devtrackers.gg
Needing to get a bunch of upvotes on Reddit to get an actual response from the support team? Big yikes from me.
Would you prefer we just ignored it? The user did contact support in the recommended way and we dealt with it in 19 minutes.
Needing to get a bunch of upvotes on Reddit to get an actual response from the support team? Big yikes from me.
Would you prefer we just ignored it? The user did contact support in the recommended way and we dealt with it in 19 minutes.
This is pure speculation, But the appeal that looks like the owner was probably sent from a reverse proxy. Identical IP as owners + email clearly owned by a hijacker or someone who buys stolen accounts in volume, telling us the owner is likely infected with a rat. Anyone with sense who cared about their account enough to make a reddit post wouldn't be stupid enough to recover it to an email they knew would be scrutinized and they apparently had 43 accounts on in the past.
My bet would be the hacker sends appeals using the victims IP to confirm recovery information before attempting to sell an account.
That is possible, if they also have a lot of info about the account. That is why I used a mixed voice in my comment, and stopped short of blatantly calling it.
I'm sorry to hear you've had this experience, the wealth that has been removed is not lost on me and I do genuinely appreciate the impact of this hijacking.
That said, there is significant evidence that you have been lapse with your account security. For a start, there have been web log ins on your account from 9 various different countries going back to at least 2015. These log ins cross over a number of password changes by the account owner, so it's not a simple case of one password being known, even when the owner changes the pass other countries are still logging in. You could be well travelled, or have a habit of using various VPN's on web access only - but I have to say it looks suspicious.
When you were 'hijacked' the 'hijacker' knew your log in and password, they also knew your recovery email address and the password for that and any 2FA you had on the email address. The account wasn't a malicious recovery via Jagex, the hijacker simply knew the details.
... Read moreWhats funny is even if you bot or not your account still gets banned.
By that definition, every account would be banned and nobody would be playing ... errrm
Hey,
On face value it does look like our support team have responded to a gold seller. However, if you dig a little deeper it does make sense. The user has chosen a Twitter handle that implies they sell gold, we don't know if they do, it could be a joke - who knows?
What we do know is that the account posed a serious question and it seemed like they needed help. We had 2 choices here, ignore the message and risk someone not getting the help they need, or reply with the best advice and assume the handle naming was not serious. Certainly to pre-judge the user based on handle naming alone seems unfair - so we chose to offer the advice needed.
For clarity the original tweets (2) to us were:
"hey, needing help with unpaid balance, my account was recently taken over and it happened a few times in the past month but when I virus scan and even delete files I still don't know about I'm still getting screwed over and now I've received numerous emails sayi...
Read moreRead moreUPDATE 2I want to give a huge thank you to Mod SteveW for taking the time to look into this, and anybody else who took this seriously and tried to help, and making me feel like I did the right thing. I very much would have regretted ignoring this whole situation. I Hope the very best for the player in question.
UPDATE1 He logged back on and told me he said he loved me and that he almost killed himself... I'm going to do my best to keep in touch with him and make sure he doesn't do anything he would regret...
ORIGINAL POST He is even saying he will live stream it. I dunno if this guy is serious but he's telling me his best friend just commited suicide 3 hours ago and he is going to do the same thing to be with him... I've heard of mods calling police on players doing this before. i'd like the same to be done somehow or something please??? He just logged out not sure if he will log back in but i'll send pics of h...
Update: I was notified just before 3am today that the player we were concerned about had logged in again - a good indication that he/she is safe :)
This isn't a dig at you guys, you did a phenomenal job here, but I just want to point out that a lot could have happened in the 36 minutes it took to risk assess and escalate that report...is there a faster way to get someone at Jagex's attention? It sounds like the fastest way is to contact the police and have them email the lawcontact address. But I'm sure even that isn't monitored 24 hours is it?
It is monitored 24/7.
Would it not be prudent to have a way to specifically report high-risk situations like this?
I mean, the closest thing in the report rule-breaking interface is "breaking real-world laws".
That is the right route, response time for review on those reports is a few minutes
Thank you so much for responding. Had to go to bed due to work in the morning, just waking up now. At this point all I have is his rsn and the fact that he is in the military. I tried to get more info out of him, even went to him in game just to chat be with him but couldn't get more than the fact that his ptsd has been really bad and that he was having a really bad night.
An update would be great hopefully we get to find out he agree's to getting help or something. Thanks again for doing what you guys are doing, really going the extra mile like I knew you most likely would once this was noticed <3
Happy to help. I haven't heard back from the Police although it is common to not hear anything further. I have supplied them with all the info they need, although I am guessing they will need the cooperation of the ISP in the US to identify the user, unless the UK owner is able to identify them.
Having read the full chat logs, the good news is that I don't think the person is at great risk, as there is some additional context in their full chat logs that you won't have seen which is a bit more positive. That said, we obviously want to make sure all is well.
We've also sent some professional wellbeing advice and offers to access professional support channels in a message to the accounts inbox.
I've made arrangements for our law contact email channel to be checked every 10 minutes or so over the next 5 hours, just in case the Police get in touch - I also have someone refreshing game access logs to see if the person identified logs in again/reads the concern me...
Read moreHey
Did you report this incident in game ? If you did we will already be aware of it. If you didn't please call your local Police to report it. Tell them they can contact us for details on the player and chat logs if they need them by emailing [email protected], we will respond within a few minutes of receiving a genuine request.
You can also send your account name and the account name of the person who may be at risk to that email address in this situation.
Thanks
OK I can update on this - we received the report in game at 07:16 UK time this morning, it was risk assessed and escalated at 07:52.
The account belongs to a UK user but the incident relates to an American user the account is shared with, and we are now working with the UK and American Police to arrange a welfare intervention check.
We have 3 people working on this trying to identify the details of the person we are concerned about.
OP - if you have any information that may help us identify who the person is please do email [email protected] urgently.
Read moreUPDATE 2I want to give a huge thank you to Mod SteveW for taking the time to look into this, and anybody else who took this seriously and tried to help, and making me feel like I did the right thing. I very much would have regretted ignoring this whole situation. I Hope the very best for the player in question.
UPDATE1 He logged back on and told me he said he loved me and that he almost killed himself... I'm going to do my best to keep in touch with him and make sure he doesn't do anything he would regret...
ORIGINAL POST He is even saying he will live stream it. I dunno if this guy is serious but he's telling me his best friend just commited suicide 3 hours ago and he is going to do the same thing to be with him... I've heard of mods calling police on players doing this before. i'd like the same to be done somehow or something please??? He just logged out not sure if he will log back in but i'll send pics of h...
Hey
Did you report this incident in game ? If you did we will already be aware of it. If you didn't please call your local Police to report it. Tell them they can contact us for details on the player and chat logs if they need them by emailing [email protected], we will respond within a few minutes of receiving a genuine request.
You can also send your account name and the account name of the person who may be at risk to that email address in this situation.
Thanks
Dude could've bought 64 years worth of bonds with that money and gets 1 month membership as compensation.
Also while Jagex responded they somehow forgot to mention how the hijacker bypassed the pin. Hmmmmm.
Also while Jagex responded they somehow forgot to mention how the hijacker bypassed the pin. Hmmmmm.
I can't tell that, I can say that the hijacker had not logged in days before and begun a cool down, so they knew the PIN on the day they gained access, whether it was shown on stream, guessed, I don't know .. the info I can see on PINs is very limited
It amazes me that you guys can give people access to accounts like that.
I asked for my old account back where I had literally all the information available. I admitted to sharing the account with a friend back before it was openly accepted. I was told that they had enough proof that I had been playing on the account since creation and despite having all the correct information, I wasnt allowed to recover simply because the account wasn't registered by myself.
I fell out of contact with the friend who I created with and the account has been since lying dormant.
And they say it pays to be honest...
I wasnt allowed to recover simply because the account wasn't registered by myself
Unless I've misunderstood you, that is exactly how it should work, if you are not the account creator, you have no claim on the account?
Thank you so much. I just hope after my own recovery request they’re not able to consistently try to recover it with the previous information gathered. Once again, thank you so much for your effort in this situation. I can’t thank you enough for clearing this up, & I hope to have my account secure again. Much love
The cleaning of the account should ensure that malicious recovery is not possible again. If there is anything we can do to try and put a smile back on your face just let me know. I have added 1 month of membership to your account free of charge, I didn't mention that in my first post as I didn't want people to think I was attributing that value to your loss and I thought it would be a small 'pick me up surprise' for when you next log in.
Read moreUPDATE: My account seems to be in my hands again. THANK YOU so much to everyone in this subreddit who helped me with this situation even with a simple up vote, I don't know if this could have worked if it wasn't for your help. Just want to thank Mod Stevew for his effort in this, and for his awesome customer support on this thread. If anything else happens to my account I will update further, but for now it seems to be secure in my hands again. :)
Original Post: My username is Nelsi, & my account was recently hijacked today. They were able to recover the account somehow & were able to bypass using my email to gain access, & somehow have linked their email to the account through the recovery system. I have authenticator, pin, secure username, pass, never clicked any links etc.
I have checked my crystal math labs & it seems that they’re using my account to stake. I don’t care about the money I lost I just need help getting my account locked and returned safely. Any h...
Hi,
I've had a chance to look into this unfortunate situation. The first thing to get straight is that this has absolutely nothing to do with any staff misconduct or similar. This situation was caused by a very persistent, motivated person who was set on gaining access to the account.
They have obtained various pieces of key information relating to the account, likely over a period of several months, sufficient to submit a credible recovery request. Information included log in, creation date, creation ISP, creation location, postal code and some passwords - with some of this information stretching back over a number of years.
This person also attempted to mask the location that they were submitting the request from and make it appear that it was being submitted from the owners location. That doesn't fully work and we are able to spot it, but it does also mean that the owners location is known, as the hijacker knows where to try and make the request appear ...
Read moreVasilis is the account name. Thank you very much for your help in this, you have gone above and beyond in this matter.
ok all sorted you just need to set a new pass
it is not at the time, i made the account a member with a bond but it still does the same thing. click the link then sign in, then takes me to normal account page
OK I meant is the account a member rather than game access from a Bond - anyway ping me the account name and I'll take a look
After clicking the link and signing in it doesn't allow me to submit an appeal, just takes me to the account page.
Is the account a member?
Read moreI believe i was wrongfully perm muted roughly 3 years ago, immediately after buying 1 year of membership to save money, it was for severe website advertising which i cannot imagine myself doing. i appealed twice but was not reinstated or shown any proof of why i was muted. The website said it cannot show me evidence because they do not want to give away their detection methods. After being perm muted it made it hard to participate in the activities i enjoyed in the game like bossing with the clan i was apart of. every once and a while i would go come back to the account to try and play without the use of a chat but it just wasn't the same. i have spent more days than i care to admit on this account and frankly its very upsetting that this happened. over the past three years or so i would research how to get an account unmuted periodically, but never had any luck until i came across a Reddit post from about 7 months ago with someone describing my exact situation. ...
Here you go - Appeal a mute
Is it possible i can send a message from my account (OuntoNation) and you can pick it up? If so, where should I message? I realise this is my last chance to prove my case and I understand I will not pursue this any further after this case is finished, I just need one more chance to detail some events I have not disclosed on my Reddit post, if you can hear me out on this one occasion I would greatly appreciate it.
You can send a message, and mention me in it if you like - I struggle to see what you might say that could change anything but everyone deserves the chance to be heard of course.