forums.rs

Forums

Hacked with 2fa

Quick find code: 408-409-193-66281313

JesseAs

JesseAs

Posts: 1 Bronze Posts by user Forum Profile RuneMetrics Profile
Apparently my Old School account got hacked this weekend (Around 1:50AM June 4th, according to a friend who saw me log in and out a few times). But I have no clue how.
I haven't used this account in a while, and didn't have members for a while either. They bonded me up and traded(or dropped) most of my wealth away. I do have 10 days of 'free' membership left tho.....

Facts:
- Account had 2FA
- 2FA still intact, bank pin gone
- Amazon account was linked (but i don't think you can use that to log in?). This account didn't have any strange login activity
- Steam account was linked. Checked if it was still my account (seems like it was since I could login using my steam). This account also had 2FA and no strange login activity
- No other accounts were linked (I've unlinked Steam & Amazon now to be sure. although I'm pretty certain they were still linked to my accounts)
- Main email account. Has 2FA + no strange login activity
- ALL accounts use different passwords
- According to a friend they logged in the previous weekend as well, probably to reset bank-pin. (How fucking awesome would it be if you guys would send a mail if someone tries to reset a bank pin?)

Also, I don't see myself clicking a phishing link and not noticing. (Fairly security driven and work in Software Engineering)

How in the world was I hacked??
And how in the world would I Improve my security!? (except resetting all authenticators & passwords of course)

05-Jun-2023 13:24:27 - Last edited on 05-Jun-2023 13:31:05 by JesseAs

Mrs Ana

Mrs Ana

Posts: 9,010 Rune Posts by user Forum Profile RuneMetrics Profile
Hey, JesseAs.
JesseAs said :
- Amazon account was linked (but i don't think you can use that to log in?). This account didn't have any strange login activity
- Steam account was linked. Checked if it was still my account (seems like it was since I could login using my steam). This account also had 2FA and no strange login activity Other than a phishing link and/or Remote Access Trojan (RAT) on your computer, the above may have been the culprit. Linked accounts allow you -- or the hijacker, for that matter -- to log into the account without having to enter the password and/or the Authenticator.

Your best bet to improve your overall security is to follow the tips/suggestions/instructions found here: Security tips . I'd also recommend that you look into upgrading your account to a Jagex account for the possible security settings: Upgrade your RuneScape character to Jagex account .

05-Jun-2023 16:10:52

Wassep
Jul Member 2022

Wassep

Posts: 411 Silver Posts by user Forum Profile RuneMetrics Profile
Hello,

Yeah sending a email when your bank pin is being reset would be a really good idea. I'm sorry that happened to you, i'm going to assume that your authentication token was hijacked which is why they got past 2FA. I would definitely make sure there are no weird programs running in the background, and obviously change your password(s) to any account tied to this one. It could have been a multitude of things that have caused this to happen but the most common one is a phishing link, and even the most secure minded people sometimes slip up by accident. It just takes one click, in addition, there's a lot of discord phishing attacks going on now too. Often if someone's doing a targeted attack (like your RuneScape account) they wouldn't change much on a linked account, as there's really no value and it would have put up a red flag while they were waiting on your bank pin.

Best thing you can do is just run a malware/virus scan, reset passwords (which you've stated) and be mindful of links you click. Hope it never happens again.
Here to help <3
Still confused?Heres some great resources:
Runescape Support | Game Suggestions

05-Jun-2023 16:14:03

Quick find code: 408-409-193-66281313 Back to Top