devtrackers.gg Old School Runescape

[2019] I urgently need to speak with a Support Moderator. Enough is enough.


Original Post — Direct link

My account, Jar of Swamp, was hacked today. I haven’t been able to successfully recover it yet but I’m assuming the 2.3B bank is gone. The account had an Authenticator active and the email linked to the account was also two-step authenticated. It seems like the hacker knew my login email and was able to recover the account from the recovery page and completely bypass the authenticator and the authenticated email address linked to it. I couldn’t have made the account more secure than it was. I don’t have a single email in ANY of the email addresses I have linked to the account alerting me of a recovery attempt. Enough is enough, Jagex. You literally handed my account over to the hacker without any checks or failsafes. What’s the point of an authenticator? I’d like a moderator to reply because at this point I know I won’t get my items back but I demand answers. I know they don’t care about my $11 and whether or not I continue playing but this is so infuriating.

External link →
over 5 years ago - /u/Jagex_Weath - Direct link

I've secured the account for you. I can see that you've submitted a recovery for it and this should be granted in a short while by our support mods.

Unfortunately, it looks as though the email that you had registered on the account is not as secure as you had hoped. The hijacker used this email to recover your account (rather than going through the manual recovery system). I recommend taking some time to secure your email and/or create a new one that is not affiliated with anything other than your OSRS account. I'd also recommend checking the email on a website such as haveibeenpwned, to try and identify how it was leaked.

I've begun the process of tracking any wealth that was taken from the account. I'll ban any hijacking/real world trading accounts that have received or sold the wealth. I have also made the anti-hijacking team aware of your account so they can fully investigate the person responsible for the hijacking.

over 5 years ago - /u/Jagex_Weath - Direct link

Originally posted by Gangstuh44

Thank you, Weath! I checked haveibeenpwned and it said there was no breach for the email that I have listed as my linked email. That’s why I was confused. I created the email after the first time I was hacked, and two step authenticated it. Any advice on how to proceed going forward to ensure optimal security? And could you possibly dm me and tell me which email was hijacked?

I would run as many virus scans as possible to make sure that your computer is fully secure. Then go and make a brand new Gmail account with a unique password and add 2-step to it. Register that on your RS account and then never use it anywhere else. Set up the RS authenticator and set a unique password on your RS account.

Run regular virus scans, try not to visit any untrustworthy websites and don't share your account.

over 5 years ago - /u/Jagex_Weath - Direct link

Originally posted by its_dip30

Weath is the one that just confirmed it’s hijacked. That’s how they know.

If his appeal is accepted, the recovery link will be sent to the email that he supplied in his recovery, which is not the compromised email.

← More from Old School Runescape





Recent Old School Runescape Posts

Leagues V Teasers & FAQs - Releasing November 27th

about 20 hours ago -

Reminder: Legacy Java Client - Retirement & Shutdown

1 day ago - /u/JagexSarnie

Mini-reveals: Quality of Life

3 days ago - /u/Mod_Kieren

Server Maintenance & Downtime (20th November 2024)

3 days ago - /u/JagexSarnie
Get Discord notifications
OSRS Skill Calculators