devtrackers.gg Old School Runescape

I came back to the game and I am missing items


Original Post — Direct link

I've been gone for almost a year, I logged into a free to play server to get my runelite setup on my new pc and when I clicked on my bank I immediately noticed something was wrong. I didn't have a bank pin anymore.

I look in my bank and all my crystal armor was gone and my bofa. In my bank there are over 2.2k crystal shards and a ton of corrupted gauntlet loot which ended up equaling 13 mill.

My question is, I just logged into my account like normal. Two factor authentication and everything.

My password was not changed, everything was as I left it. How in the hell does this happen?

As I post this I have already swapped over to a jagex account which I just now found out existed from a friend. So hopefully this will never happen again.

I already sent in a ticket to support, I am just genuinely curious how that's even possible?

EDIT: Also, is your email not notified when your bank pin is being removed or anything of the sort? Cause I didn't receive one.

External link →
about 2 months ago - /u/Jagex_Melora - Direct link

Hey u/tasius

Sorry to hear this has happened - hopefully we can get your account properly secured for you now you're back on the account.

Without access to your account, I can't say for sure how the hijackers gained access, but if a hijacker has accessed your account, then the hijack could only be for one of the following reasons:

  • They have significant information about your account which allowed them to recover it and register their own email - upgrading to a Jagex Account will remove the ability to recover your account through the legacy recovery system
  • They have access to your email
  • You've unwillingly provided your login info + authenticator TOTP (phishing/keylogging by the hijacker)
  • You've willingly provided your login info to someone
  • You've been hijacked in the past, the hijacker linked a third party account to your RuneScape character (like Google, Apple, Steam, Facebook etc) and used this link to access your character - I believe this is the most likely based on what you've said.

Next steps would be:

  • Check your email is fully secure and not accessible to another person (I'd suggest 2FA for your email too) I'd also encourage you to review the inbox rules currently in place on your registered email address. If your registered email has been compromised, then a hijacker might have set up 'rules' which will redirect your incoming emails to another email address, meaning you might not be receiving important security information about your account.
  • Be secure with your information and don't use the same password across numerous sites
  • Check your linked third party associations and remove any you do not recognise/secure your own third party associations
  • Check your devices for any malicious software and run regular virus/malware checks
  • Be careful with what links you click and where you're entering your information (more information on how to avoid phishing/scams can be found here)

Hopefully the above information helps to resolve this issue and helps to beef up your security for the future!

← More from Old School Runescape





Recent Old School Runescape Posts

Q&A on Varlamore's Proposed Herblore Activity! | OSRS Q&A Livestream April 25th

2 days ago - Old School RuneScape

(FEEDBACK) Herblore Activity - Varlamore: Part Two

3 days ago - /u/JagexSarnie
Get Discord notifications
OSRS Skill Calculators