Forums

My account got breached

Quick find code: 259-260-34-66011767

Desupty RS

Desupty RS

Posts: 9,342 Rune Posts by user Forum Profile RuneMetrics Profile
Hi,

I haven't posted here in years but it's a relief to still see some names I recognize on the first page of threads.

I'm just posting here on behalf of improving the overal security of RuneScape accounts as I believe any sort of compensation regarding getting my account hacked through a faulty system is not possible anyways.

My previous username was Desupty and I've had my account for almost 7 years. A lot of my progress was video logged to YouTube. This included information such as my first membership subscription date, my account creation date and possibly more information that could have been used to breach my account.

I think it's important to note that I have never had any one of my accounts hacked on any platform, ever. As I run a fairly successful YouTube channel (not RuneScape related) which basically pays for my living expenses, I'm very careful with security. I truly believe that having my RuneScape account hacked was not a problem from my end, but one of RuneScape's. I honestly never thought that I would be a person to post a "i got hacked"-thread some day as I firmly believed that these threads were always created by irresponsible players.

Either way, I had stopped logged into RuneScape around the end of January due to some business related stuff in Thailand. I logged in on the game a couple of times from my private appartment and then forgot about the game alltogether. Last night I tried to log in only to find out my password was incorrect. Not just that, my username and recovery e-mail were also different. I believe my account has been recovered through VERY LITTLE information, which allowed to be possible due to not having logged in for a while (I've been told it gets easier to recover when the account is "inactive&quot ;) . This shouldn't be possible. Especially not after removing JAG, which was basically foolproof and which I had activated for as long as possible.

cont.

13-May-2018 02:36:19 - Last edited on 13-May-2018 03:01:22 by Desupty RS

Desupty RS

Desupty RS

Posts: 9,342 Rune Posts by user Forum Profile RuneMetrics Profile
So basically my account got hacked, my bank got raided from a couple of billion. Numerous members of my (now ex)-clan "Efficiency Experts" got succesfully lured by my hacker and my name, which was more important to me than anything as I've been quite a "celebrity ", was changed.

The hacker was smart, yet, my YouTube nor PayPal have been accessed despite having the same password. Nor did my other 4 accounts get hacked, which unluckily don't have much value in their bank. Also the same password. This helps me believe even further that my password was never actually retrieved.

Anyways, I know how extremely unhelpful Jagex is when it comes to these things, but I do atleast hope the topic gets read. A bit of sympathy or "gtfo" is also more than welcome.

It's scary to find out how easy it is to get your account breached on a game as popular as RuneScape

I hope everybody has been well and any advice in which further steps I could take would be greatly appreciated. At the very least, I would like to have my old username "Desupty" back and also be made sure that my account is never to be recovered like this again. The account is my prized possession, whether I play on it or not. As of right now, I have absolutely no incentive of ever coming back, but it would be a relief knowing that I can turn my back on this game without having to worry about some other kid accessing it.

(oh and look into my recent trade logs and find out who stole the account and ban the kid? apparently several lured partyhats have been transferred)

Edit: I just googled my username and found a video of the hacker doing a lure /watch?v=gc1jCugUgPY --- The lure was being performed with two other accounts named "Jeremy Will" and "Rank 789" (although I can't find him now). Both of these accounts might have also been breached.

13-May-2018 02:36:31 - Last edited on 13-May-2018 02:59:19 by Desupty RS

Ladyolake
Jan Member 2008

Ladyolake

Posts: 7,094 Rune Posts by user Forum Profile RuneMetrics Profile
IF the name was only changed 1 time the old name is attached to the name for 35 days. In some cases longer. As a member you can change your name every 28 days free, or buy
a bond for an early name change.

Sorry this happened to you.
The richest person is not who has the most. It is who Needs the least.

13-May-2018 02:56:57

Desupty RS

Desupty RS

Posts: 9,342 Rune Posts by user Forum Profile RuneMetrics Profile
Ladyolake said :
IF the name was only changed 1 time the old name is attached to the name for 35 days. In some cases longer. As a member you can change your name every 28 days free, or buy
a bond for an early name change.

Sorry this happened to you.


It's been longer than 35 days unfortunately. I've just found a video of a scammer in action with my account which was uploaded on the 4th of April.

Thanks for the tip.

13-May-2018 03:00:35

Loki
Sep Member 2011

Loki

Posts: 65,226 Emerald Posts by user Forum Profile RuneMetrics Profile
Wow.. I remember seeing you around a lot in-game. :( Very sad to see this has happened to you. I had a similar situation to you at the end of 2016, where I had every bit of security active on my account, yet was still breached. I was logged into my alt at the time it happened (both accounts had the same passwords and bank pins), yet only my main was breached. So all I could do was watch while the hacker was on OSRS (I had nothing on there as I don't play OSRS), and then log into RS3 very shortly after and clean everything out. By time Jagex responded to locking my account via their twitter account, it was too late. The hacker managed to transfer around 3.5B, leaving me with 75M GP, dual drygores and an amulet of souls.

I read your whole thread, and I didn't see any mention of having Authenticator active (unless I'm blind and missed it)? I believe Jagex announced several times that JAG would finally be removed permanently, so if you didn't have Authenticator active, that could be how your account was breached.


Not related to a hack, but I was told account usernames remain as part of your account (showing as your previous username) for the amount of time you had it active for. I had my previous name 'AOROX' for just over 10 years, so I didn't bother alternating between the two names after I got Loki, to one day logging in with someone pming me with my name asking if I wanted to buy it back for 2B. I have a feeling who it might be, because they've done that sort of thing to several players, but I can't be 100%. Because I didn't even respond to them, I had reports that the person was using my previous name to spam FCs/Clans, as well as lure/impersonate me.


Continued below...
• »‡« •
Adam
• »‡« •

Success is not final, failure is not fatal. It is the courage to continue that counts.

13-May-2018 05:43:39

Loki
Sep Member 2011

Loki

Posts: 65,226 Emerald Posts by user Forum Profile RuneMetrics Profile
Continued from above...


I do hope that a Jagex Mod is able to see this post, and you're able to get your username given back at the very least (still some hope I'll get mine too), and sad to see you leave RS.

Remaking any amount of GP isn't too difficult to do nowadays, although finding the motivation to do so will be difficult. Without the assistance of several friends, I don't think I would've been able to get back into the game as much as I would've have, had I not had anyone to help me. If you do ever return and want some help/someone to talk to, my PM is usually always open c:
• »‡« •
Adam
• »‡« •

Success is not final, failure is not fatal. It is the courage to continue that counts.

13-May-2018 05:45:37

Desupty RS

Desupty RS

Posts: 9,342 Rune Posts by user Forum Profile RuneMetrics Profile
Hi Loki! I remember your profile picture.

It seems that this has been a problem for several years now. Very sorry to hear the same has happened to you a couple years back, which gives even better reason to improve the security system. With improving, I mean not allowing accounts to be recovered so easily or whatever it is that got our accounts stolen.

I'm not exactly sure what happened to the authenticator, as I had (and still have) the authenticator app on my phone. I just stopped using it as I was always logging in on the same desktop, thus no longer being prompted. Strangely enough my account settings says it has been disabled. No clue if this is something the hacker did, or if it got disabled a long time ago and I simply never noticed because I was used to not being asked for a code.

Thank you very much for your support and sharing your story. I'm intrigued to hear about more of these now.

I'd be motivated to play again but this experience has been somewhat traumatic to me. My account has been with me ever since I created it at a much younger age and I've always been able to leave the game and come back to it whenever I wished. Now, to know that any fool can recover my account when I go inactive for a little bit, makes it feel like my account is more of a community-played account and no longer a personal belonging. It's also a true shame how my account has been used in numerous lures and my previous clan seems to suspect that I was behind all this as I didn't get the most warming welcome upon questioning what happened. So I got very little to come back to. The only incentive for me to rebuild would be when I'm absolutely assured the security systems are improved and my account can no longer be taken away from me so easily. It's very scarring.

13-May-2018 08:14:52 - Last edited on 13-May-2018 08:18:00 by Desupty RS

Bobhaz
Jun Member 2021

Bobhaz

Posts: 55,618 Emerald Posts by user Forum Profile RuneMetrics Profile
i guess this could be a warning to people that are having a break from the game to check authenticatior before you go to make sure its working properly?
i was a watcher of your vids way back so i hope you get your things back and all the rest

13-May-2018 09:01:27

Desupty RS

Desupty RS

Posts: 9,342 Rune Posts by user Forum Profile RuneMetrics Profile
Bobhaz said :
i guess this could be a warning to people that are having a break from the game to check authenticatior before you go to make sure its working properly?
i was a watcher of your vids way back so i hope you get your things back and all the rest


Definitely. I strongly advise to not only set up the authenticator but also a bank pin whenever you decide to take a break. Both OSRS and RS3.

Thank you

13-May-2018 09:11:03

Loki
Sep Member 2011

Loki

Posts: 65,226 Emerald Posts by user Forum Profile RuneMetrics Profile
Desupty RS said :
I'm not exactly sure what happened to the authenticator, as I had (and still have) the authenticator app on my phone. I just stopped using it as I was always logging in on the same desktop, thus no longer being prompted
That's very strange. I am forced to enter authenticator every 30 days on my personal computer alone, and every single time I go to a friends house and log in on their computer. O_o

Just curious - did they breach the email account you had attached to the account? I know when it happened to me, I had no idea my email was hacked, until I received a message from Facebook, and Apple stating that someone from New Zealand had accessed those accounts. I thought it was strange, so proceeded to just change the passwords on those, which I guess was something to distract me while they were raiding my RS account. When I found out, and sent in recoveries, I found that the hacker deleted any email Jagex sent to me regarding recovering my account (they were still in the trash), so as to hide it from me while I was dealing with Facebook/Apple.

I didn't take any chances, so I did a complete factory reset in case anything was on my PC, even after doing multiple scans which came back as negative.

I still do wonder though, considering Authenticator is on my iPhone, if there was somehow a way to get the codes using my Apple account. Seems unbelievable, but those hacking nerds always have a trick or two up their sleeves lol.
• »‡« •
Adam
• »‡« •

Success is not final, failure is not fatal. It is the courage to continue that counts.

13-May-2018 09:55:41 - Last edited on 13-May-2018 09:56:19 by Loki

Quick find code: 259-260-34-66011767 Back to Top