Forums

Account hacked with 2FA

Quick find code: 408-409-84-66275590

PvM Erbium
Jul Member 2013

PvM Erbium

Posts: 9 Bronze Posts by user Forum Profile RuneMetrics Profile
Hi there,

today I noticed that my account was not where I left last time I logged in. Apparently there was suspicous activity on the 18th of February (I slightly notice a trend arround that date for many accounts sharing the same issue). I am a casual 28yo player who once a month logs in and does some monthly stuff yet I am member for multiple years and this account was more than 15 years old without any breaches at all.

Surely I had my authentificator enabled on my phone (and onlythe 30 days login was on my laptop, I highly doubt anybody entering my house for hacking a Runescape account, neither did I have any problems with my mail being hacked). I never loggin into Runescape (why should I.. I am nearly 30 years old) other than my home laptop, neither do I have any interaction with any other Runescape players through any platforms.

So how can this happen? Anything I could do to get some of my decade-long earned items back?

28-Feb-2023 22:35:57

Malua
May Member 2006

Malua

Posts: 43,113 Sapphire Posts by user Forum Profile RuneMetrics Profile
Hi there
PvM Erbium


Start by checking the 'Linked Accounts' tab in account management.
If you see any accounts linked in there, unlink them. Click on 'Manage Steam' to check for a linked Steam account. If the only linked account in there is one of your own, check the security of your linked account on its own website as it isn't secure.

If a hijacker enters a RuneScape account via a third party linked account, they can bypass all the Jagex security (Auth/password/Bank PIN).

If you find no linked accounts, the only other possibility is that you have been tricked into clicking on a dodgy link and have given permission to a hijacker to directly access your device. They have then used that access to get into your RuneScape account.

If this has happened, having your Auth set to the 30 day setting has been to the hijackers advantage. If they are in your device and you have your Auth already verified for 30 days, they didn't need an Auth code!
I do not recommend Auth being set to the 30 day setting. Asking for an Auth code at every login might have stopped the hijacker in this situation.

Dodgy links are not obvious. If they were, they wouldn't be so successful at tricking people.

I recommend you review your device, email and account security by working through the instructions on the Security tips support page. Those instructions are very thorough.

Unfortunately Jagex does not replace items/gp stolen during a hijack. You have to take your account as you find it and move forward from there. Hijackers can do significant damage, even to the point of completely destroying an account.
Forum Community Helper -
Information about Moderators and Community Helpers

28-Feb-2023 23:18:12

The contents of this message have been hidden

06-Mar-2023 21:45:45

The contents of this message have been hidden

06-Mar-2023 22:39:02

Twillow
Aug
fmod Member
2005

Twillow

Forum Moderator Posts: 49,500 Sapphire Posts by user Forum Profile RuneMetrics Profile
@Pete Meatza: Your post has been hidden because it contains incorrect information. Please do not hijack other threads to express your frustration regarding your own situation.

@archerarchr: Your post has been hidden because it does not help the author with his situation.
@Twillow_RS

For W71 Penguin locations starting January 24, 2024: www.reddit.***/r/W71PenguinWhisperers or @pengwhisper

06-Mar-2023 22:49:44

The contents of this message have been hidden

06-Mar-2023 22:51:00

Quick find code: 408-409-84-66275590 Back to Top