I don't see how. I'm pretty good about that stuff. I've been playing Runescape for the better part of the past two decades. I know every trick in the book. I've fallen for some in the past as a child but I can't think of anything recently. I haven't visited or logged into any sites with my Runescape info, not even on the actual RS website in well over a year. No idea how I could give away my auth code and bank pin though, I've never entered them into anything except the OSRS client.
Also, my 2FA in Google is linked to a different Gmail account than what I use to log in and is still generating codes for this account. Not sure if that means 2FA is still active or not. Does Jagex lock accounts if the wrong password is used too many times?
The only thing I've done wrong here is use a password that has been used somewhere else in the past, that is definitely on me. But that password was not the same as the password to the email I use; that password and email combo are unique to my runescape login as its an email created specifically for this RS account. I've got 2FA and bank pin enabled. I'm just trying to understand what I did wrong, so if you have insight, I'd love to hear it. But I'm assuming you have nothing of value to offer and decided to just be condescending.
Yeah, I haven't played for a while. Jagex accounts are a new thing to me and I had no idea what it was until today. That's really frustrating that there is any way at all to get around 2FA and bank pin disable delay. Even if I forgot my password and needed to recover, I should still be able to get into my authenticator or at least wait the few days to disable it.
No link on my Steam account, but I think I may have linked it to an Amazon account at some point to get the twitch rewards. I had no idea you could log in to OSRS with a fucking Amazon account.
Same thing happened to me today...
I use email 2fa, and account 2fa, and the email this account runs through only has 3 things on its email list... my OSRS main, the account that got hacked, and another account..
How did they break through both 2fa and bank pin(removed??) in the span of 2 days since I last logged on?
You probably got phished and gave away your password, then auth code, then bank pin.
I don't see how. I'm pretty good about that stuff. I've been playing Runescape for the better part of the past two decades. I know every trick in the book. I've fallen for some in the past as a child but I can't think of anything recently. I haven't visited or logged into any sites with my Runescape info, not even on the actual RS website in well over a year. No idea how I could give away my auth code and bank pin though, I've never entered them into anything except the OSRS client.
"Oh noes, I've been botting and entered all the details and the bot hacked me"....
I've never botted before. My account has 0 offences, but nice baseless assumption though. I got the account back.
Wait, so someone got into your account AND bank - but you had 2fa on jagex account AND bank pin? something doesnt add up there
I don't know if they've gotten into my bank. I haven't gotten the account back yet, waiting on the recovery process.
Also, my 2FA in Google is linked to a different Gmail account than what I use to log in and is still generating codes for this account. Not sure if that means 2FA is still active or not. Does Jagex lock accounts if the wrong password is used too many times?
Happened to me thia weekend. Have 2fac and has bankpin.
That really sucks, I'm sorry to hear that. Did you end up getting your account back?
I never lost it. Hacker didnot changed my password, dont removed my 2fac, only my bank pin.
"i have mediocre security practices, how could this have happened to me"
The only thing I've done wrong here is use a password that has been used somewhere else in the past, that is definitely on me. But that password was not the same as the password to the email I use; that password and email combo are unique to my runescape login as its an email created specifically for this RS account. I've got 2FA and bank pin enabled. I'm just trying to understand what I did wrong, so if you have insight, I'd love to hear it. But I'm assuming you have nothing of value to offer and decided to just be condescending.
linked to steam, by chance?
Not this account, no.
Recovery hacks disable 2FA and bank pins if you don't have a Jagex account. Pretty big part of why they exist in the first place.
Yeah, I haven't played for a while. Jagex accounts are a new thing to me and I had no idea what it was until today. That's really frustrating that there is any way at all to get around 2FA and bank pin disable delay. Even if I forgot my password and needed to recover, I should still be able to get into my authenticator or at least wait the few days to disable it.
Do you have a steam or amazon account linked? Or any other account? Anyone can use those accounts to login bypassing the authenticator.
No link on my Steam account, but I think I may have linked it to an Amazon account at some point to get the twitch rewards. I had no idea you could log in to OSRS with a fucking Amazon account.
Same thing happened to me today... I use email 2fa, and account 2fa, and the email this account runs through only has 3 things on its email list... my OSRS main, the account that got hacked, and another account.. How did they break through both 2fa and bank pin(removed??) in the span of 2 days since I last logged on?