This is a small thing, but can we make the +1 boost you get from putting on skillcape/hitting 'Boost' a permanent effect as long as you're wearing a skillcape? Other than a max Cape, I can't think of a situation where this would harm the game in any way. If you can infinitely boost one level, then why not just have it there permanently? It seems like a rather useless perk when you have to reapply it every 60 seconds.
That's fair - we'll take a look at it
Hi all!
It's almost time for QoL month so we're opening up this thread for you to get your suggestions in! We'll also be scouring the backlog and previous Q&A suggestions.
Let us know what Quality of Life changes you'd like to see the *most*!
External link →ETA?
Winter
We had to delay it due to work on mobile. soz.
Nah, that's where the stay in Europe votes went.
or have a habit of using various VPN's on web access only - but I have to say it looks suspicious
This shouldn't be suspicious at all and is deeply concerning as I use a VPN for other things but do log onto my accounts while connected to the VPN. Users like to torrent and stream unseen by their ISP or want protection from ddos if you use 3rd party communication software like Teamspeak.
The new email that the owner asked to be set to the account in this recovery request, is in itself suspicious, it has been used on 43 other RuneScape accounts
Sounds like OP was hijacked by a known hijacker that is overly familiar with jagex security protocols which seems more like a problem for you guys than a suspicion on OP.
EDIT: Since we have some idiots in here. At the end of the day. I don't want my account locked because I'm using a vpn to not be throttled or ddossed.
Just to clarify the VPN point - there is no issue at all with people using VPN's, and of course people do go on vacation, relocate for college, move home etc. - I was not trying to imply that these sort of moves cause us any concern.
When reviewing this case, the extensive logs ins from various countries just formed part of my assessment of the history of the account, it was also worth noting that all game play was fairly static, but the country variations only applied to web log ins.
It was a contextual observation, and I probably should have used the word 'unusual' rather then 'suspicious' - apologies if I unnerved any VPN users, sleep easy and 'Scape on, your use of VPN is not a concern :)
Just to clarify the VPN point - there is no issue at all with people using VPN's, and of course people do go on vacation, relocate for college, move home etc. - I was not trying to imply that these sort of moves cause us any concern.
When reviewing this case, the extensive logs ins from various countries just formed part of my assessment of the history of the account, it was also worth noting that all game play was fairly static, but the country variations only applied to web log ins.
It was a contextual observation, and I probably should have used the word 'unusual' rather then 'suspicious' - apologies if I unnerved any VPN users, sleep easy and 'Scape on, your use of VPN is not a concern :)
Needing to get a bunch of upvotes on Reddit to get an actual response from the support team? Big yikes from me.
Would you prefer we just ignored it? The user did contact support in the recommended way and we dealt with it in 19 minutes.
This is pure speculation, But the appeal that looks like the owner was probably sent from a reverse proxy. Identical IP as owners + email clearly owned by a hijacker or someone who buys stolen accounts in volume, telling us the owner is likely infected with a rat. Anyone with sense who cared about their account enough to make a reddit post wouldn't be stupid enough to recover it to an email they knew would be scrutinized and they apparently had 43 accounts on in the past.
My bet would be the hacker sends appeals using the victims IP to confirm recovery information before attempting to sell an account.
That is possible, if they also have a lot of info about the account. That is why I used a mixed voice in my comment, and stopped short of blatantly calling it.
I'm sorry to hear you've had this experience, the wealth that has been removed is not lost on me and I do genuinely appreciate the impact of this hijacking.
That said, there is significant evidence that you have been lapse with your account security. For a start, there have been web log ins on your account from 9 various different countries going back to at least 2015. These log ins cross over a number of password changes by the account owner, so it's not a simple case of one password being known, even when the owner changes the pass other countries are still logging in. You could be well travelled, or have a habit of using various VPN's on web access only - but I have to say it looks suspicious.
When you were 'hijacked' the 'hijacker' knew your log in and password, they also knew your recovery email address and the password for that and any 2FA you had on the email address. The account wasn't a malicious recovery via Jagex, the hijacker simply knew the details.
... Read more
devtrackers.gg