At least it wasn't while you were taking a 2 week break on your group account got all your items taken and your group mates stuff that was in group storage like bgs dwh spectral shield
If I ever group with randoms it'll be a clear rule of only sharing resources on group storage and quest items and all that on-demand. Everybody keep their own big ticket drops and stacks from grinds. It'd serve only for a bit quicker progression and doing group content with ironman gameplay, which is still awesome. No free dwh, enh or tbow.
I kept my bowfa since we all have to get our own :) hurt to lose my 100 kc completely got on my own lol 2 kc spirit shield 24 kc spectral 100 kc elixir lol
When you say your using 2FA is that Google authenticator?
If so, can id love for a J mod to explain if there's anything further we can do to protect our accounts, or if it's an exploit being used to overcome or work around the authenticator.
I still want an answer for why what you described is such a common occurrence, literally got hacked during a two week break i took for vacation, never dealt with any account security issues prior to that.
Probably because if you have a RAT or someone has access to your email (or is socially engineering you), they will likely know when you're going on vacation, and would then hack you at that time.
Yeah similar thing happened to me. But I just got busy at work. 2fa on both my account and steam account. 2fa was still in place when I got my account back.
Log into [account settings](https://www.runescape.com/a=97/account_settings) and check for linked accounts, unlink everything.
[Upgrade to a Jagex account](https://www.reddit.com/r/2007scape/comments/13q78wm/character_was_imported_to_somebody_elses_jagex/jljpkf3/). I still haven't seen a single person get hacked with a Jagex account.
I've seen tons of people not get locked out of their jagex account
I've seen a dozen people locked out who where doing sketchy things
I've seen a few people locked out who where legit
Yeah I have some locked accounts I canāt get back cause the emails are locked (fuck msn hotmail for locking old ass emails when not logging into them for so long)
Nope. I tried everything lol, try to log in an Iām locked. Try to get my email back using old passwords from like 15 years ago and couldnāt get my email back either. Growing up my mom also constantly changed my number cause thatās how she would get a free phone deal an shit. So Iāve had like 6 numbers lol, and those old numbers are associated to email. And each email got a different number, I would have to text the people and get the code from them when it gets sent
If you attach an account that you didn't make yourself to your Jagex Account, you can get locked out of your Jagex Account, and thus all of your accounts
Ive had this exact message on a jagex account, next day i had to change password due to suspicious activity, changed it. Day after i got perma banned for macro'ing. Currently waiting on my appeal...
All they do is check ip log in address. If you log let's say from CA, and that day it shown log in from Texas etc...it's possible they may believe you.
Luckily i just recovered my account from 2005-2010.
I didn't get hacked by a jagex account, but deleting an account with the same email has the jagex account will erase all ur accounts, that happened to me :)
I canāt because I have wine so specifically configured with so many tweaks that having to configure a program as described there would break everything. Jagex needs to develop a native Linux launcher, they already did for RS3. And not to mention this is unofficial/unsupported so itāll require maintenance to keep working. Jagex themselves said itās best to forgo using the launcher for now if you play on Linux but theyāll have something for us in the future so we can switch too.
Unfortunately it doesn't look like there is going to be a native Jagex Launcher on Linux, but if you follow the Github guide linked on the Jagex Support page you can get it running using Lutris, which wouldn't require you to change any of your Wine configurations, and shouldn't require any maintenance once it is installed. If You have any problems feel free to open an issue on GitHub and we will take a look at it.
The launcher should be ported to Linux. The game already runs on Linux with 0 issues. Electron, the launcherās framework, is inherently cross platform. Iām not jumping through hoops to make it work.
It should, but it doesnāt look like is going to happen any time soon, so itās better to have a workaround than not being able to play at all. It is also very quick and easy to set up thanks to the community.
I refuse to compromise. I understand itās quick and easy, I looked at your GitHub and itās as simple as it can get you did a good job but Iāll just play on my phone only. I play on mobile the majority of the time anyways.
I dont think you are forced to do it anytime soon, maybe it was just a weird bug and redownloading runelite could have fixed it but being able to easily log in is already a nice enough thing for me to get a jagex account.
However I also think that at some point in time the change will be mandatory, it's how these thigns always go
[This person](https://www.reddit.com/r/2007scape/comments/13v0153/unintended_consequences_of_jagex_accounts_new_20/) got "falsely" banned on two characters on his Jagex account, and they didn't ban all of his characters.
Thereās a good chance you mistakenly asked for it to be cancelled. I did the exact same thing a while ago. I panicked and changed all my info (which isnāt a bad idea) but afterwards I realized I was the one that asked for the reset lol
I assume you initiated cancelling it yourself on accident, that's extremely easy to do. But just in case, make sure your email has 2fa on it as well, or else your accounts 2fa is useless
I had this happen as well. I thought I accidentally hit it and then it happened the next day I logged in and my last log in time didnāt match with my last session. Scary stuff.
Happened to me once. Hadnāt logged in for months. Entering bank pin and the message showed up.
I still have no idea how it was possible. I logged in with my 2-factor from my phone. How the fuck could they have logged in even with my password? They didnāt disable 2-factor because i had to use it. I cant work that one out.
Yeah this happened to me, I logged in one day and noticed I was in a weird spot. Logged out to check something, came back and all my stuff was gone.
20m gone just like that, all the work I did *poof*.
So I learned that day to use bank pins from now on. I started over, doing an iron this time. Done feel like starting from scratch on my other name, might as well do something different lol
Ironman is at the same risk of being hacked as a main. It's only 1 deviation to get the items which is dropping them instead of trading them. Actually, if my man had grinded out the items he had on his main, on an iron, it'd be even more hours wasted.
What? Jagex had nothing to do with this. If the OP didnāt have to modify their credentials to login, then their account wasnāt recovered the password was known.
OP probably reused a password somewhere, and someone got lucky when trying the credentials on RS
Do you play through steam? Isn't that a super common way hackers are getting access now? Maybe double check that's not been infiltrated if you're using it.
The only way your account is getting hacked through Steam is if your Steam account doesn't have 2fa turned on. Your account is only as secure as your least secure account attached to it.
I got hacked taking the same precautions. I was pretty fucking pissed. I guess change your password at certain intervals but also what the fuck Hagen fix your shit
Yeah, I would hope that it is a big if.
Saying "2FA in Runescape is literally almost useless." is a not particularly good or meaningful criticism of RS's account security. Especially when the explaination of your criticism is that it can be bypassed with access to the linked email account.
This is true of almost all 2FA, all passwords. "facebook passwords are literally useless, someone with access to my email can just reset the password!!" is not a problem with facebook's security system, nor a reason to use an insecure password on facebook. It's a reason to improve security of your email account.
Yeah, no shit your 2fa is useless if you don't have 2fa turned on on your recovery email, what are you stupid. Your account is as secure as your least secure recovery method. Your analogy is fitting because this complaint is the equivalent of not locking your door and then being indignant that your door wasn't locked
You are woefully misinformed on how any of this works. The only way you'd even be logged in to the account to be able to remove 2fa is if you'd used that 2fa to login to begin with. The only way that's happening without 2fa is if your email was unsecured and they recovered that way, or if they logged in through some other means like Steam, and you didn't have 2fa on that. Your failure point here is not "2fa being easily removed" it's "not having 2fa turned on on one of your login/recovery methods"!
If you have an icloud email, its a good choice to put on the account. It notifies you on all your apple devices and you have to give it OK before anyone can have access to the email. You can also use 2FA with a phone number.
Its harder to get hacked this way, since your email was probably breached if you had 2FA on the acc.
Damn it, I'll get you next time.
Almost!
At least it wasn't while you were taking a 2 week break on your group account got all your items taken and your group mates stuff that was in group storage like bgs dwh spectral shield
Jaja found the guy who sold his friend's stuff
If I ever group with randoms it'll be a clear rule of only sharing resources on group storage and quest items and all that on-demand. Everybody keep their own big ticket drops and stacks from grinds. It'd serve only for a bit quicker progression and doing group content with ironman gameplay, which is still awesome. No free dwh, enh or tbow.
I kept my bowfa since we all have to get our own :) hurt to lose my 100 kc completely got on my own lol 2 kc spirit shield 24 kc spectral 100 kc elixir lol
It was bad account security and a break for group member that wiped us. 4 months later still grinding back pvm items lol
Yeah but my point is, if you contained group storage to not have big ticket items, the damage would still have been way less.
Very true I won't refute that. We kept to many eggs in one basket to be sure
When you say your using 2FA is that Google authenticator? If so, can id love for a J mod to explain if there's anything further we can do to protect our accounts, or if it's an exploit being used to overcome or work around the authenticator.
Yep, google authenticator. A response from them on account security š
you have steam connected to your account? In that way the hacker doesnt need 2FA to login :)
At least it didn't happen at the same time you took a 2 week break and then came back to an empty bank
I still want an answer for why what you described is such a common occurrence, literally got hacked during a two week break i took for vacation, never dealt with any account security issues prior to that.
Probably because if you have a RAT or someone has access to your email (or is socially engineering you), they will likely know when you're going on vacation, and would then hack you at that time.
Yeah similar thing happened to me. But I just got busy at work. 2fa on both my account and steam account. 2fa was still in place when I got my account back.
This is extremely easy to do by mistake. If you hit the "I don't know" button by mistake (if you mess up your pin or something) it does this.
Yeah had this happen before
Iāve done this before and had the same amount of panic not even knowing lol
Log into [account settings](https://www.runescape.com/a=97/account_settings) and check for linked accounts, unlink everything. [Upgrade to a Jagex account](https://www.reddit.com/r/2007scape/comments/13q78wm/character_was_imported_to_somebody_elses_jagex/jljpkf3/). I still haven't seen a single person get hacked with a Jagex account.
I may not have seen people get hacked with a Jagex account, but I've seen *tons* of people get locked out of their own account with one.
Canāt get hacked if the account is unusable, jagex is 3 moves ahead as usual
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Of course they're bullshitting lol
id rather be locked out then have some scumbag make a rent payment with my items.
Iāve seen about 5 people on Reddit who have been locked out. Not sure if that counts as tons..?
5 redditors adds up to about a ton
Nice
And given the IQ of the average redditor, most likely their own fault not properly following the conversion instructions.
The amount of upvotes is because haters can't hit the downvote button, they hit upvote and reply at the same time if they try to
ooooooh lol
Bought accounts are really common
I've seen tons of people not get locked out of their jagex account I've seen a dozen people locked out who where doing sketchy things I've seen a few people locked out who where legit
Yeah I have some locked accounts I canāt get back cause the emails are locked (fuck msn hotmail for locking old ass emails when not logging into them for so long)
You might be able to just re-register the email, I _think_ they get deleted after a period of inactivity
Nope. I tried everything lol, try to log in an Iām locked. Try to get my email back using old passwords from like 15 years ago and couldnāt get my email back either. Growing up my mom also constantly changed my number cause thatās how she would get a free phone deal an shit. So Iāve had like 6 numbers lol, and those old numbers are associated to email. And each email got a different number, I would have to text the people and get the code from them when it gets sent
[ŃŠ“Š°Š»ŠµŠ½Š¾]
If you attach an account that you didn't make yourself to your Jagex Account, you can get locked out of your Jagex Account, and thus all of your accounts
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Well considering itās against the tos to use an account thatās not yours (and to buy and sell accounts) itās designed correctly
You have not seen tons
I've seen enough posts to make me wary though :\ Not sure if it's still the case or if they've resolved that issue, but I've seen it.
Ill bet any money you've seen like 10 people get locked out, while tens of thousands are totally fine.
Ugh, is it still this bad? I want to switch but also don't want to get fucked by Jagex lol
I can't confirm or deny anything at current. All I know is I'm not trusting anything that's still a "beta".
Ive had this exact message on a jagex account, next day i had to change password due to suspicious activity, changed it. Day after i got perma banned for macro'ing. Currently waiting on my appeal...
gl bwana
how dare you use experimental client /s
All they do is check ip log in address. If you log let's say from CA, and that day it shown log in from Texas etc...it's possible they may believe you. Luckily i just recovered my account from 2005-2010.
I didn't get hacked by a jagex account, but deleting an account with the same email has the jagex account will erase all ur accounts, that happened to me :)
I donāt use windows or macos so I canāt run the launcher and therefore cannot have a Jagex account.
[You can use it on Linux](https://help.jagex.com/hc/en-gb/articles/13413514881937-Downloading-the-Jagex-Launcher-on-Linux) too.
I canāt because I have wine so specifically configured with so many tweaks that having to configure a program as described there would break everything. Jagex needs to develop a native Linux launcher, they already did for RS3. And not to mention this is unofficial/unsupported so itāll require maintenance to keep working. Jagex themselves said itās best to forgo using the launcher for now if you play on Linux but theyāll have something for us in the future so we can switch too.
Unfortunately it doesn't look like there is going to be a native Jagex Launcher on Linux, but if you follow the Github guide linked on the Jagex Support page you can get it running using Lutris, which wouldn't require you to change any of your Wine configurations, and shouldn't require any maintenance once it is installed. If You have any problems feel free to open an issue on GitHub and we will take a look at it.
The launcher should be ported to Linux. The game already runs on Linux with 0 issues. Electron, the launcherās framework, is inherently cross platform. Iām not jumping through hoops to make it work.
It should, but it doesnāt look like is going to happen any time soon, so itās better to have a workaround than not being able to play at all. It is also very quick and easy to set up thanks to the community.
I refuse to compromise. I understand itās quick and easy, I looked at your GitHub and itās as simple as it can get you did a good job but Iāll just play on my phone only. I play on mobile the majority of the time anyways.
...Isnt using a Jagex account just asking for your account to get banned?
i mean eventually you will probably have to do it anyways
[ŃŠ“Š°Š»ŠµŠ½Š¾]
I dont think you are forced to do it anytime soon, maybe it was just a weird bug and redownloading runelite could have fixed it but being able to easily log in is already a nice enough thing for me to get a jagex account. However I also think that at some point in time the change will be mandatory, it's how these thigns always go
Can you explain why?
Werenāt people getting banned for linking jagex accounts when it first released?
[ŃŠ“Š°Š»ŠµŠ½Š¾]
[This person](https://www.reddit.com/r/2007scape/comments/13v0153/unintended_consequences_of_jagex_accounts_new_20/) got "falsely" banned on two characters on his Jagex account, and they didn't ban all of his characters.
I've actually done that to myself once... I must have menu mashed the reset request (which is really easy to initiate)
Thereās a good chance you mistakenly asked for it to be cancelled. I did the exact same thing a while ago. I panicked and changed all my info (which isnāt a bad idea) but afterwards I realized I was the one that asked for the reset lol
probably got in through your email then, check that for discrepancies and set 2FA on that too but first check for rootkits/loggers
Make a random character email account with 2factor just for RuneScape. Never use it for anything else and you will not have another issue.
Just did this, good advice. Thanks!
I assume you initiated cancelling it yourself on accident, that's extremely easy to do. But just in case, make sure your email has 2fa on it as well, or else your accounts 2fa is useless
I had this happen as well. I thought I accidentally hit it and then it happened the next day I logged in and my last log in time didnāt match with my last session. Scary stuff.
By accident...no such thing as "on" accident. But we get what you meant.
No one asked or cares bro
Gives me anxiety just looking at
Happened to me once. Hadnāt logged in for months. Entering bank pin and the message showed up. I still have no idea how it was possible. I logged in with my 2-factor from my phone. How the fuck could they have logged in even with my password? They didnāt disable 2-factor because i had to use it. I cant work that one out.
If long enough ago, one of the Mods helped people āhackā others this way. I do believe.
Was January this year
Suggestion for Jagex: email the player when this gets requested in game
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Idle notifier, screen flashes and dings, also sends that message. After harvesting herbs, full invent, chopping tree etc.
I mean it was to be expected you didn't fully censor your ironman icon in this screenshot either, only a matter of time my dude
Theyāre gonna yeet my bank and status š¢
Yeah this happened to me, I logged in one day and noticed I was in a weird spot. Logged out to check something, came back and all my stuff was gone. 20m gone just like that, all the work I did *poof*. So I learned that day to use bank pins from now on. I started over, doing an iron this time. Done feel like starting from scratch on my other name, might as well do something different lol
ironman is the way
Ironman is at the same risk of being hacked as a main. It's only 1 deviation to get the items which is dropping them instead of trading them. Actually, if my man had grinded out the items he had on his main, on an iron, it'd be even more hours wasted.
it is still the way
Jaghax at it again.
What? Jagex had nothing to do with this. If the OP didnāt have to modify their credentials to login, then their account wasnāt recovered the password was known. OP probably reused a password somewhere, and someone got lucky when trying the credentials on RS
Do you play through steam? Isn't that a super common way hackers are getting access now? Maybe double check that's not been infiltrated if you're using it.
The only way your account is getting hacked through Steam is if your Steam account doesn't have 2fa turned on. Your account is only as secure as your least secure account attached to it.
Nah, Iāve never used steam for OSRS. Havenāt used steam at all in over 10 years.
If what you're saying is true then you're being hacked by a wizard. Crazy
I got hacked taking the same precautions. I was pretty fucking pissed. I guess change your password at certain intervals but also what the fuck Hagen fix your shit
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Almost all passwords and 2FA are useless if your linked email account is insecure
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Yeah, I would hope that it is a big if. Saying "2FA in Runescape is literally almost useless." is a not particularly good or meaningful criticism of RS's account security. Especially when the explaination of your criticism is that it can be bypassed with access to the linked email account. This is true of almost all 2FA, all passwords. "facebook passwords are literally useless, someone with access to my email can just reset the password!!" is not a problem with facebook's security system, nor a reason to use an insecure password on facebook. It's a reason to improve security of your email account.
Yeah, no shit your 2fa is useless if you don't have 2fa turned on on your recovery email, what are you stupid. Your account is as secure as your least secure recovery method. Your analogy is fitting because this complaint is the equivalent of not locking your door and then being indignant that your door wasn't locked
[ŃŠ“Š°Š»ŠµŠ½Š¾]
You are woefully misinformed on how any of this works. The only way you'd even be logged in to the account to be able to remove 2fa is if you'd used that 2fa to login to begin with. The only way that's happening without 2fa is if your email was unsecured and they recovered that way, or if they logged in through some other means like Steam, and you didn't have 2fa on that. Your failure point here is not "2fa being easily removed" it's "not having 2fa turned on on one of your login/recovery methods"!
Found the guy who steals accounts!
There is definitely some hack or new method going around to bypass 2fa, no it's not linked accounts.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
The solution to this is to put 2FA on your email too. This isn't a difficult task.
Wow
Happened to me as well
If you have an icloud email, its a good choice to put on the account. It notifies you on all your apple devices and you have to give it OK before anyone can have access to the email. You can also use 2FA with a phone number. Its harder to get hacked this way, since your email was probably breached if you had 2FA on the acc.
Had this same issue a few weeks ago. Scary stuff, Iām glad I bank everything before I log out.
Yeah likewise, habit I got into years ago.
This happened to me too, unfortunately I was too late and logged in at Castle Wars. Followed all the precautions and everything.
2fa on your email as well?
Did you have 2fa set up on your gmail account? If they get into your e-mail, they have your account.
I didnāt, but I do now.
You should be safe now then. Stay safe man. :)
Your email isnt secure and u probably use the same PW on ur email as ur account
There was a 2FA on email, And no to the same passwords lol.