Woke up this morning to an email saying that my account has been successfully imported to my Jagex account, which I do not have. It says to continue playing with this character I’ll need to use Jagex Launcher with my Jagex account and that my login, password, and Authenticator have been disabled. I submitted a ticket to support but how absolutely screwed am I? I do bank all of my items everytime I log out and I have a bank PIN with a 7-day timer to be removed.
External link →There's been a lot of misinformation / incorrect assumptions on the thread so I just wanted to clarify that if you have not yet upgraded to a Jagex account and a hijacker upgrades your account, you need to contact support here.
Once we verify ownership of the account, if you are the owner we will get your account back to you.
Where I think people are getting confused is the stance we have on accounts that are already Jagex accounts (and have been made so by the original owner), which is that there is no manual recovery option, to prevent hijackers from accessing Jagex accounts secured with 2FA.
In order to get you started on the best foot possible with your Jagex Account, I've included some security guidance below:
- Your Jagex account is only as secure as your email is. As there is no manual recovery method for Jagex accounts, if you lose access to your email, you may lose total access to your Jagex account. Therefore, I'd recommend having 2FA set up on your email, as well as your Jagex account.
- You need access to your email to access your Jagex account. Brand new emails set up purely for the purpose of your Jagex account are great from a security point of view, however it's worth keeping in mind that many email providers will close email accounts after a period of inactivity, so even if you only use it for this purpose, make sure you're checking it regularly. We have a list of the most common domain provider policies here.
- Jagex accounts default to email 2FA. To be extra secure, change this to an app-based 2FA, save your backup codes somewhere digital and physical, and back up your authenticator, in case of a lost or damaged device.
- Accounts are only as secure as the weakest access point. If you are planning to link a Steam account or Google account for SSO, ensure that these login methods also have 2FA. You can be as diligent as you like when it comes to your Jagex account, but if these don't have 2FA it's the equivalent of deadlocking the front door and leaving the back one open.
- If you share or buy accounts, you do so at your own risk. A lot of contact we see around lost accounts are from people who historically received an account from a friend, or who purchased an account several years ago and the original owner has reclaimed access. My best advice on account sharing is don't.
- Scams are becoming more and more sophisticated. We see a number of people come in to player support because of a spoofed Jagex email, ensure you're following all of our guidance related to phishing found here. Advice on general scams can be found here, but as a rule of thumb, if it's too good to be true - it probably is.
On top of all this, I'd recommend checking out our security centre for Jagex accounts, here.
I hope this helps.
devtrackers.gg