RuneScape Forum Archive | 2FA Account hacked 800mil gone

Dec

2023

Pete Meatza

Posts: 14 Bronze Posts by user Forum Profile RuneMetrics Profile

Re: Tron 2
My friend the issue isn't the account getting locked it's the fact that my entire bank account is gone. I was hijacked.

28-Feb-2023 14:40:00

Mrs Ana

Posts: 8,998 Rune Posts by user Forum Profile RuneMetrics Profile

Pete Meatza said :
I don't know how it would be possible for someone to have exposed my account from that... but it's worth mentioning. Connecting to a public Wi-Fi can be extremely dangerous as they aren't secured for the most part and anybody can connect to it. If someone hacks into it, they can see anything you do and have access to any login details (username/email address and password, for example) that are being sent through the public Wi-Fi network. That's why it is highly recommended not to use them if you value your personal details

. And if you MUST use them, a reputable VPN is recommended to safeguard those details.

But then again, using VPN to play RuneScape may have its adverse effects as well...such as the possibility of using a VPN that is widely recognized amongst the rule-breaking community or making it harder for your account to create a history that may be used when trying to recover it. Those accounts that use VPNs to play RuneScape are basically "ghosts" when it comes to account recoveries as Jagex is unable to keep a strong digital record of it.

28-Feb-2023 16:46:46

Dec

2023

Pete Meatza

Posts: 14 Bronze Posts by user Forum Profile RuneMetrics Profile

I'm aware it's not the best idea but the other question is... how would they access my account info if I never logged in? I only tried to load the app and it failed. To add to that, how would they get around 2FA? I haven't used mobile in months, there would have been a prompt to fill in the auth code. There should be at least two steps further down that I would have had to have taken for that information to be possible to obtain, in my mind. Instead, I wasn't even able to proceed.

I have so many questions...

28-Feb-2023 17:50:44 - Last edited on 28-Feb-2023 17:52:34 by Pete Meatza

Mrs Ana

Posts: 8,998 Rune Posts by user Forum Profile RuneMetrics Profile

Pete Meatza said :
The other question is... how would they access my account info if I never logged in? I only tried to load the app and it failed. To add to that, how would they get around 2FA? There should be two steps further that I would have had to have taken for that information to be freed up, in my mind.

So many questions... You don't necessarily have to log in for someone to steal your information. All they may have needed was for you to be on the Wi-Fi network in order for them to try to install malware into your device (computer/phone). From there, they can extract all the personal details that you may have. If they have access to your device, they can act as if it's you logging in. Furthermore, if you have the "Remember for 30 days" box enabled, it may be easier for them to get around 2FA.

28-Feb-2023 17:55:32 - Last edited on 28-Feb-2023 17:56:39 by Mrs Ana

Dec

2023

Pete Meatza

Posts: 14 Bronze Posts by user Forum Profile RuneMetrics Profile

But I don't have malware on my device. I scanned immediately after finding my account hijacked, it's entirely clean. And like I said, it wouldn't have remembered my 2FA passcode because I haven't been on mobile in months so it shouldn't matter if "remember this device for 30 days" was active. It's not like they can spoof the time on the phone to bypass that measure, that's going to be Jagex's side recognizing the MAC address of my phone.

28-Feb-2023 18:30:34

Forums

2FA Account hacked 800mil gone

Pete Meatza

Mrs Ana

Pete Meatza

Mrs Ana

Pete Meatza