RuneScape Forum Archive | Account hacked.White Phat gone

Gemini

Posts: 247 Silver Posts by user Forum Profile RuneMetrics Profile

Hello, I hope that a Jagex mod will read this story and respond to me.

This week has been very sad for me. I logged in to find that I had 2 Macro'ing offenses from June 10th and June 15th and that the account was permabanned. Let me first say, that I have never macro'ed or botted...this was a hijacker.

I appealed the June 15th one, saying that I was not in control of my account, which was accepted. (I was hoping they would both be cleared away, but apparently I have to appeal the June 10th one as well.) Anyway, the June 15th one being accepted made my account no longer "permbanned".

When I logged in today, I went to check the bank....the hacker had removed my bank pin, and my valuables were stolen...white partyhat, h'ween mask set, santa hat, 1billion gp, etc.

I don't even understand how all of this is even possible, considering I had a password...a two-way authenticator (my phone), and I had a 4 digit bank pin in place...

I really want to hear what happened from someone at Jagex, if they are able to investigate it.

I honestly have never cheated or shared my account info with anyone. I'm just someone who played a ton back in my college days, and then after graduating college, I moved to Japan and became an English teacher.. I would only log-in occasionally to refresh highscores, because I was on page 2 of the 'Attack' highscores, with an early 200mil exp in attack....I would never risk my precious account for macroing.... >.<

Anyway, the thousands of hours I put into slayer and runecrafting to buy a white partyhat, santa, mask set, and my 1billion coins were all taken....despite me having every security-precaution possible....

Is it possible to have items returned...is it possible to have this explained...I really would love to hear from a mod who has some time to look into my account....I'm feeling sick to my stomach from the loss.....I don't think I could have done anything better...but I was still robbed. Please help if you can.

Thank you,
Eric

22-Aug-2023 23:17:36

May

2006

Malua

Posts: 43,113 Sapphire Posts by user Forum Profile RuneMetrics Profile

Hi there

Gemini

In addition to your Bank PIN being removed, was your Authenticator removed also? and your password changed?
Or were the Auth and same password still active?

If you found your PIN removed, your Auth removed and your password changed, it means the hijacker has got access to your email.
Change the password to your email and set up a 2-step verification to protect it.

If your Auth and password were still active, then I don't get why the hijacker needed to remove your Bank PIN as they should have been able to get straight past that as well.
Log into account management and check the 'Linked Accounts' tab. Unlink any accounts you see linked in there. Click on 'Manage Steam' to check for a linked Steam account. If the only linked account you see is your own, it means your linked account is insecure on its home website.

When you appealed the ban successfully, Jagex would have realised the account was hijacked and they would have investigated to track and take action against the hijacker.
I am sorry but they will not return your stolen items/gp. You have to accept the account as you find it now and move forward from there.

I am not sure how long you have been inactive on your account but, earlier this year Jagex released the Jagex Accounts system. This is a much more secure account system and they are recommending players upgrade their old RuneScape accounts into a Jagex Account.
Information: Jagex Accounts FAQ

Forum Community Helper -

Information about Moderators and Community Helpers

23-Aug-2023 00:14:09

Gemini

Posts: 247 Silver Posts by user Forum Profile RuneMetrics Profile

Hello Malua,

Sorry for my late reply. I can answer your questions, I just wish the Jagex staff would look into my case and give me some answers too.

My password was unchanged.
Authenticator was still active.
The bank pin was removed.

No accounts were connected to my runescape account via linking... (no steam, or anything else)

My passwords for my e-mail and runescape have always been different from each other and stronger than normal passwords. I used to work at the helpdesk for IT concerns when I was in college, so I was more secure than most...

Regardless of having a good password / authenticator / bank pin, all 3 layers were passed through and my valuables were stolen.

I understand you are only trying to help by suggesting that I upgrade to a Jagex account system....but honestly, why am I taking more steps to continue further-strengthening an account that should have been unhackable....and to protect what.....my valuables are gone.

2 way-authentication SHOULD NOT be breachable by its very nature. The remaining possibilities don't look good, if I'm going to be honest....

-Jagex's servers and user information being potentially breached
-untrustworthy person within Jagex
-incompetent "Account recovery" person or automated system giving access to my account to someone trying to recover / steal my account.

Until I hear an explanation, I don't know what the truth is.

Also I watched DM diablo4 (youtuber)'s video about him also being hacked....He didn't have 2-way authentication, so he was not as secure as I was....and it turns out that Jagex is recovering all lost / stolen items for him... While I think that it's actually the right move to return stolen goods, it shouldn't be a streamer-privelage only.

I really do hope that a Jagex mod investigates what happened to my account and also offers the same opportunity to have my items returned. Starting from square 1, after spending thousands, if not tens of thousands of hours, gives me 0 motivation to continue.

04-Oct-2023 09:35:26

May

2006

Malua

Posts: 43,113 Sapphire Posts by user Forum Profile RuneMetrics Profile

I would like to add to your "remaining possibilities":
- insecure computer. Scan for malware
- hijacker has physical access to your Auth code generator and knows you well
- phishing or deception. A competent phish is very low key and unobtrusive. Players are often surprised and in denial that they have been phished

Two out of three of your list of "remaining possibilities" certainly haven't happened. One, I can tell just from your posts.

I followed up on that player you mention....Ugh O_o

When Jagex return items, they make sure the account had them to start with.
This is time critical as the log of bank contents/possessions is lost once 60 days has passed.

A key point in the hijack and use of your account is the fact that your Authenticator was still active. You are certain of this?
This does narrow down the list of "remaining possibilities" and my offered list is quite short because of this.

There is no need to report the hijack to Jagex now as you have already done so (via the ban appeal). They wouldn't have just unbanned your account, they would have also tracked the hijacker to take action against their account/s. The investigation has already happened.
If your items left your account more than 60 days ago, they are gone.

Forum Community Helper -

Information about Moderators and Community Helpers

04-Oct-2023 11:18:54

Gemini

Posts: 247 Silver Posts by user Forum Profile RuneMetrics Profile

I appreciate the time you've given me Malua, as well as your thoughtful replies.

You're additions to the 'possibilities' I listed are understandable.

- insecure computer. Scan for malware - Windows Defender and Norton Antivirus are what I've got to work with. I scan semi-regularly. No red flags with either of them.

- hijacker has physical access to your Auth code generator and knows you well. - Impossible since I moved to Japan 7 years ago to become an English teacher. I have my authenticator with me, and my wife is the only other one in the house.

- phishing or deception. A competent phish is very low key and unobtrusive. Players are often surprised and in denial that they have been phished.

- Next to impossible if not impossible for me. I'm aware that the human is often the weakest link in regard to security. I don't roam sketchy sites, or anything related to Runescape at all to be honest. I only logged into Runescape once every year or every other year just to update my character to be on the highscores. (I was in the top50 ranks of 200mil attack a long time ago)

That's why it was so shocking that when I logged in, in August, my password was still the same, I was prompted for my authenticator information, (as is normal), but then I was scared when I saw the permban message for botting.... After the permaban was removed, the worst fears were confirmed, my the bank pin was somehow removed, and then upon looking through my bank tabs, I was heartbroken that my 1bil+ gp, partyhat, h'ween mask set, santa, etc were all gone...

If you wanted to see my youtube video from 13 years ago, you can type "Gemini31337 christmas cracker". I traded 422mil for a white partyhat. It's a great memory and I'm glad its saved on youtube.

I don't know if Jagex would have rescued my items if I had acted within that 60 day window you mentioned. I had always thought they had a no-return policy until I saw that streamer.

Anyway, I wish you well Malua. I hope you take care.

05-Oct-2023 11:39:09

Forums

Account hacked.White Phat gone

Gemini

Malua

Gemini

Malua

Gemini