Basically title. Password got leaked in a recent hack, someone hit up runescape with it and was able to login, changed my password and then somehow was able to change the registered email address to the account. They changed my email address without having access to the registered email account (they do not have the same passwords and the email request to change email is sitting unread in the inbox, there is only 1 such request.).
How do I know they have been able to change my email address?
I've been trying to get it to send an email to the registered address to reset my password, it has not worked (even though I get the "Check your email!" notification, I think everyone gets that regardless of success).
So either the "hacker" changed the email, or jagex's email system has blocked over 10 of my requests to just send a basic email..
I'm not looking for your smarter than thou comments on cyber security and the lapses of judgement you think I've made.
I'm looking for an actual explanation on how someone without access to my email address has been able to change it without my consent, if this extremely basic system doesn't even work properly, I'll probably just move on to bigger, properly coded pastures
Also, This is a fresh reddit account because I didn't have one. I will remove/delete it again once I get an answer.
External link →