devtrackers.gg Old School Runescape

Account hacked!!!


Original Post — Direct link

Hi everyone, I'm trying not to freak out while im typing this but i am scared. So i just logged into my account after a while which also had an authenticator. I was trying to put the number of the authenticator and it would not allow me to log in. So i disabled it, and finally logged in to realize my username was changed. Guys it is a considered a very rare username and it means alot to me. How can someone go through my authenticator and everything and just change my username. Please i need help! I appreciate any responses, will Jagex help me get my username back if the account was hacked?

External link →
6 months ago - /u/JagexBeano - Direct link

Hey there,

I'm sorry to hear you've come back to things not quite as you left them. Unfortunately, if the hijackers have changed your in-game name, this isn't something we'll be able to assist you with - you can find all the info we can offer on character names here.

If you definitely had an authenticator previously, and the hijackers were able to remove your old authenticator and set up a new one, it means they had direct access to your registered e-mail address as this is the only way to remove an authenticator. So, I'd highly recommend you take the steps to secure all of your e-mail accounts as the first thing you do:

  • Change the password to something brand new that you do not use anywhere else
  • Enable two factor authentication.
  • After the above two steps have been completed, log the e-mail address out of all instances. If you're not sure how to do this, you will need to find out through your provider.
  • Finally, review the inbox rules currently in place on your registered email address - the hijacker might have set up 'rules' which will redirect your incoming emails to another email address, meaning you might not be receiving important security information about your account. Each email domain uses different systems, but for Gmail, you can follow the advice here or for Outlook you can follow the advice here.

I'd also recommend having a read through of our security advice to make sure you've covered all bases going forward to protect your account.

-Jagex Support

6 months ago - /u/JagexBeano - Direct link

Originally posted by Afraid_Rip99355

Hello, Thank you Mod Beano for your response i really appreciate it. I am knowledgeable about account security/phishing links etc. I had done the best i could have by registering my account with my email, along with having 2 step authenticator which i have the app on my iPhone. I assure you my email account is not compromised. It was a 2 letter name, and i come back to Runescape roughly after a year to find that it has been changed and they even put "kid" in the username. That is a slap to the face, they got what they wanted without any punishment and here i am stressed mentally that my username was taken. I have been playing this game as a kid, and it does mean a-lot to me. Please i beg you Jagex Mod, if you can look into the account and see who has hijacked my account and who took my username. All my other accounts with the authenticator were secure ( they also had rare names ). So none of this makes any sense to me.

If you're happy to provide the character's current in-game display name, I can have a look and see if there's any more information I can provide about how the unauthorised access happened and how it can be prevented going forward, but I can't assist with recovering the character name or give any information about the users who may have accessed your account.

6 months ago - /u/JagexBeano - Direct link

Originally posted by Afraid_Rip99355

Yes for sure, the current in-game username is "wxkid" which they changed it too. It really hurts me, that nothing can be done, as it was not my fault at all. How can someone take my username and not face any consequences. It is just handed to them. Again, thank you for your response

So it seems the account didn't have 2FA on it at the time of compromise - the last legit 2FA that was on the account was removed by the account's usual login. In that case, all the hijackers had to do was enter the login email and password to gain access to the account.

We can only guess how they got that info, but the two most likely ways are that the info was the same as info caught in any data breaches (you can use https://haveibeenpwned.com/ to find out if your information is included in any historic breaches) or that you were phished for it.

While I am genuinely sorry we can't help with the name, ultimately it's a player's own responsibility to keep their account secure, so I really would recommend reviewing the security guidance to ensure this doesn't happen again.

← More from Old School Runescape





Recent Old School Runescape Posts

Let’s Talk Official Client Update! | OSRS Q&A Livestream July 25th

about 10 hours ago - Old School RuneScape

Official Client Update - July 2024 | Old School RuneScape

2 days ago - Old School RuneScape

Official Client Update - July 2024

3 days ago -

Deadman: Armageddon & While Guthix Sleeps Tweaks

3 days ago -
Get Discord notifications
OSRS Skill Calculators