devtrackers.gg Old School Runescape

Account hacked - Long time player


Original Post — Direct link

Hello gamers,

Always really suspicious about people who have been hacked but wanted to share some information here.

  • I haven't played/logged into my account for a few years
  • My email and password are unique to OSRS only
  • My email for OSRS has not been compromised and has 2FA enabled still
  • I had 2FA enabled on my osrs account (and still have 2FA enabled, and needed it to log in just now)
  • I have no notifications or messages about any information being changed on my account management
  • I have no linked accounts like steam etc. on my account
  • My bank pin was removed with no notifications
  • All my items and anything of wealth has gone from my account
  • Goes without saying but I have never bought items/services anything and to be honest never really traded/interacted with players much, mostly playing solo
  • Never joined any raids/downloaded weird clients

Obviously won't be playing anymore still as my account is now compromised and I have 0 trust that I can re-secure it. I often see a lot of posts on this subreddit about people being "hacked" and usually the top comment is that their email was compromised, no 2FA, people saying its their own fault etc.

I can't think of any other security measures I could have taken to protect my account. Stay safe out there gamers!

External link →
about 1 month ago - /u/Jagex_Melora - Direct link

Hey there,

Sorry to hear this has happened - hopefully we can get your account properly secured for you now you're back on the account.

Without access to your account, I can't say for sure how the hijackers gained access, but if a hijacker has accessed your account, then the hijack could only be for one of the following reasons:

  • They have significant information about your account which allowed them to recover it and register their own email - upgrading to a Jagex Account will remove the ability to recover your account through the legacy recovery system
  • They have access to your email
  • You've unwillingly provided your login info + authenticator TOTP (phishing/keylogging by the hijacker)
  • You've willingly provided your login info to someone
  • You've been hijacked in the past, the hijacker linked a third party account to your RuneScape character (like Google, Apple, Steam, Facebook etc) and used this link to access your character - I believe this is the most likely based on what you've said.

Next steps would be:

  • Check your email is fully secure and not accessible to another person (I'd suggest 2FA for your email too) I'd also encourage you to review the inbox rules currently in place on your registered email address. If your registered email has been compromised, then a hijacker might have set up 'rules' which will redirect your incoming emails to another email address, meaning you might not be receiving important security information about your account.
  • Be secure with your information and don't use the same password across numerous sites
  • Check your linked third party associations and remove any you do not recognise/secure your own third party associations
  • Check your devices for any malicious software and run regular virus/malware checks
  • Be careful with what links you click and where you're entering your information (more information on how to avoid phishing/scams can be found here)

Hopefully the above information helps to resolve this issue and helps to beef up your security for the future!

← More from Old School Runescape





Recent Old School Runescape Posts

Colosseum NPC Clickboxes & More

about 16 hours ago -

Crafted by Foxes

1 day ago -

New Slayer Boss - The Araxyte

1 day ago -

RuneScape Metal Mixtape - Beats to 'Scape/game to

4 days ago - Old School RuneScape
Get Discord notifications
OSRS Skill Calculators