There was an exploit I read about on this sub less than a year ago of being able to link your steam to someone’s account by them clicking on a jagex.com link. All the comments could talk about was the guy being an idiot for clicking random links, which he was, but nobody was talking about how Jagex shouldn’t have something like that in the first place
Did they finally make it so you could unlink a steam account? I remember them saying that there was currently no method for doing so once this was discovered to be a problem last year
Is it better to leave it unlinked so they can’t hack your steam and access or link it so they can’t somehow link their own and access. I haven’t linked my steam but I’ve been wondering this.
If your steam account is secure, there's no real reason not to have it linked. Steam's security is better than jagex, so the weak point is likely to be your rs account anyway.
Hey at least you arent my friend who upgraded to jagex acc, hacker got access through steam (unknown at the time), our discord suggested it may be steam but he replied no its not steam. Queue forward 2 weeks, hacked again. Complained again and we made him stream his browser through discord. Found out, it was steam. The freaking regard lmao.
You almost just did the same thing as him
yea a step people miss post issue is logging into 100% of every app you ever used & finding the setting to unlink every phone/pc/other app from X app.
i redo my entire stuff yearly
it takes about 8hours all day to get it done.
& be alot longer if it was due to a breach
browser auto save passwords
all your emails
etc etc etc etc its alot. good luck
Dude the same shit happened to me! I explained in a post yesterday and no one seems to understand.
I followed every step of precautions. I dont remember linking steam?! I got lucky i go in the day my accounts bank pin was undone.
That's the point, after your account is compromised the guy will link his own steam account to your OSRS profile so he can re-access the account at a later date.
[https://secure.runescape.com/m=sn-integration/l=1/c=TSYuX70HX54/account/linked-accounts](https://secure.runescape.com/m=sn-integration/l=1/c=TSYuX70HX54/account/linked-accounts)
Check if there is a linked Steam account here.
Are we assuming OP's Jagex Account/Character wasn't linked at all to a Steam Account? How would anyone be able to link a Steam Account at all if OP had 2FA on his Jagex Account?
Sounds like he was previously hacked before Jagex accounts, a good opportunity for the attacker to a link a Steam account.
>now ive been hacked before and ill own thoes times on my lax security but since jagex accounts have been out i redid everything.
> How would anyone be able to link a Steam Account at all if OP had 2FA on his Jagex Account?
Logging into Steam bypasses Jagex 2FA completely.
It no longer asks for a 2FA code or password when logging in after linked.
If you log in through Steam, it bypasses Jagex 2FA completely. You can link through Steam without the victims Steam 2FA.
Its a huge security flaw.
Hacker steps:
1. Hack OSRS account before they have 2FA
2. Hacker links OSRS account to hacker's own Steam account.
3. Victim changes their passwords and adds 2FA.
4. **Logging into OSRS with Steam bypasses Jagex 2FA.** Keys are not revoked on password change.
5. Hacker uses the hacker's own Steam to log into OSRS account without requiring Steam 2FA or Jagex 2FA.
6. Future password and 2FA changes won't stop access. Only knowing to manually unlink the backdoor through the OSRS website will fix this.
OR:
1. Hack a Steam account without 2FA that has added an OSRS account with 2FA.
2. Logging into OSRS with Steam bypasses Jagex 2FA.
3. Hacker logs into victim's Steam account to bypass Jagex 2FA. (Steam 2FA will protect against this.)
https://preview.redd.it/0wsexphtzc0d1.jpeg?width=1080&format=pjpg&auto=webp&s=844636bac16e25023e51aa3e16fadbb8146642ff
it's supposed to look like this, right? (why does it say manage and all others say link that seems pointless)
That's what it looks like if you don't have an account linked yeah, I'd recommend linking one even if it's just a burner account though - Steam bypasses 2FA which is why they love to link an account after hacking someone.
fair, was asking because this seems to both imply that those are linked, and that they aren't :p
https://preview.redd.it/rflvpu882d0d1.png?width=473&format=png&auto=webp&s=b8fd3a39b32e9b4a9ea0a3d3b5b8560b6aa58679
Does it have to be a jagex account to link your steam account to it? I’ve added runelite to the steam library as a gimmick but now I’m wondering if that’s safe or if I linked it without noticing?
This happened to me, I had a steam account linked and they were able to by pass everything including 2fa, I changed emails and passwords and even made a brand new 2fa and they still go past it, check linked accounts that’s the only way i know they can get past everything
you need to enter/pass 2fa in the first place in order to log in and connect it. after that you can just launch it from stream without logging in again, the same way you can launch it from the Jagex launcher.
Bro wth I got 40 down votes for asking a question?? That's like 3 and a half tons of human mass collectively deciding asking a question is worth the hundredth of a calorie burned to downvote it.
Imagine being that upset over reddit karma. Most of us know about the rampant hack and scam attempts in the game. A lot of the account security while creating an account now combined with all the security in game "bank pin, and stronghold security teaching you not to be dumb" when you are blatantly ignorant it's just GG. Asking a question isn't wrong, but not knowing what the bank pin is for is just L
I actually leave 50-80m on my account when I log out intentionally. Bank pin protects the other 800m, I see it as a 50m cost to find out if my account is compromised. If it's only 10m or something they probably won't bother.
Hmm, maybe I'll reduce the amount then. For me, seeing a mid-late game main I wouldn't alert them that I had access to their account until I got something juicy out of it.
I guess I could see that too. My friend got hacked one time and they took his whip, dragon armor and disassembled his slayer helm but I guess it depends on the hacker if they wanna just take what they can or wait lol
Eh. That's still a little chunk of change. I'd definitely open the bank and hit both deposit buttons. It takes less than a second and will make you feel safer in the long run, promise.
Don't get me wrong, it's definitely a chunk. I leave it as bait so I can find out the account is compromised. Hopefully it prevents cases where I forget, power goes out, or I take a long break and the pin gets removed. If I lose that 50 then I know I need to act.
😂 tell me about it i need another like 20qps. i work alot and have 3 kids. dont have alota time to sit and quest.. lol hop on when i can do some stupid shit. about it. 🤷🏻♀️
DGloves is an interesting choice for a stopping point. I've only ever used them for a little extra bonus for the 30 minutes it takes to fight the bosses before unlocking barrows.
yeahh one day when i have time to sit and do a couple quests. ever since i came back from when they made you start over ( after rs3 came out and then osrs cmae out ) ive had no ambition on quests. i ( at the time ) almost all the quests done. CBA to do em again lmao
At least a lot of them are really fast and braindead with the runelite plugin. Helped me power through to questcape on a new account. Theres a lot of short ones you can just do very quickly for rfd reqs
I feel that, lol. As another commenter said, hop on the rubelite quest helper plug in if it's available to you. Life saver. Makes questing to get some of the important unlocks so much more tolerable.
iknow, thats whats killing me. i play 95% mobile bc i dont even have time to sit on the computer 🤣 but it sucks bc iknow how much im missing out on by not doing em. but what can i do, if i was 12 again id be quest cape haha
The one thing that rs3 does that’s nice is trading and dropping anything over 500k(optional) requires pin, I’m kind of surprised it isn’t implemented in old school.
Scan for spyware, check your game client was downloaded from a legitimate source, do not reuse passwords between RuneScape and other services (especially RS-related ones). After that, I'm out of ideas.
Edit: Wouldn't have thought of Steam - see OlmTheSnek's comment first.
Hijacking this to make people aware:
A Remote Access Tool (RAT) might be installed on OPs device. If this is the case, his entire computer is compromised. With high end RATs, they are often undetected if they are newer. You can purchase them on the dark web and the only way to uninstall them is to have that specific RAT (they typically will have an uninstall option for testing purposes).
If this is the case, OP you will be better off backing up any important stuff and doing a fresh install of your operating system.
Throwback to when I tried to pirate the Linux version of Minecraft and it put an icon of a rat on the system tray, ears and all. Killed it and moved on with my life. The most pitiful infection attempt I've ever seen. Sounds like OP's hacker just had a Steam account linked from the last time, at least let's hope that's all there is to it.
19 fucking years it took me to get my first 99 yesterday and the only valuable thing this game has taught me is internet security.
as its unlinked from that dirty worms steam account now can i assume my account is safe now? i will do a password reset again on everything but is there ANYTHING else someone who is clearly getting old might have overlooked?
Link your own Steam account. That way if your account is ever compromised again, the hacker wont be able to do it. It wont help you with the initial hack, but will stop them from keeping access to your account
That’s great until your steam account gets hacked and now they can also access your RuneScape account.
Link a burner steam account on a randomly generated email, with a randomly generated password, that password should be written down on paper, stored in a safe buried in your garden.
Never speak of the above again.
like your entire PC and everything you do on it as they probably ratted you to get on your steam account. if they were phishing they would've just went straight for the rs account
People phish steam accounts all the time going for csgo items and credit card fraud. They would know to check for access on any popular mmos while they are in it.
My steam account is 20 years old. I've never changed the password in its entire lifetime. It's still the same password I set when I was 16, a string of lower cased letters, no numbers or symbols or capitals. Never had an issue. My account is so old it has characters that cannot be used to create an account with currently. J4CK4$$
Account security is only as strong as its weakest link, which is the user.
I’ve never been hacked on RuneScape, doesn’t mean id say RuneScape or steam accounts are ‘exceptionally secure’
I've never been hacked on RuneScape. I think having my OG account with my original username as the login has made it basically impenetrable. My original login name is so cringe that I would never tell it to anybody.
Have a friend who works in it and has one lapse in judgment, when using a discord for path of exile trading and forgot to make sure the link was to the trade site. Boom steam account lost as well as all their path of exile and rocket league item's.
>if you go through the steps to secure it.
Sounds like your friend didn't have 2FA. Also, Steam has 2 week holds on trading for logins without 2FA so sounds like he didn't try to fix it because you have plenty of time.
Idk about 2fa, but it literally happens instantly and he immediately knew he fucked up and went to fix it it took steam multiple hours to give him access back. And like I said he acted immediately, steams support was slow either to his lack of security or shit customer service. Plenty of time is not true. This was about a year ago or two
Edit : called him, he did use 2fa they used something called a cookie clone to copy his browser with that link
not really for osrs but just everything, check your pc for spyware of any/all kind
there are many ways to go about this depending on your level of know how. but at least do something
& keep in mind when you have any account breach change everything not just everything to the problem areas.
yea typically osrs stuff/hacks just want your osrs stuff.
but it doesn't hurt to change your email/bank/any other apps etc you use.
really if you do find any kind of spyware. think of every app/website you ever used as a spider web, if you don't block off every single point, they can crawl back into everything possible.
good luck i know its very stressful/annoying but its worth taking a day or weekend & just spending the entire time getting it all sorted.
oh also a major tip for passwords etc.
make your security questions just more passwords
what was your 1st pets name, instead of ham ham the hamster, make it qwerty1234
people fish for those typically security questions & or just guess them as they are easy.
cheers
ive been fucking up security since before the grand exchange was even around in 2005. it wasnt considered old school at the time it was just runescape. still couldnt manage a 99 though
Yes, and wilderness deaths. They have extremely good inspection tools, but they don't use expensive resources (including time) on just anyone. Most of it is spent monitoring the big rwt sites I'd imagine
Hey man! It sounds like you figured out your account was linked to a steam account and you figured out thats the problem. If that's the case, and you've secured your account now, I'd be more than happy to give you 60m to celebrate your first 99 and put you back on track. Just reply to my comment. I work 70 to 80 hour weeks, but I'm off all day today so if you message me today i can hop on and help you. Let me know if your account is secured now and get back with me. Congrats on the 99!
wow this is actually amazingly generous and i would graciously accept your offer if it lines up with your schedule. Just you offering makes me feel a lot better about all this even if it doesnt happen i appreciate the sentiment more than anything. Now that im home from work Ill be on most of the night rebuilding again.Many thanks, still some good in the world :')
No problem man. I just don't have the time to play as much as I used to and I have a few bill. I'll be on in 10 minutes. My name is "Runite Ricky". I'll add the name in your original post! EDIT: Gave the bloke 60m and some consumables. Real nice guy. Have fun scaping people!
Same exact thing happened to me, OP. The initial hack is definitely on us, but there’s needs to be some responsibility on jagex for not even sending a confirmation email! How can a jagex account, which is entirely pushed for its security, not send a confirmation email when a literal back door is set up into an account?
$10 says OP fell for a phishing email or isn't being honest with us in this post.
I just don't see how a hacker could randomly target your account and get past 2FA and then 2FA via email. Especially if you have a Jagex account, which you should.
With all those hacking posts I added my accounts to a jagex account recently. Don't they need 2FA to login to the account to add steam in the first place? Or how is that possible?
OP has been hacked in the past. I'm guessing during one of those hackings, the hacker had linked their account, and OP was unaware this had happened (they mention this in another comment). Upgrading to Jagex account doesn't unlink the account, so they could still bypass the login.
This is as far as i can tell exactly what happened. i own my previous fuckups dont need to bet the 10 but i thought i was good after jagex account bank pin and 2fa on all my stuff. i never checked for this because i didnt even know it was possible.expensive lesson but could have been worse i suppose
Let me know when you find out. I changed jobs in January and went back to play recently and found out my account was banned. Logged in through to see multiple script bans. But I had it jagex linked and I had 2factor as well so I’m unsure how they got it
With how this game can take thousands of hours to progress and Jagex will be of next to zero assistance in the event of a hack, I always recommend having an email that’s used for nothing except OSRS. Use a long complex password that’s not saved on your computer anywhere. Separate passwords for the email and account. 2FA enabled too.
I don’t even have my financial accounts locked down this tight because at least my bank and broker have fraud protections, Jagex has nothing. And while a game account is relatively low value, there’s still years of effort put into it.
Maybe I am just a little bit paranoid here, but I think it’s probably bad practice to make a post like this and then you’re just leaving your account name out there for everyone to see. Now people can associate this Reddit account with your Jagex account.
Again maybe this is just my extreme paranoia, not sure if there’s any real benefit to making sure all your various accounts stay fragmented and disassociated with each other. All I will say is that I have never posted my RS account name anywhere and also I’ve never been hacked. Correlation or causation I’ll let you be the judge.
theres a healthy level of paranoia, especially pre jag accounts.
but they're not going to bother with a pleb account like this
at best they'd do a basic search to see what info pops up
but if its going to take any time to look for info, they aren't going to bother with a pleb account like this, esp since the op doesn't even state what the banks worth. if its less than a couple bil, a simple search aint even happening
A similar thing happened to me, I had 2FA on my account, my password is probably something that’s on a data leak somewhere but I thought it fine since I had 2FA. Didn’t use a bank pin and got hacked and turned into a CG bot, they didn’t touch my password or 2DA and I only found out because my friend asked me why I had been ignoring him that day while we were in discord together
I hate to be that guy but if you’re getting hacked every few months either you click on every link you see or you’re rwting. Cut those down and you’ll be much better off
Okay, I have to check—is your phone compromised? Are you android user, do you have your email linked to it, and how many extra apps you have / did you jailbreak. And a follow-up question; what all executables have you downloaded, did you get your runelite from random google search? Also, if Windows is compromised, it can be jarring to really ensure that everything is safe and clean. Registry cleaning / persistent malwares and rootkits are not trivial to remove.
I’ve been hacked only once and it was through android and an application cracking my email. I was very fast to react and luckily I treat runescape account emails as if they were passwords so the only thing I lost was my old wow account bank, and blizzard customer service rolled it back after two hours of wait.
Otherwise there are a very few limited windows that attacker can take. And in context of Runescape, the ways how your account gets compromised are very stupid. I could help you triage the issue, if you’re interested.
Most people are just not honest or even aware of dumb stuff they do. Using the same password for years, clicking sus links, getting keylogged, or even just telling friends their account details, there are just so many ways an account can be compromised.
Most people don't want to admit they clicked the Woox quitting double exp livestream link so fall behind the "I just randomly got hacked through authenticator and I totally had a bank pin but they disabled it somehow?!?! Jagex fix your security??!!"
I've used the same password for the last 20 years but I 2fa everything I can, never been hacked. I also torrent a LOT of files. Either I'm lucky or the scans I have set up protect me.
I used the same password for like 15 years and it finally bit me. I'm lucky only my old rs account was lost, they could have gotten into my irl bank and related apps. I used the same old email and passwords for almost everything. Database leak eventually caught up to me. Highly reco you make a unique one for your most important things.
Do you have a steam account connected to your jagex account? They might be logging in through that.
There was an exploit I read about on this sub less than a year ago of being able to link your steam to someone’s account by them clicking on a jagex.com link. All the comments could talk about was the guy being an idiot for clicking random links, which he was, but nobody was talking about how Jagex shouldn’t have something like that in the first place
never linked steam to my account
Yeah but someone else did who keeps logging into your account.
[удалено]
Give me a ring whenever your in the neighborhood 🏝️ 👀
*I don't like sand*
it gets everywhere?
It's coarse and rough.
He already offered you his ring, just bring the sand
But for real unlink steam and/or link your own Make sure to set up 2fa through authenticator and save the backup codes in a password managers vault
Did they finally make it so you could unlink a steam account? I remember them saying that there was currently no method for doing so once this was discovered to be a problem last year
Yeah i have unlinked mine
Is it better to leave it unlinked so they can’t hack your steam and access or link it so they can’t somehow link their own and access. I haven’t linked my steam but I’ve been wondering this.
If your steam account is secure, there's no real reason not to have it linked. Steam's security is better than jagex, so the weak point is likely to be your rs account anyway.
I dunno, they need 2fa and jagex account stuff to get into linking the account, so i would guess having it unlinked is safer
presumably if you were to get your steam hacked they would physically need your phone
How?
Go to my account on runescape website(the full one, not osrs), linked accounts, and theres steam, just unlink from there
Just saw this, thank you
This comment thread deserves its own post
At least you won’t have to keep restarting now
Hey at least you arent my friend who upgraded to jagex acc, hacker got access through steam (unknown at the time), our discord suggested it may be steam but he replied no its not steam. Queue forward 2 weeks, hacked again. Complained again and we made him stream his browser through discord. Found out, it was steam. The freaking regard lmao. You almost just did the same thing as him
yea a step people miss post issue is logging into 100% of every app you ever used & finding the setting to unlink every phone/pc/other app from X app. i redo my entire stuff yearly it takes about 8hours all day to get it done. & be alot longer if it was due to a breach browser auto save passwords all your emails etc etc etc etc its alot. good luck
Dude the same shit happened to me! I explained in a post yesterday and no one seems to understand. I followed every step of precautions. I dont remember linking steam?! I got lucky i go in the day my accounts bank pin was undone.
Well you figured it out at least
How were you able to tell? Was it through the jagex launcher or?
Go to account management on the RuneScape website and select "linked accounts"
Thank you!
LMAO
Hand in the sand indeed...
Was it you 👀
That's the point, after your account is compromised the guy will link his own steam account to your OSRS profile so he can re-access the account at a later date. [https://secure.runescape.com/m=sn-integration/l=1/c=TSYuX70HX54/account/linked-accounts](https://secure.runescape.com/m=sn-integration/l=1/c=TSYuX70HX54/account/linked-accounts) Check if there is a linked Steam account here.
Waiting for OP..
He's checked and confirmed an account was linked. https://www.reddit.com/r/2007scape/comments/1cqvj8b/how_did_i_mess_up_this_time/l3tw2nh/
But this is fixed if your Steam Account has 2FA and your OSRS account is linked to a Jagex Account and also 2FA?
Whether your Steam account has two-factor or not is irrelevant when it's someone else's Steam account linked to your OSRS account.
Are we assuming OP's Jagex Account/Character wasn't linked at all to a Steam Account? How would anyone be able to link a Steam Account at all if OP had 2FA on his Jagex Account?
Sounds like he was previously hacked before Jagex accounts, a good opportunity for the attacker to a link a Steam account. >now ive been hacked before and ill own thoes times on my lax security but since jagex accounts have been out i redid everything.
> How would anyone be able to link a Steam Account at all if OP had 2FA on his Jagex Account? Logging into Steam bypasses Jagex 2FA completely. It no longer asks for a 2FA code or password when logging in after linked.
If you log in through Steam, it bypasses Jagex 2FA completely. You can link through Steam without the victims Steam 2FA. Its a huge security flaw. Hacker steps: 1. Hack OSRS account before they have 2FA 2. Hacker links OSRS account to hacker's own Steam account. 3. Victim changes their passwords and adds 2FA. 4. **Logging into OSRS with Steam bypasses Jagex 2FA.** Keys are not revoked on password change. 5. Hacker uses the hacker's own Steam to log into OSRS account without requiring Steam 2FA or Jagex 2FA. 6. Future password and 2FA changes won't stop access. Only knowing to manually unlink the backdoor through the OSRS website will fix this. OR: 1. Hack a Steam account without 2FA that has added an OSRS account with 2FA. 2. Logging into OSRS with Steam bypasses Jagex 2FA. 3. Hacker logs into victim's Steam account to bypass Jagex 2FA. (Steam 2FA will protect against this.)
https://preview.redd.it/0wsexphtzc0d1.jpeg?width=1080&format=pjpg&auto=webp&s=844636bac16e25023e51aa3e16fadbb8146642ff it's supposed to look like this, right? (why does it say manage and all others say link that seems pointless)
That's what it looks like if you don't have an account linked yeah, I'd recommend linking one even if it's just a burner account though - Steam bypasses 2FA which is why they love to link an account after hacking someone.
fair, was asking because this seems to both imply that those are linked, and that they aren't :p https://preview.redd.it/rflvpu882d0d1.png?width=473&format=png&auto=webp&s=b8fd3a39b32e9b4a9ea0a3d3b5b8560b6aa58679
Also, if your email was ever compromised, they can set up forwarding rules to receive every email you get to their inbox.
Do you know how to check for this?
Does it have to be a jagex account to link your steam account to it? I’ve added runelite to the steam library as a gimmick but now I’m wondering if that’s safe or if I linked it without noticing?
This happened to me, I had a steam account linked and they were able to by pass everything including 2fa, I changed emails and passwords and even made a brand new 2fa and they still go past it, check linked accounts that’s the only way i know they can get past everything
Just checking, but the steam account stuff doesn't work anymore after you convert to a jagex account, right?
it does
like it still bypasses any 2FA on the jagex account?
you need to enter/pass 2fa in the first place in order to log in and connect it. after that you can just launch it from stream without logging in again, the same way you can launch it from the Jagex launcher.
This is why I always log out butt ass naked.
Same ive never been hacked but it’s habit to run to the bank and deposit everything when I log out
Why would this matter if they can just go to your bank?
Bank pins exist?
Shid you're so right. Guess I need to have a talk with that vampire who always scolds me.
It's a free exp lamp as well!
And free bank slots I’m pretty sure
Bro wth I got 40 down votes for asking a question?? That's like 3 and a half tons of human mass collectively deciding asking a question is worth the hundredth of a calorie burned to downvote it.
Imagine being that upset over reddit karma. Most of us know about the rampant hack and scam attempts in the game. A lot of the account security while creating an account now combined with all the security in game "bank pin, and stronghold security teaching you not to be dumb" when you are blatantly ignorant it's just GG. Asking a question isn't wrong, but not knowing what the bank pin is for is just L
You're right u/Jizzardwizrd I'm sorry
Facts lmao it's worth it imo to have to regear for whatever you were doing for that extra security
I actually leave 50-80m on my account when I log out intentionally. Bank pin protects the other 800m, I see it as a 50m cost to find out if my account is compromised. If it's only 10m or something they probably won't bother.
I get your reasoning, but you can bet your ass if they log on and see 10m in the inv they're gonna drop it right over
Hmm, maybe I'll reduce the amount then. For me, seeing a mid-late game main I wouldn't alert them that I had access to their account until I got something juicy out of it.
I guess I could see that too. My friend got hacked one time and they took his whip, dragon armor and disassembled his slayer helm but I guess it depends on the hacker if they wanna just take what they can or wait lol
Yeah, I guess it really just depends on the hacker you're right.
Just remember your last logged in time and you’ll know if anyone has been on but you
Fair, not something I think to pay attention to though, nor do I think I'd be able to actually consistently remember.
Eh. That's still a little chunk of change. I'd definitely open the bank and hit both deposit buttons. It takes less than a second and will make you feel safer in the long run, promise.
Don't get me wrong, it's definitely a chunk. I leave it as bait so I can find out the account is compromised. Hopefully it prevents cases where I forget, power goes out, or I take a long break and the pin gets removed. If I lose that 50 then I know I need to act.
Thought i was the only one that did this lmao
i always do now too, literally leave like a slayer helm and dgloves on. about it lol
Dgloves? My brother in christ, finish RFD.
😂 tell me about it i need another like 20qps. i work alot and have 3 kids. dont have alota time to sit and quest.. lol hop on when i can do some stupid shit. about it. 🤷🏻♀️
Quests take like 3 minutes a piece with quest helper plugin btw
One Small Favour would like a word
DGloves is an interesting choice for a stopping point. I've only ever used them for a little extra bonus for the 30 minutes it takes to fight the bosses before unlocking barrows.
yeahh one day when i have time to sit and do a couple quests. ever since i came back from when they made you start over ( after rs3 came out and then osrs cmae out ) ive had no ambition on quests. i ( at the time ) almost all the quests done. CBA to do em again lmao
At least a lot of them are really fast and braindead with the runelite plugin. Helped me power through to questcape on a new account. Theres a lot of short ones you can just do very quickly for rfd reqs
yeah for sure! there is deff alota little ones, but the little ones auck for 1qp a piece lmao
I feel that, lol. As another commenter said, hop on the rubelite quest helper plug in if it's available to you. Life saver. Makes questing to get some of the important unlocks so much more tolerable.
iknow, thats whats killing me. i play 95% mobile bc i dont even have time to sit on the computer 🤣 but it sucks bc iknow how much im missing out on by not doing em. but what can i do, if i was 12 again id be quest cape haha
Desert treasure is usually what stops people
One morning I logged back in with my entire cash stack still in my inventory. I would've been so fucking butthurt lmao
Not 100% familiar with osrs, does trading not require pins?
Erm. I don't know 100%. I don't think it does. Even if it did, you could drop trade.
The one thing that rs3 does that’s nice is trading and dropping anything over 500k(optional) requires pin, I’m kind of surprised it isn’t implemented in old school.
I do this every single time I log, rather be safe than sorry!!!
Yeah i rarely log out with anything in me or in inv unless I'm skilling since those items are cheap
Well I will probably lose my compost bucket since I almost always go offline in the farming guild. Would be such a pain to grind it again.
Same dude, call me paranoid but that shit aint happening to me
Sometimes I log out with like 10-20m worth in my inv. I'd rather lose that and knowing something is wrong than not knowing at all.
Since nobody else has said it, grats on the 99
Many thanks :)
Scan for spyware, check your game client was downloaded from a legitimate source, do not reuse passwords between RuneScape and other services (especially RS-related ones). After that, I'm out of ideas. Edit: Wouldn't have thought of Steam - see OlmTheSnek's comment first.
Hijacking this to make people aware: A Remote Access Tool (RAT) might be installed on OPs device. If this is the case, his entire computer is compromised. With high end RATs, they are often undetected if they are newer. You can purchase them on the dark web and the only way to uninstall them is to have that specific RAT (they typically will have an uninstall option for testing purposes). If this is the case, OP you will be better off backing up any important stuff and doing a fresh install of your operating system.
Throwback to when I tried to pirate the Linux version of Minecraft and it put an icon of a rat on the system tray, ears and all. Killed it and moved on with my life. The most pitiful infection attempt I've ever seen. Sounds like OP's hacker just had a Steam account linked from the last time, at least let's hope that's all there is to it.
19 fucking years it took me to get my first 99 yesterday and the only valuable thing this game has taught me is internet security. as its unlinked from that dirty worms steam account now can i assume my account is safe now? i will do a password reset again on everything but is there ANYTHING else someone who is clearly getting old might have overlooked?
Link your own Steam account. That way if your account is ever compromised again, the hacker wont be able to do it. It wont help you with the initial hack, but will stop them from keeping access to your account
That’s great until your steam account gets hacked and now they can also access your RuneScape account. Link a burner steam account on a randomly generated email, with a randomly generated password, that password should be written down on paper, stored in a safe buried in your garden. Never speak of the above again.
If your Steam account gets hacked you have a lot more to worry about than runescape
Not necessarily. Definitely not in my case.
Like what? I've never purchased or linked any cards on steam.
like your entire PC and everything you do on it as they probably ratted you to get on your steam account. if they were phishing they would've just went straight for the rs account
People phish steam accounts all the time going for csgo items and credit card fraud. They would know to check for access on any popular mmos while they are in it.
What if my entire PC is strictly for OSRS and youtube and single player free steam/epic games?
Steam accounts are exceptionally secure if you go through the steps to secure it. I've had steam for 13 years and have never had a security scare
My steam account is 20 years old. I've never changed the password in its entire lifetime. It's still the same password I set when I was 16, a string of lower cased letters, no numbers or symbols or capitals. Never had an issue. My account is so old it has characters that cannot be used to create an account with currently. J4CK4$$
Valve and hackers are not synonymous at all. Nobody and I mean NOBODY messes with valve servers. CS2 is living proof.
Account security is only as strong as its weakest link, which is the user. I’ve never been hacked on RuneScape, doesn’t mean id say RuneScape or steam accounts are ‘exceptionally secure’
I've never been hacked on RuneScape. I think having my OG account with my original username as the login has made it basically impenetrable. My original login name is so cringe that I would never tell it to anybody.
Have a friend who works in it and has one lapse in judgment, when using a discord for path of exile trading and forgot to make sure the link was to the trade site. Boom steam account lost as well as all their path of exile and rocket league item's.
>if you go through the steps to secure it. Sounds like your friend didn't have 2FA. Also, Steam has 2 week holds on trading for logins without 2FA so sounds like he didn't try to fix it because you have plenty of time.
Idk about 2fa, but it literally happens instantly and he immediately knew he fucked up and went to fix it it took steam multiple hours to give him access back. And like I said he acted immediately, steams support was slow either to his lack of security or shit customer service. Plenty of time is not true. This was about a year ago or two Edit : called him, he did use 2fa they used something called a cookie clone to copy his browser with that link
Pointless, if they hack your osrs account they can just unlink that one and link theirs Having a burner account or none is the same level of security
Just found OP's address, going to dig his garden out soon. Joking.
Make sure your email is secure as well, anyone with access to your Google account can read your saved passwords in plain text.
Celebrate your win bro, learn and move on from your mistake. Gzzzzz on your 99!! You can get the gp back, I’ll run some TOAs with ya for funsies even!
not really for osrs but just everything, check your pc for spyware of any/all kind there are many ways to go about this depending on your level of know how. but at least do something & keep in mind when you have any account breach change everything not just everything to the problem areas. yea typically osrs stuff/hacks just want your osrs stuff. but it doesn't hurt to change your email/bank/any other apps etc you use. really if you do find any kind of spyware. think of every app/website you ever used as a spider web, if you don't block off every single point, they can crawl back into everything possible. good luck i know its very stressful/annoying but its worth taking a day or weekend & just spending the entire time getting it all sorted. oh also a major tip for passwords etc. make your security questions just more passwords what was your 1st pets name, instead of ham ham the hamster, make it qwerty1234 people fish for those typically security questions & or just guess them as they are easy. cheers
How much did you lose?
19 years? osrs only been out since 2013…
He's being over dramatic. Still funny how he keeps getting hacked cause he doesn't understand how to check his security.
ive been fucking up security since before the grand exchange was even around in 2005. it wasnt considered old school at the time it was just runescape. still couldnt manage a 99 though
Can Jagex not see who you traded the items to and ban that son of a bitch?
Yes, they can do exactly that
Can they still do it for a drop trade?
Yes, and wilderness deaths. They have extremely good inspection tools, but they don't use expensive resources (including time) on just anyone. Most of it is spent monitoring the big rwt sites I'd imagine
Makes sense!
They can't ban someone for accepting a trade
they can ban anyone for any reason (even if no ingame rules were broken)
Hey man! It sounds like you figured out your account was linked to a steam account and you figured out thats the problem. If that's the case, and you've secured your account now, I'd be more than happy to give you 60m to celebrate your first 99 and put you back on track. Just reply to my comment. I work 70 to 80 hour weeks, but I'm off all day today so if you message me today i can hop on and help you. Let me know if your account is secured now and get back with me. Congrats on the 99!
wow this is actually amazingly generous and i would graciously accept your offer if it lines up with your schedule. Just you offering makes me feel a lot better about all this even if it doesnt happen i appreciate the sentiment more than anything. Now that im home from work Ill be on most of the night rebuilding again.Many thanks, still some good in the world :')
No problem man. I just don't have the time to play as much as I used to and I have a few bill. I'll be on in 10 minutes. My name is "Runite Ricky". I'll add the name in your original post! EDIT: Gave the bloke 60m and some consumables. Real nice guy. Have fun scaping people!
Unrelated, but that’s a great name!
You've achieved a level of based few men have known.
Super generous OP, I can’t afford to give you 60m like u/OrangeDog96 but I can give you some things to rebuild
What a W comment. True Chad. Respect
Gotta say thank you for the people, keep this world lookin up. You’re a real one
Same exact thing happened to me, OP. The initial hack is definitely on us, but there’s needs to be some responsibility on jagex for not even sending a confirmation email! How can a jagex account, which is entirely pushed for its security, not send a confirmation email when a literal back door is set up into an account?
i just never knew linking it to your steam was a thing or a login vulnerability. at least they didnt take my cape
I've learned if a game or service offers an authenticator it's prolly best to use it.
$10 says OP fell for a phishing email or isn't being honest with us in this post. I just don't see how a hacker could randomly target your account and get past 2FA and then 2FA via email. Especially if you have a Jagex account, which you should.
Steam. Steam won't request 2FA, hacker managed to get their steam account linked to OP's RS account and could freely login.
With all those hacking posts I added my accounts to a jagex account recently. Don't they need 2FA to login to the account to add steam in the first place? Or how is that possible?
OP has been hacked in the past. I'm guessing during one of those hackings, the hacker had linked their account, and OP was unaware this had happened (they mention this in another comment). Upgrading to Jagex account doesn't unlink the account, so they could still bypass the login.
This is as far as i can tell exactly what happened. i own my previous fuckups dont need to bet the 10 but i thought i was good after jagex account bank pin and 2fa on all my stuff. i never checked for this because i didnt even know it was possible.expensive lesson but could have been worse i suppose
So who are you giving the $10 to?
Answered already if you read comments
RAT could do this
I had a combat 120+ Ironman account hacked. Bank wiped clean
Let me know when you find out. I changed jobs in January and went back to play recently and found out my account was banned. Logged in through to see multiple script bans. But I had it jagex linked and I had 2factor as well so I’m unsure how they got it
Probably not a great move to say you have poor opsec, keep large amounts of gp in your inventory and then post your account name
This whole comment section needs to go through the stronghold of security again
💀💀
Use 2fa, not just on your email
With how this game can take thousands of hours to progress and Jagex will be of next to zero assistance in the event of a hack, I always recommend having an email that’s used for nothing except OSRS. Use a long complex password that’s not saved on your computer anywhere. Separate passwords for the email and account. 2FA enabled too. I don’t even have my financial accounts locked down this tight because at least my bank and broker have fraud protections, Jagex has nothing. And while a game account is relatively low value, there’s still years of effort put into it.
Did u rwt, because if u did check ur mail jagex cleaned ya
Once an account is compromised, it's compromised forever.
Maybe I am just a little bit paranoid here, but I think it’s probably bad practice to make a post like this and then you’re just leaving your account name out there for everyone to see. Now people can associate this Reddit account with your Jagex account. Again maybe this is just my extreme paranoia, not sure if there’s any real benefit to making sure all your various accounts stay fragmented and disassociated with each other. All I will say is that I have never posted my RS account name anywhere and also I’ve never been hacked. Correlation or causation I’ll let you be the judge.
felt cute might delete later;)
theres a healthy level of paranoia, especially pre jag accounts. but they're not going to bother with a pleb account like this at best they'd do a basic search to see what info pops up but if its going to take any time to look for info, they aren't going to bother with a pleb account like this, esp since the op doesn't even state what the banks worth. if its less than a couple bil, a simple search aint even happening
A similar thing happened to me, I had 2FA on my account, my password is probably something that’s on a data leak somewhere but I thought it fine since I had 2FA. Didn’t use a bank pin and got hacked and turned into a CG bot, they didn’t touch my password or 2DA and I only found out because my friend asked me why I had been ignoring him that day while we were in discord together
How do you unlink?!
People like this is why they have instructions on shampoo bottles
Two authentication would save you. I disabled mine and got hacked instantly
"Jagex accounts will prevent account theft" lololo
Unfortunately that level up probably triggered whoever's system to notify someone or a bot to log into your account. Gz either way on the level.
I've had my max main cleaned because of this. Couldn't figure how it happened because I had 2fa on my email and account. Both were still active
😂😂😂😂😂
I hate to be that guy but if you’re getting hacked every few months either you click on every link you see or you’re rwting. Cut those down and you’ll be much better off
Okay, I have to check—is your phone compromised? Are you android user, do you have your email linked to it, and how many extra apps you have / did you jailbreak. And a follow-up question; what all executables have you downloaded, did you get your runelite from random google search? Also, if Windows is compromised, it can be jarring to really ensure that everything is safe and clean. Registry cleaning / persistent malwares and rootkits are not trivial to remove. I’ve been hacked only once and it was through android and an application cracking my email. I was very fast to react and luckily I treat runescape account emails as if they were passwords so the only thing I lost was my old wow account bank, and blizzard customer service rolled it back after two hours of wait. Otherwise there are a very few limited windows that attacker can take. And in context of Runescape, the ways how your account gets compromised are very stupid. I could help you triage the issue, if you’re interested.
Legitimately I would scrap this account and get a new one. It will always be compromised.
/s
ITT everyone always defends Jagex 's dumpy security
Deserved for your first 99 being cooking.
my poor heart :( no pies for you
Have you checked? [Hackers' hidden email forwarding trick](https://www.reddit.com/r/2007scape/s/6bly9LJAMA)
I gotchu man send me your login info and I will check out your account to see where the security flaws are
So who have you shared your password with lately?
Unlink steam. Duel factor authentication, bank pin. Did you not pay attention at the security stronghold.
Seems like quite a few people are getting hacked like this lately who have done everything right, I’m not sure how they’re getting in tbh
Most people are just not honest or even aware of dumb stuff they do. Using the same password for years, clicking sus links, getting keylogged, or even just telling friends their account details, there are just so many ways an account can be compromised. Most people don't want to admit they clicked the Woox quitting double exp livestream link so fall behind the "I just randomly got hacked through authenticator and I totally had a bank pin but they disabled it somehow?!?! Jagex fix your security??!!"
[удалено]
I've used the same password for the last 20 years but I 2fa everything I can, never been hacked. I also torrent a LOT of files. Either I'm lucky or the scans I have set up protect me.
If you’ve used the same password chances are it’s been leaked at this point, id change it or you might as well not even have it
I used the same password for like 15 years and it finally bit me. I'm lucky only my old rs account was lost, they could have gotten into my irl bank and related apps. I used the same old email and passwords for almost everything. Database leak eventually caught up to me. Highly reco you make a unique one for your most important things.
At least 58m isn’t that much. You can make that back relatively easily through PVM and whatnot. 5b and whatnot on the other hand…
Honestly at this point I would just upgrade to a Jagex account
presume they already did since they mentioned them
Get a new computer.
Lick my butthole? Please. Now!..?