this post


Link to post
Share on other sites

I'm now of the opinion that it was an 'internal fraud' at Jagex.  No keylogger on my computer, I've not been Phished & no-one irl knows I play RS.

 

Seems very coincidental that I was hacked shortly after my 200m Slayer Global Announcement.

 

Maybe I'm just that little bit too cynical...............


the_lad_1.png

 

Share this post


Link to post
Share on other sites

No way it hell it was 'internal fraud' who in their right mind is going to mess with customers personal data at their place of work for the sake of some runescape gp?

 

Thats the kind of thing that could land you in serious legal trouble and/or ruin your prospects of getting any job ever again.

 

Not to mention the fact that if someone was internal and was going to steal/mess with someones account they'd have absolutely no reason to do an account recovery via your email and definitely would not be asking what users were joined to that email - they'd have all that data already and there is almost certainly account management systems that allow them to manually override passwords etc.

 

Plus if someone was going to do that why your account? Sure you have some xp and stuff, but yours nowhere amazing compared to some accounts they could hit.

 

Also it's worth nothing you seem to have taken from my former points that I was suggesting someone who knows you irl - I was not. People who know you online and have some decent search skills could probably turn up plenty to manage a hack. In this day and age generally with a few very basic details you can find a profile of some sort for someone online and start to gather more information -  a fb account with badly set privacy settings can reveal dob, email address, home towns, maiden names, relatives, pets, schools (which can lead to teachers for reocvery questions), holidays etc, a twitter with location data turned on can reveal places you like to frequent, last.fm, goodreads, tv tracking services, amazon wishlists etc can turn up interests and other favourties.


Plv6Dz6.jpg

Operation Gold Sparkles :: Chompy Kills ::  Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA Rewards

Dragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue

Share this post


Link to post
Share on other sites

That said I also have a throwaway email account with a weak password I use for garbage and that gets hacked into bi-yearly.

 

Could be the weak password, or a keylogger, but if it was the latter I think they would do more than some Gmail hacking.

 

If your email password was weak it could have been brute forced (Though I agree with Sy more, I've seen my co-worker dig up obscene amounts of information on people in minutes)


Sig

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.