forums.rs

Forums

Account was hacked with Auth

Quick find code: 408-409-4-66289554

Doobywoo

Doobywoo

Posts: 6 Bronze Posts by user Forum Profile RuneMetrics Profile
I've played OSRS for a while now and I was active the entire time during Shattered Relics league. After the league finished I stopped playing for a bit and after I hadn't been on rs for almost a year. In May of this year I decided to get on after a while and noticed at the top of the login where it tells you when the account was last active it said something like 60 days ago. I knew for a fact that I hadn't touched runescape in almost a year so that struck me as odd. Then when I entered the game I was in the Ferrox enclave, no armor or anything on, No pin on my bank anymore, even though I never changed or removed it, and all of my items that were worth anything were gone... Including all of the things I bought using the Shattered relic points.

I have no Idea how my account was hacked.
I have 2 factor authentication enabled.
My email account never received any password change requests
I have never logged into OSRS with anything other than the Runelite Client or Jagex's Own client.
I had no idea how to get any support on this matter because I took every precaution and was still hacked. This honestly felt so violating, especially so because I was excited to get back into runescape but after this Idk if I can even trust ill have my items because I did everything in my power to stay secure and was still hacked... I waited a few months checking in around once a month to see if anyone logged back into my account or my player was moved but nothing was changed so I finally decided to ask.

How can I get hacked when I have two factor authentication, never logged into runescape except through the runelite or jagex client, Never linked any accounts and simply left it with the email only, never received a request to disable authenticator, and never received a password change request but after being away for almost a year and logging back in with the unchanged password, my account says I was logged in 60 days ago and all my things are missing?

30-Oct-2023 18:22:16 - Last edited on 30-Oct-2023 18:23:34 by Doobywoo

Malua
May Member 2006

Malua

Posts: 43,113 Sapphire Posts by user Forum Profile RuneMetrics Profile
Hi there
Doobywoo


Have you checked the 'Linked Accounts' tab (in account management)?
If you see any accounts linked in there, unlink them. Click on 'Manage Steam' to check for a linked Steam account.
It sounds to me like the hijack might have come through a linked account, in particular Steam. There was an insecurity found earlier this year with Steam linking to RuneScape accounts and Jagex closed down the ability to newly link Steam accounts for a while.

If your password was still the same, then I doubt the hijacker has access to your email.
If your Authenticator is still active, then I strongly suspect a linked account as the only other possibility is that your computer is compromised. But, if you have been inactive in RuneScape for months, an insecure computer is much less likely.

There are problems with Runelite from time to time when a hacker manages to upload a dodgy client to the web, making it appear to be the genuine Runelite. Jagex now have a direct link on this website to Runelite for players wanting to download the genuine client and it is recommended that players wanting Runelite use that link.

You noticed the hijacker has not returned. They wouldn't bother if they have stripped the account.

Have you considered upgrading your account/s into a Jagex Account?
The new Jagex Account was released earlier this year and its security protocol is much stronger than the old RuneScape accounts.
The Support Centre has a link to the Jagex Account Support Centre and information articles (at the top of the page).
Forum Community Helper -
Information about Moderators and Community Helpers

30-Oct-2023 23:10:42

Doobywoo

Doobywoo

Posts: 6 Bronze Posts by user Forum Profile RuneMetrics Profile
I just double checked linked accounts, and all that pops up is buttons to "Link" them which means that the account isn't already linked. So for that point there are NO linked accounts.

I have been using the official runelite client since I started so there is no chance that downloaded a runelite client that was dodgy since Its been on my desktop since the beginning.

My computer isn't compromised and even if it was, I have the Authenticator and that isn't connected to my computer in any way, so the authenticator should have stopped them considering it was well past the 30 days that you can select to "trust this computer" when the hacker last logged onto the account.

Again just to be clear.
1) I have no linked accounts. The only way to access my account is through my email and password.

2) My password was never changed so they were able to get into my account well past the 30 day "Trust this computer" check from the last time I played. Even if I had checked it the last day I played at the end of leagues, it would have reset that timer before that "60 days ago" activity that was recorded. Therefore somehow the hacker bypassed my 2factor authentication, even though I have no linked accounts.

3)I had been using the same official runelite client since the beginning. Never changed it so it isn't possible that that is the point where the hacker gained access. Again even if it was some kind of plug in that somehow stored password information, They still bypassed the authenticator without having any linked accounts.

When I originally noticed that my account was hacked, that was the first thing I looked up. "How did I get hacked with 2 Factor authentication" and the things I found mentioned linked accounts. I wasn't 100 % positive if I had had linked any accounts but I remember checking and finding that I had Nothing linked at all.

If the Jagex account had been released earlier I would have probably used that too, but at this point I cant even trust that either.

31-Oct-2023 11:08:28

Doobywoo

Doobywoo

Posts: 6 Bronze Posts by user Forum Profile RuneMetrics Profile
I am just confused and honestly feel violated. I did everything I could to keep myself safe and my account was still hacked.

It's not JUST that my items were taken, with enough time, I could get those back if I worked at it. It would be hard to trust that the account wouldn't be hacked again since they were able to bypass the 2 Factor authentication but I could still life with that...for the most part.

The thing that really hurts the most is the items I can't get back no matter how much I grind or work towards it. The points I gained after spending months in leagues are gone now. Everything I used to by transmog for the cannon, void Knight armor, the whip. Everything is gone. I can't grind it, I can't gain points back...

Sure I could just "buy" the transmog back...It might sound dumb but, it isn't "mine" at this point I didn't work for it anymore and it wont have as much meaning.

I'm not even begging for any items back even if that would make the sting hurt a little less. I honestly just want to know How my account was hacked and how 2Factor was bypassed even though I have no linked accounts.

How is it possible that the thing that was supposed to keep me safe was treated as if it was a hole in the wall rather than a locked door.

If I had done something to warrant risk by downloading suspicious links, linking any accounts, literally anything besides simply playing the game, I would still get it because I left myself open for possible hacking.

But I did everything in my power to make my account safe and all those safeguards were treated like they didnt exist. Its like finding out that the security vault you have been using was made out of cardboard rather than thick metal and could simply be walked through...

Jagex might have created a new "Secure account" but Idk if I can trust that when 2 Factor didn't stop a hacker, and passwords are still not Case Sensitive...

31-Oct-2023 11:27:07 - Last edited on 31-Oct-2023 11:28:44 by Doobywoo

PerYngve
Aug Member 2023

PerYngve

Posts: 8,195 Rune Posts by user Forum Profile RuneMetrics Profile
Wow, I thought it was basically impossible to hack an account with 2FA enabled. It would require the person to literally obtain your phone and look at the six-digit code. I am at a loss as to how that all happened with your security measures in place. I left RuneScape for years and came back to exactly where I left off. I'm sorry for your trouble. Hopefully, it all gets sorted or any confusion is resolved.
PerYng**

Spirits of Arianwyn

31-Oct-2023 14:12:56 - Last edited on 31-Oct-2023 14:13:45 by PerYngve

Mrs Ana

Mrs Ana

Posts: 9,010 Rune Posts by user Forum Profile RuneMetrics Profile
Original message details are unavailable.
Jagex might have created a new "Secure account" but Idk if I can trust that when 2 Factor didn't stop a hacker, and passwords are still not Case Sensitive... Jagex Accounts allow passwords to be case sensitive. Furthermore, it provides more security settings:

"SUPER-COMPLEX PASSWORDS

What's better than using all 26 letters of the alphabet and numbers 0 - 9? Being able to use all types of special characters such as ?, #, @, * & more! What’s more, Jagex Account passwords accept capitalisation which means you can r4Nd0m!Se your passwords to your heart's content ."

You may read their latest news here: JAGEX ACCOUNTS: NEXT STEPS

01-Nov-2023 16:00:42 - Last edited on 01-Nov-2023 16:02:28 by Mrs Ana

DigiRune

DigiRune

Posts: 3 Bronze Posts by user Forum Profile RuneMetrics Profile
I had 2 point Authentication on my email as well and somehow the hacker bypassed it and logged onto my account and charged like $300 worth of bonds jagex security is very flawed.

29-Dec-2023 14:48:38 - Last edited on 29-Dec-2023 14:50:57 by DigiRune

Tren
May
fmod Member
2003

Tren

Forum Moderator Posts: 92,683 Emerald Posts by user Forum Profile RuneMetrics Profile
@ DigiRune - If you need assistance with your issue, please create your own thread for that.

In the Community Led Support Forums, it is much easier to give everyone the help they are looking for if each user creates their own thread about their issue.

Every user's situation is somewhat unique, and it can get confusing as to which post is to which user, when more than one player is trying to get help on the same thread. Advice given to the original player may not apply in each case.

Also, when tacking your situation on to another player's thread, those helping may recognize the thread as one where the issue had already been solved, and may not notice that a different situation has been added to that thread.

Thanks
~Tren

Forum issues? ---> See Forum Help
Account issues? ---> See Account Help

29-Dec-2023 15:32:29

Quick find code: 408-409-4-66289554 Back to Top