Forums

Account Hacked, impossible

Quick find code: 408-409-586-66101389

Sentoquest
May Member 2019

Sentoquest

Posts: 276Silver Posts by user Forum Profile RuneMetrics Profile
Hey guys,

Just looking for an insight more than a resolution.

I created a new account 2 days ago and purchased one old school Runescape bond for my account. Last night, that account was hacked and my money taken.

Now, I didn't have an authenticator set up nor a pin set (takes 7 days) because I'd only just set up the account and I've never been hacked in 15 years of playing Runescape.

Between creating the account and being hacked, I only entered the username once and then saved it. No key logger could have found that account name out through my entering it, though obviously you do have to enter a password each time on desktop.

I haven't been on any websites with suspicious malware on, nor downloaded anything, or anything similar. In addition, why would a new account be targeted as it would usually have very little on it?

I know I won't get the money back - I've set up an authenticator now and changed my password, that's fine. However, I am looking for someone who might have an explanation about how this hack was achieved? I want to know what to avoid in the future since I've avoided ANYTHING that I know of that could allow someone to hack the account.

I have never been hacked on anything ever in 20 years. It's so strange that I make a new Runescape account and spend money on buying gold from Jagex (BONDS) and get hacked within 24 hours. So, has there been a leak of information at Jagex? Either regarding who has purchased bonds or their account information, or similar?

My account name is known to only me and has only been entered into the OSRS client ONCE and then saved when I first logged in. How could someone, even getting my password through malware somehow, log in without those details? I want to know what to look out for for the future.

Many thanks,
Ben

19-May-2019 08:03:40

ToP BaSS
Apr Member 2009

ToP BaSS

Posts: 17,545Opal Posts by user Forum Profile RuneMetrics Profile
Sentoquest said:
I only entered the username once and then saved it. No key logger could have found that account name out through my entering it

Where did you save it?
Why could "No key logger could have found that account name"

Did you use any third party programs such as RSBuddy - OSBuddy?

Have you scanned your computer with Malwarbytes?

19-May-2019 08:30:02

Malua
May Member 2006

Malua

Posts: 31,850Sapphire Posts by user Forum Profile RuneMetrics Profile
Hi there
SentSent


In the past two days did you view any Runescape related Twitch streams, Youtube videos or go to any Runescape related Facebook pages?
Did you see any freebie offers e.g. giveaways, quitting giveaways, double exp signups?

Did you log in to Runescape via the official client or via a third part client?

It sounds to me like your login/password have been harvested either through a click on a dodgy link or via a third party program.
You don't have to have actually entered your login/password in, just clicking on the link is sufficient to allow access to your computer and ip address.

Examine your browser history over the past two days.
Do a review of your computer security: Securing your computer
Forum Community Helper -
Information about the Community Helper Team

19-May-2019 08:31:18

Sentoquest
May Member 2019

Sentoquest

Posts: 276Silver Posts by user Forum Profile RuneMetrics Profile
Hello,

Thanks for the helpful responses. I only use the original OSRS client from Jagex directly. I haven't watched and youtube videos, facebook videos nor clicked any links on any websites.

The only thing I can think of is I went on runehq.com because that used to be a good website for quest guides, but instantly realised before clicking on anything or following any links to guides, that this wasn't the same clean website that it used to be and clicked off immediately. I guess it must have been that, though I have never come across malware that can just download straight onto your PC by visiting the front page of a website from a Google search. I have also scanned my PC fully and found nothing.

Any other possible ideas? It's got me stumped and want to know if there's other things to avoid in the future, both for RS and for my other cyber security (I've now added the auth to RS to that's secure)

20-May-2019 11:57:01

Archaeox
Dec Gold Premier Club Member 2011

Archaeox

Posts: 46,881Sapphire Posts by user Forum Profile RuneMetrics Profile
Sentoquest said:
I guess it must have been that, though I have never come across malware that can just download straight onto your PC by visiting the front page of a website from a Google search.

Sadly 'drive-by' malware of this sort is entirely possible, and is often distributed through infected banner advertisements. Just opening the web page causes the script to run.

This is why a script blocking addon like NoScript for Firefox or Chrome (
https://noscript.net/
) is an essential security feature for browsing the web today.

~~~~ Just another victim of the ambient morality ~~~~
~~ Founder of the Caped Carousers quest cape clan ~~

20-May-2019 12:51:11 - Last edited on 20-May-2019 12:53:44 by Archaeox

EndingVII
Dec Gold Premier Club Member 2018

EndingVII

Posts: 34Bronze Posts by user Forum Profile RuneMetrics Profile
Can any Jagex mod help and look into my account please I think ive been hijack but I changed my password email and runescape after finding out that the "fake live stream" event at Twitch was fake. They had a video of jagex mods sitting with each other and a saying click here for dxp for 3 days. Sent me into a fake runescape website which look exactly alike. Ask for my email password which was already auto type in and my Authentication. Pls Jagex look into my account and this issues asap cuz many viewers for that stream. the stream stop after giving my information, but it was @May 20 around 11:30 am. Please look into my account and the issues so it wont happen too anyone else. It had 1000 viewers !!! not sure if it was real

20-May-2019 17:18:15

Quick find code: 408-409-586-66101389Back to Top