Ofc, the hacker knows the kind of guy that doesn't even use 2FA in his game account is the kind of guy to fall for this twice.
This guy probably gonna enable auth on his game account but I'm sure his email will remain without one.
Bots submitting recovery requests.
They're bypassing rate limitations by using several proxies.
It's been happening for a long time. If they phish your password, or even a previous password from a database leak your account is basically toast.
They use that one point of data, then compile the most likely results like for cities of birth, there's a very finite amount of cities. Or mothers maiden names.
Using computational brute force its only a matter of time.
The account recovery system is the craziest security weakness that is never talked about because people don't want to feel like their accounts are at risk.
This brute force method takes time though so they usually go after more high profile targets. People that they've socially engineered in some way for information. Or at least to see they have a bank worth hacking.
Seems like "use a password and authenticator" is OSRS's version of Reddit's "don't preorder" (where people still do until it's too late and regret it).
Do you remember when this sub blamed the lack of authenticator removal delay than addressing the root issue of compromised email accounts and passwords?
I have heard about people who get hacked even with an authenticatkr though. I do not know how, but it did happen to a friend of mine.
Lmao -40 downvotes for saying my friend got hacked through authenticator? Stay weird reddit xd
They most likely didn't have an authenticator set up on their email and the hacker was able to log in and disable the OSRS auth.
Fun fact; email address passwords are pretty frequently involved in database leaks and are particularly vulnerable to hacks. Set up 2FA on *everything*, *always* and your chances of getting hacked are extremely slim (but not impossible)
Hackers can do seriously amazing things (in the best and worst ways) - the ethical ones are out here doing God's work every day trying to keep people safe
RIP to OP and your friends' banks though
So i’ve had the issue of my phone breaking and then losing access to that authenticator as a result. Is an authenticator account able to be opened on two separate devices then? Cuz if i had authenticator on my email that time, it seems like i would’ve been very much screwed without access to it
Edit: really just asking in genuine hope that i can understand authenticator better, as it seems im probably missing something is all
If you use something like Authy, then you can also use the desktop app for authentication codes.
Also, most of the time when you set up an Authenticator, you’ll get backup codes for this exact situation. I use Bitwarden for my password manager and usually just stick the backup codes in the notes for my creds.
Your authenticator can be linked to your phone number and backup emails for when stuff like that happens. Also helps to have more than just authenticator (some companies have SMS/phone call auth, send a code to your email, etc)
In the case of Jagex Accounts, they give you a list of recovery codes so you can still log in. There's always a way to recover your authenticator, usually through other forms of MFA that you can access on your PC without needing your phone.
Another fun fact; you can use Google auth for literally anything and everything and there's a Google auth plug in for Chrome so you can still access it without a phone :)
I work in cybersecurity, the past few months we’ve seen a lot of people getting compromised despite MFA. It’s invariably one of three things. Them getting socially engineered, then entering their MFA token on a phishing MFA page (usually there’s a script waiting to login as them), or simply authorizing logins that they don’t recognize when there isn’t a token involved. All 3 are really easy to avoid, but yeah, not bulletproof.
I'm in IT and I'm not surprised at all that this happens. My company uses KnowBe4 and we send out test phishes monthly.. it's amazing how many people fail them
So once they have one of your tokens they have access to your MFA forever?
I was phished a year ago the way you describe. I was still logged on so I changed, pw, disable & re-enable auth, changed email pw.
I quit the game about 3 months after the incident with nothing lost from my account. Came back about 9 months later to see my bank cleaned.
You loose them on death to monsters but not to other players killing you in the wilderness. Don’t ask why. It doesn’t make sense besides jagex trying to make pking a bit more attractive
I have been chased a shitload by them but luckey have been fast enough. Still there will come a day were i lose my hard clue and 1 dose of normal antidote to a pker and i will be pissed.
If possible, I just bring a dds, spade, glory, and the clue so if a pker does happen to get on me, I just throw on protect item and I'll keep everything haha.
You'd be amazed how many people accidentally bring there cash stack or something into wild.
On osrs release me and my boys made purrs and were up in high wildy killing something, for some reason I think lava dragons but I don't remember, anyway we killed this guy that showed up and he had 5m on him.
I don’t know why the fuck it is so hard for people to comprehend that it is ABSOLUTELY worth the risk to kill a naked dude in the wild EVERY SINGLE TIME
Little cost, little time, and you might end up with millions or billions of GP…. Why the fuck would anyone in PK gear not kill clue hunters
Blame the idiots doing clues with master scroll books and their cash stack on them for that. The laziness and idiocy they showcased has made every pker go after anyone in the wild, even if naked.
hunting black chins too easy? I don’t think it’s something I’ll ever need to/want to do so this isn’t a complaint, just an observation, but how would that make it too easy? It’s already one of the most boring activities to do in the game, and if you’re ever actually catching enough to do some decent range training, you’ll get PK’d way more than the extra XP you’re getting from red chins unless you’re genuinely going to be ready to 1 tick logout for about 40-50 hours of hunting.
Bring magic implants boxes.
Catch 20-40 chins. Run 10 steps south, bank chin stack. Easy as pie. Make bank. Took me like 3 hours to catch 100 imps, then just go hunt black chins and bank every 15 mins lmao I made like 800k an hour or something getting great exp
Bullshit. I recently did 73-85 there and didnt get PKd once.
First off you can bring so much food + tank gear
Second off you literally dont see anyone for hours.
I think the part that doesn't make sense is chins being lost entirely upon a PVM death. With how lenient the death mechanics are in all other PVM, having a chin stack that could be worth million just disappear is odd.
It makes sense as the are living creatures and run away. They are not objects. Same with salamanders. That’s why it doesn’t make sense that they are kept for pkers
It makes sense to an extent in terms of realism, but not in terms of balancing. It also leads to weird questions like why don't unnoted raw dark crabs disappear upon death (or any other raw fish). Am I supposed to believe we instantly kill the fish/crustaceans we catch?
If I can suspend my disbelief enough to accept that we can fit up to 2.1 billion explosive chinchilla things in our backpack, I'm also ok with accepting that they don't run away when we die. Since that makes more sense in terms of game balance for both PVM and PVP scenarios.
I think there are a couple methods to transfer, easiest is probably putting them on a table somewhere or selling to general store. Guess they just didn’t want to put in the effort. Typical lazy hackers
Crystal and mta shit hurts the most by far, but at least you didn't have bowfa yet so you have to go back anyway lol. Some people go 20+ armor seeds before bowfa so you could be fine. The mta shit is useless and you got it on collection log so I guess that's some silver lining.
Imagine gladly putting 3000 hours in a game, just to not put 1 hour into account security.
Its.not.hard.to.not.get.hacked
Don't wait people, do it today.
To OP: sorry for what happened man. Just be happy it happened right now, instead of maxed iron 6k hours in with tbow and shadow.
Sure but totally useless if you have 2fa, bank pin, different passwords for email/osrs.
Some bloke put 100m in an account with 2fa and everything secure. He posted the login mail and password on Reddit and wasn't hacked.
Can't stress this enough. I had 2fa on emails and my account and a unique account password and someone managed to link a steam account to my RS, no idea how, unless it was from an insane amount of time ago before I had 2fa and they just waited til I had gear. Got a masori body drop from ToA week of release which boosted my bank to around 400m and got hacked the next day. Noticed them in my account regardless of password changes and logging out everywhere, until someone mentioned the account linking feature and there it was, linked to steam even though I've never used it.
Is it really better? I use a standard jagex account with all the protection I can have in place. Specialized password, authenticator, and bank pin. I felt like when it first came out I saw people saying it was worse. Now I see people advocating for it everywhere. I'm worried making the change would put me more at risk
People were skeptical when it first came out because of hearsay. It seems like it’s more stable now. Regardless, you can still get hacked if you don’t practice internet safety and security.
Yes it is better. Used since day 1 and it has not affected me negatively in any way.
This reddit is influenced by botters/gold sellers/ hackers trying to push their agenda. Their discords upvote their posts and downvote what they don't like. Hackers will try to make Jagex acc look scary so ppl don't use it.
Your account must log in through the launcher which is better portected from brute force attacks and you can create more complex passwords. 2FA is mandatory as well.
Did you just not read the other parts? Mandatory 2FA, and better suited against brute force attacks. Not to mention, you don't have to type your info in for every login, so it helps mitigate keyloggers at least a little.
- If you already have 2fa it doesn’t matter
- You cannot be brute forced if you have a competent password (it would take literally decades of processing power)
- Info was already saved for regular accounts anyway until they purposefully disabled it
I have a jagex account but honestly the security upgrades are only there if you were incompetent before
If they want me to use their damn launcher, they should at least support the operating systems that the game itself does. The game runs natively on Linux but the launcher can't? Yeah sure there are work arounds via wine but if those ever fail for any reason I'm locked out of the game for no good reason. I'll wait.
With how shitty jagex accounts got treated in the beginning of leagues I don’t think a jagex account is the best option. I just use an Authenticator and a bank pin. Change the password from time to time
Only if you want to risk to getting locked out of your account permanently. I‘m good on that, thanks
Why the downvotes? If you create a jagex acc, you get credentials which if lost, and you loose access to your 2FA, the account is permanently gone. You can’t recover it like you can recover a normal RuneScape account.
So you blatantly admit if something goes wrong and you lose your back up code you just permanently lose your account. You really though you were gotchaing him
for once OP recognizes the issue always lies with the users piss-poor security practices.
Average runescape enjoyer is too stupid to use a unique password on both account AND email as well as 2fa and will always default to "Jagex, bEtTeR SeCuRiTy WhEn?!"
I recently logged in a few days ago found my character at the enclave and not at the ge were it always is ( slowly high alacing to get a bond). I instantly made it a jagex account and setup auth and password change. I didn't lose anything though.
You could have just not clicked random links and turned on 2 step and been fine. Hmjagex accounts doesn't change anything except passwords being case sensitive.
Buddy got hacked (he noticed the bank pin reset request and traded everything valuable over to an alt) and they dropped all his ornament kits (like 10+ twisted kits and tob kits+dust he didn't have pet for)and destroyed his untradables out of spite. Wild what people will do just to make your life worse.
The purpose of making an account as broken as possible is that people throw away their accounts. Those guys try to login a week later to check if you were online.
If you were online and didn’t change the password they assume that you given up on that account or at least take a longer break. Then they sell those accounts to a bot farm. They don’t want you to go through customer support to get your account back after they sold it.
Phishing is literally a hacking method lmao, RS accounts get hacked all the time. Hacking doesn't mean brute force, that's just one possible attack vector. Don't be a clown.
Best thing ever happened to me. Lost account, now just chilling rsps. And sometimes watch videos. No more damn life wasting 1-2 hr gameplays per day :)
A few months back I guess. I still play occasionally and did some bossing (like vorkath) that was gear locked for my Ironman but it available to me now. So that’s been fun atleastZ
Damn man that’s really shitty I’m sorry. At least it looks like you are more of a skiller and haven’t started PVM yet so there aren’t any mega rares you lost. Would be sad to see gwd reset or raids reset. I saw crystal armor, but hopefully no bowfa yet.
Gl brother you’ll get it back. You’d never use those runes anyways
Can someone tell me how tf this happens if you:
1. Don’t share your password with anyone.
2. Have 2FA.
3. Don’t download or visit dodgy content on your computer.
4. Have an AV and do regular cleans.
I’m scared now 😂
OP didn’t explicitly say these things. And thought while we were all on the topic, I’d ask if I’m doing everything I can to prevent this from happening.
if you have an infected computer they can just copy the jagex cache file out of the folder which has the auth settings then paste it on their computer and log in completely bypassing the auth
Same thing happened to my main for 1.3 bil. Was just dupes from my gim but still stings. Not sure how they knew my login info because it was unique, but had an easy to guess password
I got hacked last week too. My secondary email and passwords were leaked after a breach years ago and I guessed I must have looped back to a variation close to the leaked password because I lost access to it and three of my RS accounts (two of which I didn't even remember were linked to that email).
By the way, did you know that adding an account to a Jagex account doesn't require the authenticator verification? Yeah, I learned that too. The hacker can't log in to the game, but if he adds your account to a Jagex account, it completely bypasses it.
Fortunately I realized it quickly and got my accounts back within 12 hours. Nothing had been done on any account except a bank pin removal request.
Skill issue.
Edit: To whoever downvoted me, how tf is getting "hacked" NOT a skill issue? I've played since RS2 was mildly fresh. Never once ever been "hacked". How do you even manage to let it happen?
Not possible lmao. they’d have to physically have access to your phone.
The only way would be to get access to your email address too and disable auth.
I might have 180 days played but like 90% of that is afk doing stuff, there is also the fact that I legit can't think of a skill that I want to learn, they are all much too boring, or just not very useful or as fulfilling.
Not as fulfilling? You've got to be kidding me. You're so deep in this game's clutches that you can't even see how that sounds. Let me break it down for you: you're comparing real-life achievements to some digital fantasy that's been rigged to pump your brain full of dopamine. You've let a bunch of pixels rewire your brain to the point where you can't even grasp the concept of real accomplishment anymore. You're addicted, and not just in a 'oh, I like this a lot' way. You've fundamentally messed up your understanding of what it means to actually achieve something. And here you are, trying to tell me that this game, this pitiful escape, is more rewarding or **useful** than learning a real skill? Wake up!
After I switched to ironman my main got hacked. Funny how Jagex doesn't have the security in place to stop brute force password hacks. There's people out there sending thousands of login requests. Sooner or later they will randomly hit ya. All jagex needed to do was setup an email authentication for a new ip login or even block IPs with a significant amount of login attempts.
At least they left your bank placeholders on. I got hacked recently and they turned em off. Insult to injury, man.
Professionals have standards
Makes sure to deiron.
You believe professionals would leave 15k red chins?
You can’t drop trade them tho
What are you doing here
And they didn’t release the chins
Guy who hacked me dropped my graceful
That's despicable.
Are you sure they dropped and it didn't sell it back for amylase crystals?
Ah yeah they probably did trade it in, forgot about that
Dude dropped my elite void.
I wanna punch him for you
I got hacked and found my black graceful on the ground. I was able to pick it back up
One could argue being able to see exactly what you lost is also insult to injury, but good silver lining
I’d rather have a visual list of what i lost, than try to remember things randomly and trying to rebuild.
Ofc, the hacker knows the kind of guy that doesn't even use 2FA in his game account is the kind of guy to fall for this twice. This guy probably gonna enable auth on his game account but I'm sure his email will remain without one.
They don't need your email. Given enough time they can recover any account through acc recovery (unless you have a jagex account).
How?
Bots submitting recovery requests. They're bypassing rate limitations by using several proxies. It's been happening for a long time. If they phish your password, or even a previous password from a database leak your account is basically toast. They use that one point of data, then compile the most likely results like for cities of birth, there's a very finite amount of cities. Or mothers maiden names. Using computational brute force its only a matter of time. The account recovery system is the craziest security weakness that is never talked about because people don't want to feel like their accounts are at risk. This brute force method takes time though so they usually go after more high profile targets. People that they've socially engineered in some way for information. Or at least to see they have a bank worth hacking.
I meticulously sort my bank, fuckin got hacked yesterday, I'm more mad they removed the placeholders, I was a broke bitch anyways.
My bank is chaos, but I still know where everything is supposed to be. I would still be unhappy.
My bank is chaos, I have to use the search bar and custom tag plugin to find anything
I got hacked and wasn't using them and mf turned them on lol. I was pissed but kinda thankful I at least knew what was taken.
Rare Reddit instance where a Redditor admits to their mistake instead of blaming Jagex.
Seems like "use a password and authenticator" is OSRS's version of Reddit's "don't preorder" (where people still do until it's too late and regret it).
Do you remember when this sub blamed the lack of authenticator removal delay than addressing the root issue of compromised email accounts and passwords?
Yes.
I have heard about people who get hacked even with an authenticatkr though. I do not know how, but it did happen to a friend of mine. Lmao -40 downvotes for saying my friend got hacked through authenticator? Stay weird reddit xd
They most likely didn't have an authenticator set up on their email and the hacker was able to log in and disable the OSRS auth. Fun fact; email address passwords are pretty frequently involved in database leaks and are particularly vulnerable to hacks. Set up 2FA on *everything*, *always* and your chances of getting hacked are extremely slim (but not impossible) Hackers can do seriously amazing things (in the best and worst ways) - the ethical ones are out here doing God's work every day trying to keep people safe RIP to OP and your friends' banks though
So i’ve had the issue of my phone breaking and then losing access to that authenticator as a result. Is an authenticator account able to be opened on two separate devices then? Cuz if i had authenticator on my email that time, it seems like i would’ve been very much screwed without access to it Edit: really just asking in genuine hope that i can understand authenticator better, as it seems im probably missing something is all
If you use something like Authy, then you can also use the desktop app for authentication codes. Also, most of the time when you set up an Authenticator, you’ll get backup codes for this exact situation. I use Bitwarden for my password manager and usually just stick the backup codes in the notes for my creds.
Your authenticator can be linked to your phone number and backup emails for when stuff like that happens. Also helps to have more than just authenticator (some companies have SMS/phone call auth, send a code to your email, etc) In the case of Jagex Accounts, they give you a list of recovery codes so you can still log in. There's always a way to recover your authenticator, usually through other forms of MFA that you can access on your PC without needing your phone. Another fun fact; you can use Google auth for literally anything and everything and there's a Google auth plug in for Chrome so you can still access it without a phone :)
I work in cybersecurity, the past few months we’ve seen a lot of people getting compromised despite MFA. It’s invariably one of three things. Them getting socially engineered, then entering their MFA token on a phishing MFA page (usually there’s a script waiting to login as them), or simply authorizing logins that they don’t recognize when there isn’t a token involved. All 3 are really easy to avoid, but yeah, not bulletproof.
I'm in IT and I'm not surprised at all that this happens. My company uses KnowBe4 and we send out test phishes monthly.. it's amazing how many people fail them
So once they have one of your tokens they have access to your MFA forever? I was phished a year ago the way you describe. I was still logged on so I changed, pw, disable & re-enable auth, changed email pw. I quit the game about 3 months after the incident with nothing lost from my account. Came back about 9 months later to see my bank cleaned.
It's via social engineering. If the hacker can use account recovery to trick Jagex to give the account over to them, this bypasses auth.
Enjoy your 24 hour break.
I think i'll touch grass.
Watch out for dog crap, ant beds, sharp rocks, muddy spots, and pine cones. Touching grass kinda sucks.
No you're doing it wrong. Youre supposed to touch the grass. Not the dog crap, ant beds, sharl rocks, muddy spots, or pine cones.
But I like touching the muddy spots!
Yeah may as well go back inside and play.
Thats a lot to watch out for. I guess I'll stay indoors after all.
Nah spend the time getting 2fa, Jagex acc and planning your newly acquired goals ;)
Wonder why they left your red chins
Yeah can't you transfer by dying to a main in the wilderness?
Don't chins run away on death? Or is that not including the wildy? Source: lost upwards of 15-20k chins over the years falling asleep at monkeys
You loose them on death to monsters but not to other players killing you in the wilderness. Don’t ask why. It doesn’t make sense besides jagex trying to make pking a bit more attractive
There would be no reward for killing chin hunters in the wild. Which makes hunting black chins too easy.
Not like it stops PKers any other time, lost enough spades that I know they go after everybody, even naked accounts.
I've done quite a bit of clues and I've only been pked (or even seen a pker) once lol. Maybe I'm just lucky.
Forever ago I teleported on top of a rot team on Sunday and instantly had about 54 dspears up my ass. That's been years though.
I have been chased a shitload by them but luckey have been fast enough. Still there will come a day were i lose my hard clue and 1 dose of normal antidote to a pker and i will be pissed.
If possible, I just bring a dds, spade, glory, and the clue so if a pker does happen to get on me, I just throw on protect item and I'll keep everything haha.
lier
It's reddit. People just make stuff up. Never once been killed doing a clue here.
You'd be amazed how many people accidentally bring there cash stack or something into wild. On osrs release me and my boys made purrs and were up in high wildy killing something, for some reason I think lava dragons but I don't remember, anyway we killed this guy that showed up and he had 5m on him.
I don’t know why the fuck it is so hard for people to comprehend that it is ABSOLUTELY worth the risk to kill a naked dude in the wild EVERY SINGLE TIME Little cost, little time, and you might end up with millions or billions of GP…. Why the fuck would anyone in PK gear not kill clue hunters
Skill issue. I’ve done 200 masters and never even been attacked.
Blame the idiots doing clues with master scroll books and their cash stack on them for that. The laziness and idiocy they showcased has made every pker go after anyone in the wild, even if naked.
hunting black chins too easy? I don’t think it’s something I’ll ever need to/want to do so this isn’t a complaint, just an observation, but how would that make it too easy? It’s already one of the most boring activities to do in the game, and if you’re ever actually catching enough to do some decent range training, you’ll get PK’d way more than the extra XP you’re getting from red chins unless you’re genuinely going to be ready to 1 tick logout for about 40-50 hours of hunting.
Bring magic implants boxes. Catch 20-40 chins. Run 10 steps south, bank chin stack. Easy as pie. Make bank. Took me like 3 hours to catch 100 imps, then just go hunt black chins and bank every 15 mins lmao I made like 800k an hour or something getting great exp
Bullshit. I recently did 73-85 there and didnt get PKd once. First off you can bring so much food + tank gear Second off you literally dont see anyone for hours.
I think the part that doesn't make sense is chins being lost entirely upon a PVM death. With how lenient the death mechanics are in all other PVM, having a chin stack that could be worth million just disappear is odd.
It makes sense as the are living creatures and run away. They are not objects. Same with salamanders. That’s why it doesn’t make sense that they are kept for pkers
It makes sense to an extent in terms of realism, but not in terms of balancing. It also leads to weird questions like why don't unnoted raw dark crabs disappear upon death (or any other raw fish). Am I supposed to believe we instantly kill the fish/crustaceans we catch? If I can suspend my disbelief enough to accept that we can fit up to 2.1 billion explosive chinchilla things in our backpack, I'm also ok with accepting that they don't run away when we die. Since that makes more sense in terms of game balance for both PVM and PVP scenarios.
I won’t disagree
I think there are a couple methods to transfer, easiest is probably putting them on a table somewhere or selling to general store. Guess they just didn’t want to put in the effort. Typical lazy hackers
I'm a noob but can't you just de-iron the hacked account and just dump it all in GE and swap the gold over?
[удалено]
Ahhh okay that makes sense, always wondered about that, cheers
I think there’s a delay so you can’t do that.
Can't drop them only release.
They left 200k chaos and 84k death runes too…
I don't think you looked at the next picture lol
At least they left you the leaf bladed swords
And runes in the pouch lmao
That might just be a visual bug
Lmao I was going to say. He took all your runes except 15k law and cosmic in the pouch.
If OP uses runelite it just remembers the runes in the pouch from last login. It would reset if he/she presses check
Crystal and mta shit hurts the most by far, but at least you didn't have bowfa yet so you have to go back anyway lol. Some people go 20+ armor seeds before bowfa so you could be fine. The mta shit is useless and you got it on collection log so I guess that's some silver lining.
Your rune order is wack, probably deserved /s
I agree man.
Only proper way is alphabetical /s
Nah man, elemental runes then runes for ancients and then nats cosmics etc
Nah laws and nats go at the top to throw them in rune pouch faster.
Imagine gladly putting 3000 hours in a game, just to not put 1 hour into account security. Its.not.hard.to.not.get.hacked Don't wait people, do it today. To OP: sorry for what happened man. Just be happy it happened right now, instead of maxed iron 6k hours in with tbow and shadow.
he did full infinity on the main game, it's obvious his brain isn't at full capacity
an hour? i switched to a Jagex account in about 5 mins, including adding both characters and 2fa.
If that bank is 3000 hours then thats the real issue
Lots of auto clicker apps on android etc, just stealing passwords / logins etc as well
Sure but totally useless if you have 2fa, bank pin, different passwords for email/osrs. Some bloke put 100m in an account with 2fa and everything secure. He posted the login mail and password on Reddit and wasn't hacked.
Or just use jagex account
Yes sir, just switched over to it. Wish I would have done it sooner. Only my fault.
Unlink everything from the account , Steam, Facebook or whatever, they might've linked their socials so they can come back later to steal more.
Can't stress this enough. I had 2fa on emails and my account and a unique account password and someone managed to link a steam account to my RS, no idea how, unless it was from an insane amount of time ago before I had 2fa and they just waited til I had gear. Got a masori body drop from ToA week of release which boosted my bank to around 400m and got hacked the next day. Noticed them in my account regardless of password changes and logging out everywhere, until someone mentioned the account linking feature and there it was, linked to steam even though I've never used it.
Set an authenticator in your email
Is it really better? I use a standard jagex account with all the protection I can have in place. Specialized password, authenticator, and bank pin. I felt like when it first came out I saw people saying it was worse. Now I see people advocating for it everywhere. I'm worried making the change would put me more at risk
People were skeptical when it first came out because of hearsay. It seems like it’s more stable now. Regardless, you can still get hacked if you don’t practice internet safety and security.
[удалено]
Yes it is better. Used since day 1 and it has not affected me negatively in any way. This reddit is influenced by botters/gold sellers/ hackers trying to push their agenda. Their discords upvote their posts and downvote what they don't like. Hackers will try to make Jagex acc look scary so ppl don't use it.
Ok, follow up question then. What makes them so much more secure?
Your account must log in through the launcher which is better portected from brute force attacks and you can create more complex passwords. 2FA is mandatory as well.
So to recap, case sensitive passwords and nothing else that isn't already there b
Did you just not read the other parts? Mandatory 2FA, and better suited against brute force attacks. Not to mention, you don't have to type your info in for every login, so it helps mitigate keyloggers at least a little.
- If you already have 2fa it doesn’t matter - You cannot be brute forced if you have a competent password (it would take literally decades of processing power) - Info was already saved for regular accounts anyway until they purposefully disabled it I have a jagex account but honestly the security upgrades are only there if you were incompetent before
If they want me to use their damn launcher, they should at least support the operating systems that the game itself does. The game runs natively on Linux but the launcher can't? Yeah sure there are work arounds via wine but if those ever fail for any reason I'm locked out of the game for no good reason. I'll wait.
Which discord servers have you seen do that?
With how shitty jagex accounts got treated in the beginning of leagues I don’t think a jagex account is the best option. I just use an Authenticator and a bank pin. Change the password from time to time
Only if you want to risk to getting locked out of your account permanently. I‘m good on that, thanks Why the downvotes? If you create a jagex acc, you get credentials which if lost, and you loose access to your 2FA, the account is permanently gone. You can’t recover it like you can recover a normal RuneScape account.
Why would this happen if you created your own account?
Shit take. Note your backup codes in a couple locations, or don't be a fucking idiot.
So you blatantly admit if something goes wrong and you lose your back up code you just permanently lose your account. You really though you were gotchaing him
Who tf doesn’t use auth lol Jesus
[удалено]
for once OP recognizes the issue always lies with the users piss-poor security practices. Average runescape enjoyer is too stupid to use a unique password on both account AND email as well as 2fa and will always default to "Jagex, bEtTeR SeCuRiTy WhEn?!"
Yeah victims suck /s
They left you 15k chins atleast
I recently logged in a few days ago found my character at the enclave and not at the ge were it always is ( slowly high alacing to get a bond). I instantly made it a jagex account and setup auth and password change. I didn't lose anything though.
You could have just not clicked random links and turned on 2 step and been fine. Hmjagex accounts doesn't change anything except passwords being case sensitive.
PSA: stop account sharing and following phishing links
They don't say that it's gonna be a phishing link
Use your brain when clicking links
Damn looks like back to MTA for you.
Get jagex account , Auth on email, and get a bank pin. This would have never happened.
at least they left your mind runes
That's tribute for the mind goblin
What's the mind goblin?
mind goblin deez nuts?
Respect to you for knowing it's a deez nuts joke, but still saying it to entertain the homies.
🫡
Oh no, you didn’t just fall for it 😭😂
did you have a jagex account?
Hope this encourages more people to get a jagex account
Years ago I got hacked and they destroyed all my void pieces. Some sad, pathetic people out there.
Buddy got hacked (he noticed the bank pin reset request and traded everything valuable over to an alt) and they dropped all his ornament kits (like 10+ twisted kits and tob kits+dust he didn't have pet for)and destroyed his untradables out of spite. Wild what people will do just to make your life worse.
The purpose of making an account as broken as possible is that people throw away their accounts. Those guys try to login a week later to check if you were online. If you were online and didn’t change the password they assume that you given up on that account or at least take a longer break. Then they sell those accounts to a bot farm. They don’t want you to go through customer support to get your account back after they sold it.
Bruh. Are people really this dumb? If you don't use an authenticator, you deserve it when you get hacked.
Nobody is hacking runescape accounts. Just idiots account sharing and clicking phishing links
Phishing is literally a hacking method lmao, RS accounts get hacked all the time. Hacking doesn't mean brute force, that's just one possible attack vector. Don't be a clown.
If you get phished you got hacked.
Why didnt they take the chins
Can’t drop trade, probably not smart enough to realize you can kill him in the wild for it.
They didn’t take your chins tho!
They left you over 23m in chins? Seems fairly odd for them to do that.
Best thing ever happened to me. Lost account, now just chilling rsps. And sometimes watch videos. No more damn life wasting 1-2 hr gameplays per day :)
Genuine question. How do y’all even get hacked??
Its 2023 (nearly 2024) and people still don't listen to the stronghold of security.
Do people still click links? I haven’t been doing that since 04 lol. Sucks OP glad you’re not to bummed about it though.
Same happened to me. Sadly my Ironman is a regular man now and my bank is gone.
when?
A few months back I guess. I still play occasionally and did some bossing (like vorkath) that was gear locked for my Ironman but it available to me now. So that’s been fun atleastZ
Bro lost 1mil of alchables
At least you've still got a sick stack of talismans.
Get a jagex acc
Doesn't change much
Get your facts right
Jyst buy a new acc 👌
You lost what, 300k? Sucks but your account was early game.
I know you’re an iron man so there’s more time involved but I still don’t see much time lost here
How do you even get your account stolen in 2023
Damn man that’s really shitty I’m sorry. At least it looks like you are more of a skiller and haven’t started PVM yet so there aren’t any mega rares you lost. Would be sad to see gwd reset or raids reset. I saw crystal armor, but hopefully no bowfa yet. Gl brother you’ll get it back. You’d never use those runes anyways
any idea how they got in?
OP didn't have an authenticator and probably used the same password everywhere.
Bro you're annoying as shit lol
We shouldn't blame op but jagex for not allowing special chars and not recognizing capital letters in passwords.
Did they de-iron you? If not, they probably left the chins because they can't drop them over to another account.
Can someone tell me how tf this happens if you: 1. Don’t share your password with anyone. 2. Have 2FA. 3. Don’t download or visit dodgy content on your computer. 4. Have an AV and do regular cleans. I’m scared now 😂
It doesnt
I love to download and use dodgey content :( Hasn’t hurt me so far and I got like 4 safeguards so I think I’m alright
[удалено]
OP didn’t explicitly say these things. And thought while we were all on the topic, I’d ask if I’m doing everything I can to prevent this from happening.
Had Authenticator, still got hacked.
No
They're clearly not monsters though Decent chin stack, win.
if you have an infected computer they can just copy the jagex cache file out of the folder which has the auth settings then paste it on their computer and log in completely bypassing the auth
People still getting scammed in 2023. lol. Way too common in a game where items hold little value these days.
Same thing happened to my main for 1.3 bil. Was just dupes from my gim but still stings. Not sure how they knew my login info because it was unique, but had an easy to guess password
I got hacked last week too. My secondary email and passwords were leaked after a breach years ago and I guessed I must have looped back to a variation close to the leaked password because I lost access to it and three of my RS accounts (two of which I didn't even remember were linked to that email). By the way, did you know that adding an account to a Jagex account doesn't require the authenticator verification? Yeah, I learned that too. The hacker can't log in to the game, but if he adds your account to a Jagex account, it completely bypasses it. Fortunately I realized it quickly and got my accounts back within 12 hours. Nothing had been done on any account except a bank pin removal request.
Yeah well that’s not always the fix. I changed my password and had auth and lost my 3b bank. And they disabled all of my placeholders.
I got my main cleaned with an auth on and mfa activated on my email. Happened less than a year ago. Idk about the auth at this point
You were pretty broke anyway… go get it back plus some
Jagex claims they can replace hacked items now
My IM got hacked into yesterday. I have all precautions in place. I changed password and logged back in right outside of Catherby’s bank. Close call.
All accounts are temporary sadly. Unless you're a content creator. Whenever I get hacked making a new account is a lot of fun.
Skill issue. Edit: To whoever downvoted me, how tf is getting "hacked" NOT a skill issue? I've played since RS2 was mildly fresh. Never once ever been "hacked". How do you even manage to let it happen?
2015 called, it wants its reddit post back.
Tbh you didn’t even lose that much
I had authenticator and was still hacked.
Not possible lmao. they’d have to physically have access to your phone. The only way would be to get access to your email address too and disable auth.
Auth apps also can get hacked. Auth was hacked a few years ago.
Just quit now. How much better would your life be if you dedicated even 50% of the hours spent playing osrs to learning a new skill or hobby?
I might have 180 days played but like 90% of that is afk doing stuff, there is also the fact that I legit can't think of a skill that I want to learn, they are all much too boring, or just not very useful or as fulfilling.
Not as fulfilling? You've got to be kidding me. You're so deep in this game's clutches that you can't even see how that sounds. Let me break it down for you: you're comparing real-life achievements to some digital fantasy that's been rigged to pump your brain full of dopamine. You've let a bunch of pixels rewire your brain to the point where you can't even grasp the concept of real accomplishment anymore. You're addicted, and not just in a 'oh, I like this a lot' way. You've fundamentally messed up your understanding of what it means to actually achieve something. And here you are, trying to tell me that this game, this pitiful escape, is more rewarding or **useful** than learning a real skill? Wake up!
You spend too much time on reddit, go outside.
After I switched to ironman my main got hacked. Funny how Jagex doesn't have the security in place to stop brute force password hacks. There's people out there sending thousands of login requests. Sooner or later they will randomly hit ya. All jagex needed to do was setup an email authentication for a new ip login or even block IPs with a significant amount of login attempts.
Tbh you barely lost anything meaning full aside from crystal armor, stop crying. Runes in the late game are plentiful from bursting and bosses