Forums

Is getting hacked just normal?

Quick find code: 408-409-25-66107395

of 2
dark_laser30

dark_laser30

Posts: 6Bronze Posts by user Forum Profile RuneMetrics Profile
Hey everyone,

I am a returning player from over 15 years ago that could not remember his login details so I started fresh about a month ago and signed up as a member.

I logged on today, after not logging in yesterday, and my GP was at 0, and several of my items had been sold on the Grand Exchange.

I am an adult and have never logged in on a weird site or had someone ask for my password. I've literally just had it downloaded on my MacBook and I log on there. So the idea of me compromising my own account is next to 0.

Without having this happen before, it seems from reading I am supposed to just lose my items and GP and move on? Will support track my items and give it back? I can't possibly envision spending money on this game if it can be hacked so easy and the items won't be returned.

Any advice?

24-Jun-2019 23:51:08

Moneybucks
Nov Gold Premier Club Member 2018

Moneybucks

Posts: 7,835Rune Posts by user Forum Profile RuneMetrics Profile
Your underlying assertion that it's easy to get hacked is wrong. You start from a position of security by default, and your account only becomes compromised as a result of some action or mistake you made. It is, however, quite likely that you didn't realise you made it, as a lot of common scams and attack methodologies are quite mature, and effective simply because they're indistinguishable from the reall thing.

There are plenty of resources to help you protect your account - I recommend bank PIN and authenticator, the combination of which goes a significant distance to preventing a lot of common attacks. On top of this, make sure you're affording your email account as much protection as you do your Runescape (or any) account - if someone has your email compromised, they can do anything they like to recover your account, change its password, disable authenticator, etc.

Jagex don't return lost items as a result of being hacked - your account security is your responsibility. Suggest you read through this board, and some of the stickies (there's a good one in the General board), and read up a bit on common social engineering methodologies. And make good use of the various tools you have to secure your account, like MFA, bank PIN, password vault etc etc.
Moneybucks

25-Jun-2019 00:31:38

dark_laser30

dark_laser30

Posts: 6Bronze Posts by user Forum Profile RuneMetrics Profile
I appreciate the reply but have a problem with the notion that my account is 100% secure on the Jagex side and this still happened. I think that is a very easy thing to say and a harder thing to prove. I'm sure if I scoured the forums I would find other posters who have not entered their passwords anywhere else other than the game itself and have been taken advantage of. For my job, I handle very sensitive material frequently so I am well aware of how you can expose yourself to hacks and how to avoid them.

If it is the case that I am not returned my items, I am sure Jagex will just patch whatever was vulnerable in the future and no one will hear a thing.

Moneybucks said:
Your underlying assertion that it's easy to get hacked is wrong. You start from a position of security by default, and your account only becomes compromised as a result of some action or mistake you made. It is, however, quite likely that you didn't realise you made it, as a lot of common scams and attack methodologies are quite mature, and effective simply because they're indistinguishable from the reall thing.

There are plenty of resources to help you protect your account - I recommend bank PIN and authenticator, the combination of which goes a significant distance to preventing a lot of common attacks. On top of this, make sure you're affording your email account as much protection as you do your Runescape (or any) account - if someone has your email compromised, they can do anything they like to recover your account, change its password, disable authenticator, etc.

Jagex don't return lost items as a result of being hacked - your account security is your responsibility. Suggest you read through this board, and some of the stickies (there's a good one in the General board), and read up a bit on common social engineering methodologies. And make good use of the various tools you have to secure your account, like MFA, bank PIN, password vault etc etc.

25-Jun-2019 00:39:09

dark_laser30

dark_laser30

Posts: 6Bronze Posts by user Forum Profile RuneMetrics Profile
Furthermore, I just ran my monthly scan early and there are no signs of viruses, malware, key-loggers or anything of the sort. Furthermore not pointing to my end as I've never even received anything asking me to log in with this account.

25-Jun-2019 01:31:22

ToP BaSS
Apr Member 2009

ToP BaSS

Posts: 17,642Opal Posts by user Forum Profile RuneMetrics Profile
Did you have a unique account name?
Did you have a unique Password?
Did you have Authenticator?
Did you have a Bank Pin?
Did you have a 2 Step Email login?
Did you login to your account on anything other than your home network?
Did you download any client other than RS Official Client?
Did you scan your computer with Malwarebytes?
Did you follow any offsite link to log into RS?

25-Jun-2019 01:39:42 - Last edited on 25-Jun-2019 01:41:50 by ToP BaSS

dark_laser30

dark_laser30

Posts: 6Bronze Posts by user Forum Profile RuneMetrics Profile
Yes on unique name, and password. I did not utilize other security measures such as authenticator and bank pin as I was not being careless with my acct so I did not want to burden my playing experience.

I only used a single computer (MacBook) for logins and only on my home network. I have only ever used the RS Official client for playing.
I have scanned my computer twice just today for malware or keylogging with no results.

I wish there was a simple thing to point to in regards to how this happened. Sure I could have done more, but it's not like I was botting or buying GP.

ToP BaSS said:
Did you have a unique account name?
Did you have a unique Password?
Did you have Authenticator?
Did you have a Bank Pin?
Did you have a 2 Step Email login?
Did you login to your account on anything other than your home network?
Did you download any client other than RS Official Client?
Did you scan your computer with Malwarebytes?
Did you follow any offsite link to log into RS?

25-Jun-2019 02:29:51

Ladyolake
Jan Gold Premier Club Member 2008

Ladyolake

Posts: 3,931Adamant Posts by user Forum Profile RuneMetrics Profile
You really need 2f on your email an authenticator on your account.

In todays internet word, just clicking a link can sometimes give someone
total access to your computer and account.

A Bank Pin is a must.. it is such a secure piece of info even Jagex mods do
not have access to them and cannot even take them off an account early.

is getting hacked just the normal...no its not... I have many accounts, my
children (6) have many accounts, and my husband also.. No hijacks.

A person just guessing your password would be astronomical.

Not trying to put you down or anything but if it were Jagex not being secure
then thousands of people would be on here just raising hell.

people do not log in daily to say " oh hi, my account was secure when i logged
in and everything is fine"

Only when there is a problem do people hop onto community led account help.

And as for your items... yes you just have to rebuild, Jagex does not replace
items due to hijacks or scams.

Sorry all this had to happen.. I would suggest to take a deep breathe and then
try to figure out the weak link in your security and move on from there.

Lots of people here can help you if you just try to work thru all the "what ifs"
and "maybes" to try to figure out the problem

Best of luck

ladyolake
The richest person is not who has the most. It is who Needs the least.

25-Jun-2019 02:43:25

dark_laser30

dark_laser30

Posts: 6Bronze Posts by user Forum Profile RuneMetrics Profile
I appreciate the reply LadyOLake. The most frustrating thing is what everyone is saying above makes perfect sense. You are all right and my point is, none of it is really news to me.

I understand I could have added more security to my acct but as I was secure with my browsing activity I didn't really need to be too concerned I felt. I highly doubt my computer is hacked and the most valuable thing is my Runescape haha.

At this point, it is about 20m worth of GP that was taken from my counts. Although that isn't a ton for some people, that is what I had to spare after a month. I'm still not sure why they didn't clear out everything from my acct.

It seems something like simple GP should be incredibly easy to track and recover. It doesn't quite make sense why they wouldn't from a business standpoint.

25-Jun-2019 02:55:16

Ladyolake
Jan Gold Premier Club Member 2008

Ladyolake

Posts: 3,931Adamant Posts by user Forum Profile RuneMetrics Profile
Sometimes just clicking a link.. and not even putting info in is enough to
give someone control of your computer.

And to be honest if that happened all the security in the world may not
have helped you.

Jagex can track the gp but lets put it like this. A scenario... the person
purchased a staff of sliske with your gps. They then sold it for 3 mil cheaper
to someone else. So now if your gps are taken from the person who bought
the staff cheaper than normal who is completly innocent.... How is that
fair to that person.

Jagex had in the past for a short time gave items back.. only to find when they
did it people got even more lax on security and people lied about getting hijacked
or had friends in far off places just get their items so that they could get the
items back too. And just to reproduce items and gp would demolish the economy
worse than it is.
The richest person is not who has the most. It is who Needs the least.

25-Jun-2019 03:10:51

ToP BaSS
Apr Member 2009

ToP BaSS

Posts: 17,642Opal Posts by user Forum Profile RuneMetrics Profile
dark_laser30 said:

It seems something like simple GP should be incredibly easy to track and recover. It doesn't quite make sense why they wouldn't from a business standpoint.


Your GP may have been used to purchase items from other players for instance. It would not be fair if the other players were penalised with a loss if Jagex were to take back the GP.

The "business standpoint" is common sense. If it were so easy for players to regain lost or stolen items and GP then there would be no incentive to keep a secure account. it would also tempt some to manufacture hijackings to their gain and benefit.

You agreed to the following...
Your account and license
You are responsible for the activities of all persons who use your password to gain access to your account.

No matter which way you cut it your account was accessed by use of your account name, password, the access aided by lack of bank pin and authenticator. How exactly is unknown but you really need to trace where your lack of security lies.

25-Jun-2019 03:14:32

Quick find code: 408-409-25-66107395Back to Top