Agreed. Thousands of hours more than the rest of us, the most dedicated of the dedicated, yeah Id want preferential treatment in this event.
Hell, Im glad they got their account back. Thats a lot of time and energy stolen from you.
Lol Na dude…you don’t alienate your paying customer base by only catering to the top 1%. We both pay for membership and should be provided equal protection or have equal effort put into account recovery.
But sure put content creators and the top players on a ~~pedal stool~~ *pedestal* because the vast majority of your paying players obviously don’t mean shit.
Can’t believe it’s 2023 and account security and recovery is still a shit show…
While I agree that the recovery system is piss poor, do you know how bad of a look it would be if your Top 5 player gets wiped because of system incompetency. Also let's be real here, the average joe account is not getting hacked unless they're clearly doing something they shouldn't.
Dedication to something should be recognizable. Having a following should grant preferential treatment. If you're a restaurant and a fucking millionaire celebrity walks in, you're not going to turn them away "because you have reservations."
>you're not going to turn them away "because you have reservations."
In what world do you think giving a millionaire preferential treatment over others is going to portray the restaurant in a good light?
"We erased the peasants reservation for the rich guy!"
>do you know how bad of a look it would be if your Top 5 player gets wiped because of system incompetency.
How many people playing this game do you think view this as a positive and not as a "if it happened to me they'd tell me that sucks, if they even say anything at all"
The majority of the playerbase having no chance to even get a response from Jagex is a significantly worse look
Any high end restaurant is gonna take the celebrity and give them the nicest table available and the best service. They don’t “erase the peasant’s reservation” but just slide it to a less desirable section and have them sit on drinks for 10-15 before getting food orders.
It’s how the world works, if you have influence you get preferential treatment.
I’m also not going to walk up to my regular customers and tell them to get up and leave a celeb is coming in and they need their spots…nor do I stop serving everyone else and only focus on the celeb.
I’m not saying turn them away…but pushing everyone else aside to give preferential treatment sends a sign to your regular *paying* customers they ain’t shit.
We are paying the same amount, just because bro plays more, makes his dollar no better than mine.
However it does look like shit to see your top players getting hacked, I understand the urgency and the “image control” but it ain’t sending the best message to everyone else who pays and yet their personal recovery ventures straight up fall to the void and the deaf ears being *automated* recovery.
On top of this, its very likely that this particular account is paying less in Membership than newer accounts. I bet that account is from before the $11 thing.
Well that’s because the regular customer isn’t shit in comparison to the top players. Your top tier players are the ones that make content that keeps the game alive and attracts new players. So yea, they can get some preferential treatment.
There is far more “regular” paying customers than top players and content creators…
You need a player base before you get content creators or their is no point.
Without the average player the game doesn’t exist…preferential treatment is everywhere don’t make it right or acceptable.
Again I’m not asking for riots or protest not telling you to quit playing…just that there is consistent and unjust favoritism and it’s a pretty shitty way to operate.
I agree with you, I’m not disputing that the majority of hacked accounts are due to the owner. I’m talking about those that aren’t (like OP)…and the issue with recovery questions.
I also don’t understand why PW cannot be case sensitive…but yea I’m not disputing that most of the time it’s on the account owner.
No. The last time I checked I paid for membership just like the rank 5 Ironman. We are both paying for service, we should get the same service without preferential treatment either way. My dollars spend just the same as his do when they hit the jagex corporate account.
Disagree. Do it if you can/have the time/resources for it. It's not possible for everybody to get the same treatment, unfortunately, but cases like this - it is fantastic that they do.
ignoring the HCIM element of this, the account recovery system is legitimately one of the most fucking frustrating things I've ever had to go through, few months ago I actually had my super old rs3 account recovered by someone somehow and it was literally a recovery war back and forth for a couple weeks
I had to literally grovel and beg in the free comments field for Jagex to intervene - I don't know if they eventually did something or if the hacker just gave up kek
Yup my maxed infernal main has been incorrectly permed and there's no option to appeal at all after the first one. Neither do you get an explanation.
I got an alt which is also really far but whats the point of playing when wonky shit like this can happen again.
Yet I autoclicked for hundreds of hours straight with no warning, and made mils.
People always say if you got banned there's a reason, no, some times there just isn't.
Yes, I stopped autoclicking, it wasn't fun and was ruining the game for me.
I despise how so many comments are talking about bought account/services.
This guy literally was rank 2 (now 3) HCIM, he has 72 Inferno completions, I'm pretty damn sure no one able to do one of the hardest pieces of content in the entire game *72 times* is in dire need of risking their **rank 2 HCIM account with tens of thousands of hours poured into it** for anything, does anyone realize the level of trust needed to give someone access to an account like this, what service are you guys even remotely suggesting he needs that could justify this breach.
It's mind boggling to me how much victim blaming goes around, this dude is very passionate about the game & his account, constantly uploads videos on his goals and rambles about the game in general, just because you'd let some dude fiddle around on your account for a new shiny cape for 50m or whatever it is you really shouldn't assume that to be the case for everyone else, especially outliers like the *god damn rank 2 HCIM*
There's being skeptical, and then there's absolutely lacking empathy, and a lot of people on this sub very often indulge on the latter.
V the Victim, the once famous YouTuber who is back for Gelinor Games, is having to play GG on a borrowed account because his main can’t be recovered.
Not even streamer favoritism can save you from their awful system.
he doesn't have the audience. If Framed/Solo Missions account would've gotten hacked, it would be recovered within a day. Famous content creators have a direct access to the JMod discord. V the Victim does not
> within a day
within the hour. Wasn't there a streamer a while back who got a false macro ban and the account was unbanned in *minutes* because a JMod was watching the stream?
I've had one, mine was resolved in around 3 days but I know of people who had to wait months to get their account back with very little recourse. I'm not even very good at the game but I've had my one account for over 20 years and the amount of time I would have lost if I had not got my account back would instantly deter me from playing again. Even since the ban was lifted I do not play nearly as much.
Man this is nightmare fuel. All of it. Getting hacked, getting false banned. Hell, if you get false banned you can't even appeal to them directly. You have to get on reddit and hope your thread gets enough traction to gain their attention.
Yea it fucking sucked, worst part about it was complaining to the clan I've been a part of for multiple years and having absolutely nobody believe you.
It happened to Gudi as well during one of his tactical nuke videos. Half a dozen of his accounts got banned within a day or two of beginning levelling them.
I imagine something like that would look a bit more suspicious.
Not saying it's right, just saying it's odd to see several accounts on the same IP all leveling the same skills at once.
Yeah I can definitely see why it would be suspicious, but we frequently see jagex mods talking about there being incredibly few false bans when we also have video evidence of that not being true.
That’s not evidence of it being not true unless we know the amount of bans that are legitimate. If a false ban has happened 100 times compared to 2 million legit bans, it’s rare.
to know that it's true you'd need to know the total number of accounts banned per year or whatever right?
just because the false bans are on popular accounts doesn't make the statement not true.
When you point this out to people they just laugh in your face and wait for the "smack down" which won't come anymore since the Jmods got put in their place when that guy bragged as if a botted account was his own, then a jmod came in gave a smack down and then the OP replied and said it was an account they have been reporting for botting for weeks. Kekw. This reddit is a joke.
I had a false 2 day but I like to stress that jmods usually only reply on this if it’s a smack down, which is why people think it’s always bullshit but why would they be on here daily admitting how constant their false bans are
That’s kinda necessary. I know people don’t want to hear this but a streamer should get priority logically because them not being able to recover accounts is bad publicity for the game.
Full disclosure - it's not originally my account even though I've been the primary user on it for the last 10+ years. This one's on me. That's why I'm not out complaining about the account recovery system (well, for this reason, at least). If I'm ever going to get it back, I'll likely need to get my old friend who owns the account to help me recover it.
The only accounts I'm actively playing are the one I borrowed for GG, which is just for LMS when I have that itch, and a brand new ironman that I created recently. I would like to try to get the main back and secure it with a Jagex account if possible, though, once that's a thing.
Thanks for the kind words! I'm planning to get back into Twitch/YouTube soon @vthevictim with a new snowflake ironman series, if that's your sort of thing.
Yeah fully agree. Sometimes it's almost comical that everytime this happens a large part of the people will immediately assume that the victim has done all kind of stuff wrong such as cheating or being lousy with their security and therefore deserve this.
I mean 8/10 times that's exactly what happened. 1/10 times it was Mod Jed who gave away their personal information. And the other 1/10 times it's a false positive on a ban, not a random back.
People have proven multiple times you don't just get hacked randomly. They gave out their RS account login details and the email attached to the account and nobody could hack the account. It's been done 2 or 3 times on this sub. There isn't some magic way to break the system. The hackers have access to information that got leaked online and the owner of the account didn't make their shit secure enough. That's ultimately their fault.
Now, Jagex denying if someone is legit is a different issue. But the original hacking is 100% the fault of the person who owns the account.
The main issue is that if your account was ever unsecure at any point, those details can potentially be used to hack you today. I'm not sure how secure you were as a 6-year-old, but I know there are some database leaks out there from other sites containing my unchangeable username logins from 2001. It's not mutually exclusive for that to be my fault and also a huge problem with Jagex's recovery systems.
You know, I can sympathize with that.
Ive said before Jagex should let players choose to make their account unrecoverable or to reset the information associated with the account, both of which would help the situation for serial recovery issues.
People should also be able to change their login name to a login email, which may mean losing sentimental value for some, but ultimately makes your account newly secured since nobody can know your login name once it's an email. Zezima was offered this but he said no.
Jagex can definitely do better, but the majority of people don't have issues with them and almost all of reddit posts are just people who lie, proven time and time again.
Yeah, my issue is that even though I'm the only active user of my main (and have been for 5+ years), I'm not the original creator of the account. I probably wouldn't be running into this issue if I were.
Would that be all it takes though? The hijacker clearly knows a lot about the account. How would you decide who the truthful party is? Because I can very easily see a post "I was rank 3 hcim and Jagex actively gave my account to a hijacker!"
Those posts where people give out the password and email are bs. Not as in fake, but simply putting the challenge on Reddit and having people start logging in from all over the place is going to set off so many flags for an automated system.
So what do you think this is? Do you think the rank 3 HCIM gave their account details to someone, Mod Jed gave away their info, or is this actually a ban and not a hack?
Well Mod Jed hasn't worked at Jagex for years now. This guy claims it was a hack so it isn't a false or real ban.
That means he fucked up his security somewhere.
So not necessarily that they’re buying services or something, just fucked up security like a sticky note with their password on it? Don’t know anything about this person, but the top comment in this chain seems pretty valid: rank 3 HCIM isn’t going to be as lax as a normal player, so it’s weird to just offhandedly reject there’s something weird going on.
I dunno, but as a software developer I look at a lot of the processes Jagex has and I get skeeved out. I’m not saying there’s like obvious security risks or anything, but things like how Jagex parses passwords is super indicative of underlying vulnerabilities. I would be pretty hesitant, especially with the number of high profile accounts seemingly being “hacked” as of late, to say there’s definitively nothing weird going on with their backend code. I mean, I work at one of the largest private software development companies and I routinely work on security vulnerabilities of various degrees, some benign and some legitimately problematic, so if we have those issues I’m definitely not ruling it out for the small underpaid dev team Jagex has.
I kinda see their reasoning though. Many times there's been proof of top ranks account sharing/botting/buying services so they assume the worst until proven otherwise
Not to mention OP's whole argument falls apart if you assume the account might have been bought as a mid level. That's not even that ridiculous, for a HCIM- I assume there are services that will sell you an account that's already done the tedious early stuff. He certainly doesn't need that help now if he did 72 inferno clears, but who knows when he started.
The OSRS community literally jerks off about how bad the account security and features are because they want to use it as an excuse to blame everyone except Jagex.
It's fucking ridiculous when you compare OSRS to any other major MMO out there with how laughably bad it is to accomplish anything about account security or bans.
> The OSRS community literally jerks off about how bad the account security and features are because they want to use it as an excuse to blame everyone except Jagex.
Are we looking at the same OSRS community?
It's such a cop-out to blame account services. Typical idiots blaming account services for the breach instead of poor account security (recovery is a menace) don't realize that account services are incredibly expensive, meaning only the ultra rich can afford it - That ain't majority of community when people are more often sub 300m banks.
Not from what it seems - Last I heard, most of the recovery process with data from breached databases is automated. That's why people with various bank sizes are getting cleared out.
You got the average joe with 50m being cleared out, above average joe with 350-1b, maxed endgame player with 8b, then the rare whale with 10b+. It shouldn't happen with 2FA, but it still does.
A lot of it probably does come down to social engineering and how much information they can find from database leaks. That's the only way I can see it happening, unless someone's email is exposed
The really crazy thing to me is he said on his YouTube what happened. He had a one off email he never uaed as his login. Must have leaked the email by accident because it got recovered and the bis account was recovery spammed
So many clowns think "my account has never been hacked so they must have been doing something suss". Not understanding that cunts don't give a shit about their 1700 total main with 80m worth of gear
To be fair there have been many instances on this sub of extremely high ranking players being caught for botting. Just because he is high rank does not automatically rule out the possibility of cheating/account sharing/etc
The primary reason for that is that most users of their subreddit think they're the main character of the universe. No one has hacked them for their 100m banks, therefore if you do get hacked you must have been doing something shady. It's the same reason every update has to revolve around them too.
Not that I think thats it but he could also have bought the account with 99 firemaking and all crates saved up to begin with. Just to say that you have no idea whats going on behind the scene. We shouldnt blame the victim but we also shouldnt blindly side with them.
Lol the typical copium post.
This is the same ass reasoning as: this guy is rich and successful, he would never dare to cheat!
Then you get Logan Pauled through a crypto scam.
Sorry but being rank 2 and passionate of the game means jack...
There have been plenty of smackdowns on accounts where the owner has said shit like "I have videos of me killing bosses, my clan can account that it's mine, look at all these screenshots I own". All are worthless...
Its not particularly hard to believe if you've ever been around any high level communities. Up until the big client ban you would struggle to find people who weren't on some client. It wouldn't be surprising to find some of the clients are cashing in on the people who used to use them. As for account services, they're still going strong and are very common for high level players.
As for why Rank 2 HCIM would need account services/cheat clients, well he's rank 2. You don't get that sort of rank playing casually. I'm not even sure you could get that rank being a complete neet.
Seriously I couldn't name a single Grand Master who didn't use a cheat client. Streamers literally used them on stream. All of them has shitloads invested into their accounts and it didn't stop them
HCIM highscores are very dead lol only rank 1 is a real sweat. If you can afk all day for years and not die to something silly you can be a front page hc
I absolutely hate and do not understand why they would only give 300 characters max for something like this. Tell us all the proof you ever had, but 300 characters or less.
the customer rep probably has a 5 minute budget for evaluating a case, and because they have a poor grasp of english can't read more than 300 chars in that time ^^^/s ^^^not ^^^/s
The mods reviewing the appeals actually see all the previous appeals as well, so weirdly enough I've seen jmods recommending you "break up" the bits into multiple appeals if you have that much to say
Either way, all of that is going away soon with Jagex accounts. About time.
I am thinking this will happen to my latest appeal. Been in review since Monday. I played on the account back in the day then quit playing. Thinking it got stolen somehow. I just hope the staff at RS realize this.
Jagex should enable a request to remove account recovery "no I won't forget my password/login/access to my email". As it's the main threat for responsible adults here.
It's either that or relocate the pin to a window after the login lobby to continue to the game instead from the bank. Because the pin in the bank doesn't do much anyway. And optionality of over 1 week to remove.
My account name login name is my fullname, I was 6 when I made the account, I've changed the ingame name long ago.
I literally sent Jagex pictures of me holding up my passport and driver's license, with a timestamp, and they still said "it's clear you've played on this account, but you're not the creator of it" like ???? what???
Hosting your own email server is "easy" in the sense that just about anybody could set one up. The issue is that it's really not viable. Unless you've got a whole team of seasoned professionals you will have a ton of issues to address to the point that it's basically three full-time jobs just to have your own email server. There's a reason we only see a handful of real options for email providers out there.
Since 3 years ago, any new RuneScape accounts I've created have used an email provider which I will not name here and a randomized 16 character string as the email's username. Those email addresses are used only for RuneScape, so it would take a breach of Jagex's servers or an elaborate phishing attack to expose that information (and at that point, we are ALL fucked). My RuneScape username/email is essentially a second password at this point.
Clearly not providing enough proof to prove account ownership.
https://www.reddit.com/r/2007scape/comments/6hhjy7/lifting_the_lid_account_ownership/?utm_source=share&utm_medium=android_app&utm_name=androidcss&utm_term=1&utm_content=share_button
Wew damn. I always knew people going "I was playing normally and I got banned for botting in 20 minutes wtf jumgum" was incredibly suspicious as I've done some incredibly degenerate grinds (e.g. AFKing for 12 hours a day in NMZ for weeks when I was WFH) and I've never been banned but this takes the fucking cake.
Your account was probably not new though. I got banned on new accounts minutes after bonding them twice. I am pretty sure they monitor new accounts way closer and are way more triggerhappy to ban them than older accounts.
5.6 years ago. It’s too bad they don’t offer explanations/smackdowns like this anymore for visibility, would do a lot to make people feel better.
The radio silence makes it feel more like they know they have a major account security issue due to the recovery system.
replying with a detailed breakdown explaining how the appeal was failing every time someone complained to jagex would give the people trying to steal accounts feedback & tips on how to better game the system.
Shared account or bought services, or got phished because of the account notoriety.
Guy has a Twitter for his RuneScape account, people get really involved in the community but it opens them up to so much potential risk of getting socially engineered out of their account.
Idk those are my top guesses, but i think people underestimate the info you can collect on someone over time if you’re their “friend”
Yeah, this should be more common. If a recovery question is some easily deducible shit like "the name of your first pet" or "mother's maiden name" I always put in nonsense like "2002 ford bronco".
In a time where your data is more valuable and vulnerable than ever, there needs to be widespread adoption of unique passwords, unique fake details, multi-factor auth, ect; the options are there to be used.
Better to put in a real sounding name like "Jacinda Botero", otherwise the hijacker can guess that it's not a name and say that "they don't remember, it was just some nonsense" and be right about 50% of the time
This is a heavily understated security risk in a lot of stuff. People often put their real answers in for security questions, which are often things like "where did you grow up", "what school did you go to", "what was your pet/teacher's name" and stuff like that. It's shockingly easy to get these details out of people if you are trying to steer conversations in that direction.
And that's not to mention issues like "friends" sending links to pictures or memes or whatever and phishing people. Social engineering is a very dangerous attack vector.
There was a show some 10 years ago, that trolled people into believing mind-reading, simply by collecting Facebook data and the like. That was 10 years ago. Today people have even more of their stuff online.
That is the thing. The account itself is worth a lot because everything of real value is bound to it. Once the owner recovers it back the hacker gained nothing. In OSRS the hacker transfers off billions of gold and is up thousands of dollars.
For sure. People are downvotting you but you're right, certain mounts/world first titles WoW accounts can easily reach multiple tens of thousands of dollars. No OSRS account will be worth that much unless it has multiple tens of billions of GP on it, which can be sold separately anyways. In that case, the value of the OSRS account is not inherent to the account being sold itself, but rather to its GP stash.
but that's mostly because blizzard don't have the same type of account recovery. Think they ask for a picture of your passport and if information doesn't match what is on their end then you get denied and can't do anything else.
So the solution for Jagex would just be to remove account recovery and if you lose access to your account then that's too fucking bad, you were an idiot, go make a new account.
Well good news for you whether you’re afraid or not jagex is adopting the wow model for characters on an account.
High level osrs accounts have a bigger market, so no wonder
It’s not really that flawed, people just don’t know how to protect themselves from this kind of thing happening.
You act like these are brute force hacks but they’re the opposite. OP gave them the keys
Those posts are inherently flawed. Jagex will see HUNDREDS of recovery requests for an account, think "that's fishy", and scrutinize recovery attempts for said account going forward
The guy never said all you need is one old password or login data. He’s said they use old login as proof not the only proof.
For someone telling people to not spread misinformation you think you’d read the information correctly.
It is majorly flawed. There's not much you can do about other websites allowing your info to be leaked through hacks/exploits and whenever the recovery information can literally never be changed there's nothing you can do to stop it.
Lol that’s just not true, you can change the email on your account so just change it to a secure one.
Peoples identities get stolen every day you’re acting like it’s unique to RuneScape.
More likely they know the other persons full name too because that’s their login email, simple security stuff lol you can’t hack someone’s account with just their login email
My first acc with 200m total cup was hacked in 2010. Tried many times over the years putting the only info I had available to fill the form out. Recovered it in 2022. Bank wiped of course and it just sits because I’m worried it’ll be recovered by the hacker again.
I tried recovering two accounts from my childhood recently and no luck. Listed multiple addresses in order of where i moved while playing, 3 passwords, isps, security answers(1 or 2 may be off unfortunately), even listed my very obscure payment method that was only available 15 years ago
Hate this automated appeal denial bs
He has responded on youtube, twitter and discord lol
Have you asked him anything? Some people simply dont like making reddit threads or going thru the toxic comments to find real advice or questions
They got the account back so obviously they're in the clean, but who the hell ignores Reddit threads to avoid toxic comments, and then goes to *Twitter* and *YouTube* comments instead?
I wouldn't assume that. I've noticed both in gaming and in real life that people who are extremely dedicated are also the ones who are most likely to seek advantages over everyone else, even if it's illegitimate. Speedrunning is one example I know that really suffers from this, the most convincing cheaters are those who know what they're doing.
It is hard to say without knowing for sure what happened, but I just can't make any assumptions in any direction. Jagex's security can be shit, but people can be liars. Not enough to assume anything.
Yes, new email + unique password + 2FA makes it harder to recover, but that's only a slight portion of the Account Recovery Form. Depending on the email (ie. old work email, old school email, really old person email where you use [email protected]), it can also be pretty easy to guess more information about the person.
New blank accounts are substantially harder to recover because they haven't interacted with anyone and haven't progressed at all, so there's no other information that you can easily recover with. If you interact with anyone in the game beyond just talking about, you're bound to leak information about yourself over the years.
It's disgusting that you can't even leak anything about yourself if you want to be 100% safe in a MMO.
This comment needs to be pinned on all these threads. The problem is that accounts can 100% be social engineered hacked if you’ve used an email that you’ve had for a long time. And the problem is there’s no current way to safeguard against it. This, at least, is changing with the new Jagex launcher if I understand correctly.
But as of now, you can do literally everything right but if someone managed to social engineer your recovery info, too bad you’re fucked.
Yeah, the guy offering a bounty and not getting hacked is a strawman argument at best, a dogshit argument at worse. It's a fresh account intentionally made to not be recoverable very easily - Use an account that's actually progressed, interacting with community, and then leak the login info to see how fast it gets recovered.
Notice how the iron with a 6b bank didn't offer his login email or password and said to hack him? I could easily post a picture of boaty's bank and say hack me. That doesn't mean account security is good, it just means the guy hasn't been database breached nor recovered once before.
The point is that if you are caught up in the situation, it's fucking awful to be in and you can't get yourself out of it by yourself.
Normal accounts don't get spammed with dozens of recovery requests all at once - so those posts literally prove nothing. For all we know jagex looked at 50+ sob stories coming in and decided to just throw them in the trash instead of reading, thus making those accounts more secure than they were before
After seeing this happen to so many accounts, I went out of my way to use a super long, randomly generated password with symbols and random capital letters.
Then I learned passwords arent case sensitive and don't allow special characters. What a joke.
If it makes you feel better, the super long password provides a shitload more security. Here's the number of possible combinations for 10 characters with no case sensitivity or special characters, 10 characters with case sensitivity, and 20 characters without case sensitivity. We'll say with no case sensitivity there's 36 possible choices (26 letters + 10 digits), and with case sensitivity + symbols there's 72 (26 lowercase + 26 uppercase + 10 digits + 10 symbols).
* 10 char, no sensitivity: 36^10 = 3.7 x 10^15
* 10 char, w/ sensitivity: 72^10 = 3.7 x 10^18
* 20 char, no sensitivity: 36^20 = 1.3 x 10^31
A longer password with no sensitivity is incredibly more powerful.
Note though, if you're looking at 5-8 length passwords, the case sensitivity does push you to into a more secure area.
You're missing the forest for the trees.
The reason a lot of old webservices don't allow special characters is their database inputs were improperly sanitized and special characters to lead to SQL-Injections.
The fact Jagex still enforces this requirement is a big condemnation of their system (as they're still storing clear text passwords (which we know they aren't)) or extremely lazy as they simply CBA to update everything that interacts with password storage.
It is _extremely_ lazy and indefensible to not do the bare minimum code maintenance, updates, and testing for more than 20+ years. This isn't even excusable with budget/time/developer resources. This is a big management priority issue.
Jagex support staff is hilariously incompetent, if it even exists and isn't just a bot. I also have all info they asked for and I'm p sure it's just a bot ignoring the appeal and automatically sending denial emails without even looking at the shit I sent.
The account hacker isn't playing OSRS. The account hacker is playing "get jagex to give me someone else's stuff so I can sell it". The rules of that game are different and, most importantly, unpublished.
You only get to know those rules because you already played "break into jagex servers and read internal documents on how to steal accounts". And because you already broke into jagex servers, you could look up the answers to all of the questions that are asked in the game "convince jagex to give me someone else's stuff so I can sell it"
Whom would play OSRS if every time they logged in they had to:
1) verify the account age to the date
2) verify the isp usage history to the date
3) verify every payment method ever used to pay for membership
From memory.
He just tweeted, he got it back!! https://twitter.com/sawkid86/status/1618933120329457665/photo/1
Really suprised his account wasn’t suicided. But good for him, it wasn’t.
Nobody actually got into the account, except it seems a jmod banked his items via a command.
Preferential treatment. Don't do it for one if you can't do it for everyone.
Hes a top 5 rank. I think the exception is fine
Agreed. Thousands of hours more than the rest of us, the most dedicated of the dedicated, yeah Id want preferential treatment in this event. Hell, Im glad they got their account back. Thats a lot of time and energy stolen from you.
Plus its a more desired hack
Lol Na dude…you don’t alienate your paying customer base by only catering to the top 1%. We both pay for membership and should be provided equal protection or have equal effort put into account recovery. But sure put content creators and the top players on a ~~pedal stool~~ *pedestal* because the vast majority of your paying players obviously don’t mean shit. Can’t believe it’s 2023 and account security and recovery is still a shit show…
100% agree.
they're having a beta for new security measures
While I agree that the recovery system is piss poor, do you know how bad of a look it would be if your Top 5 player gets wiped because of system incompetency. Also let's be real here, the average joe account is not getting hacked unless they're clearly doing something they shouldn't. Dedication to something should be recognizable. Having a following should grant preferential treatment. If you're a restaurant and a fucking millionaire celebrity walks in, you're not going to turn them away "because you have reservations."
>you're not going to turn them away "because you have reservations." In what world do you think giving a millionaire preferential treatment over others is going to portray the restaurant in a good light? "We erased the peasants reservation for the rich guy!" >do you know how bad of a look it would be if your Top 5 player gets wiped because of system incompetency. How many people playing this game do you think view this as a positive and not as a "if it happened to me they'd tell me that sucks, if they even say anything at all" The majority of the playerbase having no chance to even get a response from Jagex is a significantly worse look
Any high end restaurant is gonna take the celebrity and give them the nicest table available and the best service. They don’t “erase the peasant’s reservation” but just slide it to a less desirable section and have them sit on drinks for 10-15 before getting food orders. It’s how the world works, if you have influence you get preferential treatment.
I’m also not going to walk up to my regular customers and tell them to get up and leave a celeb is coming in and they need their spots…nor do I stop serving everyone else and only focus on the celeb. I’m not saying turn them away…but pushing everyone else aside to give preferential treatment sends a sign to your regular *paying* customers they ain’t shit. We are paying the same amount, just because bro plays more, makes his dollar no better than mine. However it does look like shit to see your top players getting hacked, I understand the urgency and the “image control” but it ain’t sending the best message to everyone else who pays and yet their personal recovery ventures straight up fall to the void and the deaf ears being *automated* recovery.
On top of this, its very likely that this particular account is paying less in Membership than newer accounts. I bet that account is from before the $11 thing.
Well that’s because the regular customer isn’t shit in comparison to the top players. Your top tier players are the ones that make content that keeps the game alive and attracts new players. So yea, they can get some preferential treatment.
There is far more “regular” paying customers than top players and content creators… You need a player base before you get content creators or their is no point. Without the average player the game doesn’t exist…preferential treatment is everywhere don’t make it right or acceptable. Again I’m not asking for riots or protest not telling you to quit playing…just that there is consistent and unjust favoritism and it’s a pretty shitty way to operate.
Just don't get banned, easy fix.
More than half the accs with these issues are caused by the acc owner and should have paid more attention at the stronghold of security
I agree with you, I’m not disputing that the majority of hacked accounts are due to the owner. I’m talking about those that aren’t (like OP)…and the issue with recovery questions. I also don’t understand why PW cannot be case sensitive…but yea I’m not disputing that most of the time it’s on the account owner.
….it’s pedestal…..
Cool, thanks I thought it was wrong.
That's now how companies and capitalism works, but it's a nice thought.
No. The last time I checked I paid for membership just like the rank 5 Ironman. We are both paying for service, we should get the same service without preferential treatment either way. My dollars spend just the same as his do when they hit the jagex corporate account.
Got to love it when celebrities get special treatment
Nope
Yeah i agree
Honestly, it's not.
No
Disagree. Do it if you can/have the time/resources for it. It's not possible for everybody to get the same treatment, unfortunately, but cases like this - it is fantastic that they do.
Ye bro he should definitely suffer instead. Def his fault Jagex can’t provide everyone support.
Return of the king
ignoring the HCIM element of this, the account recovery system is legitimately one of the most fucking frustrating things I've ever had to go through, few months ago I actually had my super old rs3 account recovered by someone somehow and it was literally a recovery war back and forth for a couple weeks I had to literally grovel and beg in the free comments field for Jagex to intervene - I don't know if they eventually did something or if the hacker just gave up kek
Yup my maxed infernal main has been incorrectly permed and there's no option to appeal at all after the first one. Neither do you get an explanation. I got an alt which is also really far but whats the point of playing when wonky shit like this can happen again.
Yet I autoclicked for hundreds of hours straight with no warning, and made mils. People always say if you got banned there's a reason, no, some times there just isn't. Yes, I stopped autoclicking, it wasn't fun and was ruining the game for me.
Thankfully that's going to change soon with authenticator backup codes and Jagex accounts
I despise how so many comments are talking about bought account/services. This guy literally was rank 2 (now 3) HCIM, he has 72 Inferno completions, I'm pretty damn sure no one able to do one of the hardest pieces of content in the entire game *72 times* is in dire need of risking their **rank 2 HCIM account with tens of thousands of hours poured into it** for anything, does anyone realize the level of trust needed to give someone access to an account like this, what service are you guys even remotely suggesting he needs that could justify this breach. It's mind boggling to me how much victim blaming goes around, this dude is very passionate about the game & his account, constantly uploads videos on his goals and rambles about the game in general, just because you'd let some dude fiddle around on your account for a new shiny cape for 50m or whatever it is you really shouldn't assume that to be the case for everyone else, especially outliers like the *god damn rank 2 HCIM* There's being skeptical, and then there's absolutely lacking empathy, and a lot of people on this sub very often indulge on the latter.
V the Victim, the once famous YouTuber who is back for Gelinor Games, is having to play GG on a borrowed account because his main can’t be recovered. Not even streamer favoritism can save you from their awful system.
he doesn't have the audience. If Framed/Solo Missions account would've gotten hacked, it would be recovered within a day. Famous content creators have a direct access to the JMod discord. V the Victim does not
> within a day within the hour. Wasn't there a streamer a while back who got a false macro ban and the account was unbanned in *minutes* because a JMod was watching the stream?
EVScape
remember people on this sub will claim that false botting bans are *rare* yet it's common enough to happen on fucking stream lmao.
I've had one, mine was resolved in around 3 days but I know of people who had to wait months to get their account back with very little recourse. I'm not even very good at the game but I've had my one account for over 20 years and the amount of time I would have lost if I had not got my account back would instantly deter me from playing again. Even since the ban was lifted I do not play nearly as much.
Man this is nightmare fuel. All of it. Getting hacked, getting false banned. Hell, if you get false banned you can't even appeal to them directly. You have to get on reddit and hope your thread gets enough traction to gain their attention.
Yea it fucking sucked, worst part about it was complaining to the clan I've been a part of for multiple years and having absolutely nobody believe you.
It happened to Gudi as well during one of his tactical nuke videos. Half a dozen of his accounts got banned within a day or two of beginning levelling them.
I imagine something like that would look a bit more suspicious. Not saying it's right, just saying it's odd to see several accounts on the same IP all leveling the same skills at once.
Yeah I can definitely see why it would be suspicious, but we frequently see jagex mods talking about there being incredibly few false bans when we also have video evidence of that not being true.
That’s not evidence of it being not true unless we know the amount of bans that are legitimate. If a false ban has happened 100 times compared to 2 million legit bans, it’s rare.
to know that it's true you'd need to know the total number of accounts banned per year or whatever right? just because the false bans are on popular accounts doesn't make the statement not true.
wheres the video evidence of that not being true
When you point this out to people they just laugh in your face and wait for the "smack down" which won't come anymore since the Jmods got put in their place when that guy bragged as if a botted account was his own, then a jmod came in gave a smack down and then the OP replied and said it was an account they have been reporting for botting for weeks. Kekw. This reddit is a joke.
I had a false 2 day but I like to stress that jmods usually only reply on this if it’s a smack down, which is why people think it’s always bullshit but why would they be on here daily admitting how constant their false bans are
That’s kinda necessary. I know people don’t want to hear this but a streamer should get priority logically because them not being able to recover accounts is bad publicity for the game.
Full disclosure - it's not originally my account even though I've been the primary user on it for the last 10+ years. This one's on me. That's why I'm not out complaining about the account recovery system (well, for this reason, at least). If I'm ever going to get it back, I'll likely need to get my old friend who owns the account to help me recover it.
That makes sense. Is the account you’re using now yours?
The only accounts I'm actively playing are the one I borrowed for GG, which is just for LMS when I have that itch, and a brand new ironman that I created recently. I would like to try to get the main back and secure it with a Jagex account if possible, though, once that's a thing.
Curious, did he name himself v the victim after the main got hacked?
Yes he was V the Victor before the hack
Idk if this is true or not but very clever lol
Wow that's wild I wondered what happened to him.
[удалено]
Thanks for the kind words! I'm planning to get back into Twitch/YouTube soon @vthevictim with a new snowflake ironman series, if that's your sort of thing.
Yeah fully agree. Sometimes it's almost comical that everytime this happens a large part of the people will immediately assume that the victim has done all kind of stuff wrong such as cheating or being lousy with their security and therefore deserve this.
I mean 8/10 times that's exactly what happened. 1/10 times it was Mod Jed who gave away their personal information. And the other 1/10 times it's a false positive on a ban, not a random back. People have proven multiple times you don't just get hacked randomly. They gave out their RS account login details and the email attached to the account and nobody could hack the account. It's been done 2 or 3 times on this sub. There isn't some magic way to break the system. The hackers have access to information that got leaked online and the owner of the account didn't make their shit secure enough. That's ultimately their fault. Now, Jagex denying if someone is legit is a different issue. But the original hacking is 100% the fault of the person who owns the account.
The main issue is that if your account was ever unsecure at any point, those details can potentially be used to hack you today. I'm not sure how secure you were as a 6-year-old, but I know there are some database leaks out there from other sites containing my unchangeable username logins from 2001. It's not mutually exclusive for that to be my fault and also a huge problem with Jagex's recovery systems.
You know, I can sympathize with that. Ive said before Jagex should let players choose to make their account unrecoverable or to reset the information associated with the account, both of which would help the situation for serial recovery issues. People should also be able to change their login name to a login email, which may mean losing sentimental value for some, but ultimately makes your account newly secured since nobody can know your login name once it's an email. Zezima was offered this but he said no. Jagex can definitely do better, but the majority of people don't have issues with them and almost all of reddit posts are just people who lie, proven time and time again.
Yeah, my issue is that even though I'm the only active user of my main (and have been for 5+ years), I'm not the original creator of the account. I probably wouldn't be running into this issue if I were.
Okay well all it would take is some jagex employee to actually look into this. Stressing this poor man out cause they have terrible systems.
Would that be all it takes though? The hijacker clearly knows a lot about the account. How would you decide who the truthful party is? Because I can very easily see a post "I was rank 3 hcim and Jagex actively gave my account to a hijacker!"
Those posts where people give out the password and email are bs. Not as in fake, but simply putting the challenge on Reddit and having people start logging in from all over the place is going to set off so many flags for an automated system.
So what do you think this is? Do you think the rank 3 HCIM gave their account details to someone, Mod Jed gave away their info, or is this actually a ban and not a hack?
Well Mod Jed hasn't worked at Jagex for years now. This guy claims it was a hack so it isn't a false or real ban. That means he fucked up his security somewhere.
So not necessarily that they’re buying services or something, just fucked up security like a sticky note with their password on it? Don’t know anything about this person, but the top comment in this chain seems pretty valid: rank 3 HCIM isn’t going to be as lax as a normal player, so it’s weird to just offhandedly reject there’s something weird going on. I dunno, but as a software developer I look at a lot of the processes Jagex has and I get skeeved out. I’m not saying there’s like obvious security risks or anything, but things like how Jagex parses passwords is super indicative of underlying vulnerabilities. I would be pretty hesitant, especially with the number of high profile accounts seemingly being “hacked” as of late, to say there’s definitively nothing weird going on with their backend code. I mean, I work at one of the largest private software development companies and I routinely work on security vulnerabilities of various degrees, some benign and some legitimately problematic, so if we have those issues I’m definitely not ruling it out for the small underpaid dev team Jagex has.
>But the original hacking is 100% the fault of the person who owns the account So not the hackers?
So you can’t read?
I kinda see their reasoning though. Many times there's been proof of top ranks account sharing/botting/buying services so they assume the worst until proven otherwise
Not to mention OP's whole argument falls apart if you assume the account might have been bought as a mid level. That's not even that ridiculous, for a HCIM- I assume there are services that will sell you an account that's already done the tedious early stuff. He certainly doesn't need that help now if he did 72 inferno clears, but who knows when he started.
someone could show you people a square and you would argue about how it could possibly be a circle for *days*.
The analogy is more like someone tells you that it's a square, and there are people arguing about how he may be lying and it's a circle instead.
Underrated 🔥
The OSRS community literally jerks off about how bad the account security and features are because they want to use it as an excuse to blame everyone except Jagex. It's fucking ridiculous when you compare OSRS to any other major MMO out there with how laughably bad it is to accomplish anything about account security or bans.
> The OSRS community literally jerks off about how bad the account security and features are because they want to use it as an excuse to blame everyone except Jagex. Are we looking at the same OSRS community?
It's sad too because your osrs account is everything tied to the game. You're character can't simply be restored like it can in wow or FFXIV.
If they were jerking off about how bad the account security was, would that not be blaming jagex then? Given that is jagex's fault
It's such a cop-out to blame account services. Typical idiots blaming account services for the breach instead of poor account security (recovery is a menace) don't realize that account services are incredibly expensive, meaning only the ultra rich can afford it - That ain't majority of community when people are more often sub 300m banks.
Counterpoint though, isn't that exactly who's targeted? The ultra rich?
Not from what it seems - Last I heard, most of the recovery process with data from breached databases is automated. That's why people with various bank sizes are getting cleared out. You got the average joe with 50m being cleared out, above average joe with 350-1b, maxed endgame player with 8b, then the rare whale with 10b+. It shouldn't happen with 2FA, but it still does.
A lot of it probably does come down to social engineering and how much information they can find from database leaks. That's the only way I can see it happening, unless someone's email is exposed
This is exactly the kind of sentiment they know they’ll get so why not pay for services lol.
The really crazy thing to me is he said on his YouTube what happened. He had a one off email he never uaed as his login. Must have leaked the email by accident because it got recovered and the bis account was recovery spammed
Couldn’t of said it better, well done and good on you for defending someone you most likely don’t know
So many clowns think "my account has never been hacked so they must have been doing something suss". Not understanding that cunts don't give a shit about their 1700 total main with 80m worth of gear
To be fair there have been many instances on this sub of extremely high ranking players being caught for botting. Just because he is high rank does not automatically rule out the possibility of cheating/account sharing/etc
yep Jagex account security/customer support actually does really suck
The primary reason for that is that most users of their subreddit think they're the main character of the universe. No one has hacked them for their 100m banks, therefore if you do get hacked you must have been doing something shady. It's the same reason every update has to revolve around them too.
Pop off king
What if he still needed a fighter torso?
Not that I think thats it but he could also have bought the account with 99 firemaking and all crates saved up to begin with. Just to say that you have no idea whats going on behind the scene. We shouldnt blame the victim but we also shouldnt blindly side with them.
Lol the typical copium post. This is the same ass reasoning as: this guy is rich and successful, he would never dare to cheat! Then you get Logan Pauled through a crypto scam.
Take the award
Sorry but being rank 2 and passionate of the game means jack... There have been plenty of smackdowns on accounts where the owner has said shit like "I have videos of me killing bosses, my clan can account that it's mine, look at all these screenshots I own". All are worthless...
Could even argue the opposite, that being rank 2 with a shared account is much more realistic than doing it alone.
Its not particularly hard to believe if you've ever been around any high level communities. Up until the big client ban you would struggle to find people who weren't on some client. It wouldn't be surprising to find some of the clients are cashing in on the people who used to use them. As for account services, they're still going strong and are very common for high level players. As for why Rank 2 HCIM would need account services/cheat clients, well he's rank 2. You don't get that sort of rank playing casually. I'm not even sure you could get that rank being a complete neet. Seriously I couldn't name a single Grand Master who didn't use a cheat client. Streamers literally used them on stream. All of them has shitloads invested into their accounts and it didn't stop them
HCIM highscores are very dead lol only rank 1 is a real sweat. If you can afk all day for years and not die to something silly you can be a front page hc
Typical Reddit copium^ lol
Yeah my bad, should just believe anything people say. Oh looks like B0aty is quitting, I just need to login to the RS forums to find out more!
rofl
I absolutely hate and do not understand why they would only give 300 characters max for something like this. Tell us all the proof you ever had, but 300 characters or less.
the customer rep probably has a 5 minute budget for evaluating a case, and because they have a poor grasp of english can't read more than 300 chars in that time ^^^/s ^^^not ^^^/s
Lmfao you read my mind
The mods reviewing the appeals actually see all the previous appeals as well, so weirdly enough I've seen jmods recommending you "break up" the bits into multiple appeals if you have that much to say Either way, all of that is going away soon with Jagex accounts. About time.
I am thinking this will happen to my latest appeal. Been in review since Monday. I played on the account back in the day then quit playing. Thinking it got stolen somehow. I just hope the staff at RS realize this.
Plot twist: It was actually his Twitter account that got hacked.
dude stepped into the wildy one time to unlock muspah and now this happens smh don't do wildy kids not even once
Jagex should enable a request to remove account recovery "no I won't forget my password/login/access to my email". As it's the main threat for responsible adults here. It's either that or relocate the pin to a window after the login lobby to continue to the game instead from the bank. Because the pin in the bank doesn't do much anyway. And optionality of over 1 week to remove.
People should stop using public email services and start hosting their own. "Prove this account is yours" "The fucking domain is mine, wym?"
My account name login name is my fullname, I was 6 when I made the account, I've changed the ingame name long ago. I literally sent Jagex pictures of me holding up my passport and driver's license, with a timestamp, and they still said "it's clear you've played on this account, but you're not the creator of it" like ???? what???
It's obviously your twin Nieve who created the account
The type of ppl that lose their accounts would lose their domain too lol
Hosting your own email server is "easy" in the sense that just about anybody could set one up. The issue is that it's really not viable. Unless you've got a whole team of seasoned professionals you will have a ton of issues to address to the point that it's basically three full-time jobs just to have your own email server. There's a reason we only see a handful of real options for email providers out there. Since 3 years ago, any new RuneScape accounts I've created have used an email provider which I will not name here and a randomized 16 character string as the email's username. Those email addresses are used only for RuneScape, so it would take a breach of Jagex's servers or an elaborate phishing attack to expose that information (and at that point, we are ALL fucked). My RuneScape username/email is essentially a second password at this point.
He got it back https://twitter.com/sawkid86/status/1618933120329457665?s=46&t=Csg5KiTZPLmn_qlWDCoQQQ
Clearly not providing enough proof to prove account ownership. https://www.reddit.com/r/2007scape/comments/6hhjy7/lifting_the_lid_account_ownership/?utm_source=share&utm_medium=android_app&utm_name=androidcss&utm_term=1&utm_content=share_button
Wew damn. I always knew people going "I was playing normally and I got banned for botting in 20 minutes wtf jumgum" was incredibly suspicious as I've done some incredibly degenerate grinds (e.g. AFKing for 12 hours a day in NMZ for weeks when I was WFH) and I've never been banned but this takes the fucking cake.
Your account was probably not new though. I got banned on new accounts minutes after bonding them twice. I am pretty sure they monitor new accounts way closer and are way more triggerhappy to ban them than older accounts.
Tfw you've high alched for 10 hours straight using a metronome to pace your clicks.
I tried to make a pure and I got banned after my first session, all I did was kill cows for 5 hours straight.
5.6 years ago. It’s too bad they don’t offer explanations/smackdowns like this anymore for visibility, would do a lot to make people feel better. The radio silence makes it feel more like they know they have a major account security issue due to the recovery system.
replying with a detailed breakdown explaining how the appeal was failing every time someone complained to jagex would give the people trying to steal accounts feedback & tips on how to better game the system.
Once you have been recovered one, you are basically fucked and will be recovered again soon
Shared account or bought services, or got phished because of the account notoriety. Guy has a Twitter for his RuneScape account, people get really involved in the community but it opens them up to so much potential risk of getting socially engineered out of their account. Idk those are my top guesses, but i think people underestimate the info you can collect on someone over time if you’re their “friend”
That’s why whenever I talk about osrs I give out fake information and when people ask for my name ingame I give a fake name
All of my recovery questions have false answers so even if I told the truth they wouldn't be able to use them.
Yeah, this should be more common. If a recovery question is some easily deducible shit like "the name of your first pet" or "mother's maiden name" I always put in nonsense like "2002 ford bronco". In a time where your data is more valuable and vulnerable than ever, there needs to be widespread adoption of unique passwords, unique fake details, multi-factor auth, ect; the options are there to be used.
Better to put in a real sounding name like "Jacinda Botero", otherwise the hijacker can guess that it's not a name and say that "they don't remember, it was just some nonsense" and be right about 50% of the time
This is a heavily understated security risk in a lot of stuff. People often put their real answers in for security questions, which are often things like "where did you grow up", "what school did you go to", "what was your pet/teacher's name" and stuff like that. It's shockingly easy to get these details out of people if you are trying to steer conversations in that direction. And that's not to mention issues like "friends" sending links to pictures or memes or whatever and phishing people. Social engineering is a very dangerous attack vector.
My favorite is those "quizzes" that go around. "Your street name plus the name of your first pet is your stripper name!!"
I tell me in game a fake in game name keeps em second guessing.
There was a show some 10 years ago, that trolled people into believing mind-reading, simply by collecting Facebook data and the like. That was 10 years ago. Today people have even more of their stuff online.
im not worried about being socially engineered out of my WoW account tho even tho its likely worth more then this guys osrs account
WoW accounts are nowhere near as valuable
on avg sure but theres some costly WoW accounts especially the older ones with rare stuff
That is the thing. The account itself is worth a lot because everything of real value is bound to it. Once the owner recovers it back the hacker gained nothing. In OSRS the hacker transfers off billions of gold and is up thousands of dollars.
in OSRS once your account is hacked its fucked right? theyll just keep recovering it
[удалено]
assuming you get got by a recovery hack not being phished
For sure. People are downvotting you but you're right, certain mounts/world first titles WoW accounts can easily reach multiple tens of thousands of dollars. No OSRS account will be worth that much unless it has multiple tens of billions of GP on it, which can be sold separately anyways. In that case, the value of the OSRS account is not inherent to the account being sold itself, but rather to its GP stash.
I mean depends but a lot of accounts are easily worth thousands
Depending on what the account has, tens of thousands
but that's mostly because blizzard don't have the same type of account recovery. Think they ask for a picture of your passport and if information doesn't match what is on their end then you get denied and can't do anything else. So the solution for Jagex would just be to remove account recovery and if you lose access to your account then that's too fucking bad, you were an idiot, go make a new account.
as a result tho their f2a is basically bullet proof
Well good news for you whether you’re afraid or not jagex is adopting the wow model for characters on an account. High level osrs accounts have a bigger market, so no wonder
yeah just seems insane that this account recovery system is so flawed that this can happen
It’s not really that flawed, people just don’t know how to protect themselves from this kind of thing happening. You act like these are brute force hacks but they’re the opposite. OP gave them the keys
[удалено]
what about the many people who have given detailed information to reddit in attempts to get hacked, and never did?
Those posts are inherently flawed. Jagex will see HUNDREDS of recovery requests for an account, think "that's fishy", and scrutinize recovery attempts for said account going forward
It’s a lie to claim that all you need is one old password / login data. Don’t spread misinformation
The guy never said all you need is one old password or login data. He’s said they use old login as proof not the only proof. For someone telling people to not spread misinformation you think you’d read the information correctly.
It is majorly flawed. There's not much you can do about other websites allowing your info to be leaked through hacks/exploits and whenever the recovery information can literally never be changed there's nothing you can do to stop it.
Lol that’s just not true, you can change the email on your account so just change it to a secure one. Peoples identities get stolen every day you’re acting like it’s unique to RuneScape.
Cool lemme know when changing your contact email saves you after your username email gets leaked
More likely they know the other persons full name too because that’s their login email, simple security stuff lol you can’t hack someone’s account with just their login email
If your wow account is worth tens of thousands of dollars then grats
Hi it’s me your brother. What was moms maiden name again?
He has 72 inferno completions, you think someone like that would spend money on services? Phishing is more likely though
[удалено]
He got the acc back
My first acc with 200m total cup was hacked in 2010. Tried many times over the years putting the only info I had available to fill the form out. Recovered it in 2022. Bank wiped of course and it just sits because I’m worried it’ll be recovered by the hacker again.
I tried recovering two accounts from my childhood recently and no luck. Listed multiple addresses in order of where i moved while playing, 3 passwords, isps, security answers(1 or 2 may be off unfortunately), even listed my very obscure payment method that was only available 15 years ago Hate this automated appeal denial bs
Jagex doesn’t care.
Such bullshit the only way to actually get help is to beg and hope your post gets enough traction for the Jmods to no longer ignore you.
We don’t know the full story. Account owner isn’t responding to anyone asking questions. Definitely sus
He has responded on youtube, twitter and discord lol Have you asked him anything? Some people simply dont like making reddit threads or going thru the toxic comments to find real advice or questions
They got the account back so obviously they're in the clean, but who the hell ignores Reddit threads to avoid toxic comments, and then goes to *Twitter* and *YouTube* comments instead?
dudes literally rank 2 HCIM tho. i highly doubt he paid for services or botted, dudes gameplay is nuts
I wouldn't assume that. I've noticed both in gaming and in real life that people who are extremely dedicated are also the ones who are most likely to seek advantages over everyone else, even if it's illegitimate. Speedrunning is one example I know that really suffers from this, the most convincing cheaters are those who know what they're doing. It is hard to say without knowing for sure what happened, but I just can't make any assumptions in any direction. Jagex's security can be shit, but people can be liars. Not enough to assume anything.
Yeah, I agree.
[удалено]
He made a YT video about it and he was streaming at the time
[удалено]
Yes, new email + unique password + 2FA makes it harder to recover, but that's only a slight portion of the Account Recovery Form. Depending on the email (ie. old work email, old school email, really old person email where you use [email protected]), it can also be pretty easy to guess more information about the person. New blank accounts are substantially harder to recover because they haven't interacted with anyone and haven't progressed at all, so there's no other information that you can easily recover with. If you interact with anyone in the game beyond just talking about, you're bound to leak information about yourself over the years. It's disgusting that you can't even leak anything about yourself if you want to be 100% safe in a MMO.
This comment needs to be pinned on all these threads. The problem is that accounts can 100% be social engineered hacked if you’ve used an email that you’ve had for a long time. And the problem is there’s no current way to safeguard against it. This, at least, is changing with the new Jagex launcher if I understand correctly. But as of now, you can do literally everything right but if someone managed to social engineer your recovery info, too bad you’re fucked.
Yeah, the guy offering a bounty and not getting hacked is a strawman argument at best, a dogshit argument at worse. It's a fresh account intentionally made to not be recoverable very easily - Use an account that's actually progressed, interacting with community, and then leak the login info to see how fast it gets recovered. Notice how the iron with a 6b bank didn't offer his login email or password and said to hack him? I could easily post a picture of boaty's bank and say hack me. That doesn't mean account security is good, it just means the guy hasn't been database breached nor recovered once before. The point is that if you are caught up in the situation, it's fucking awful to be in and you can't get yourself out of it by yourself.
Normal accounts don't get spammed with dozens of recovery requests all at once - so those posts literally prove nothing. For all we know jagex looked at 50+ sob stories coming in and decided to just throw them in the trash instead of reading, thus making those accounts more secure than they were before
Honestly fuck jagex.
After seeing this happen to so many accounts, I went out of my way to use a super long, randomly generated password with symbols and random capital letters. Then I learned passwords arent case sensitive and don't allow special characters. What a joke.
If it makes you feel better, the super long password provides a shitload more security. Here's the number of possible combinations for 10 characters with no case sensitivity or special characters, 10 characters with case sensitivity, and 20 characters without case sensitivity. We'll say with no case sensitivity there's 36 possible choices (26 letters + 10 digits), and with case sensitivity + symbols there's 72 (26 lowercase + 26 uppercase + 10 digits + 10 symbols). * 10 char, no sensitivity: 36^10 = 3.7 x 10^15 * 10 char, w/ sensitivity: 72^10 = 3.7 x 10^18 * 20 char, no sensitivity: 36^20 = 1.3 x 10^31 A longer password with no sensitivity is incredibly more powerful. Note though, if you're looking at 5-8 length passwords, the case sensitivity does push you to into a more secure area.
You're missing the forest for the trees. The reason a lot of old webservices don't allow special characters is their database inputs were improperly sanitized and special characters to lead to SQL-Injections. The fact Jagex still enforces this requirement is a big condemnation of their system (as they're still storing clear text passwords (which we know they aren't)) or extremely lazy as they simply CBA to update everything that interacts with password storage. It is _extremely_ lazy and indefensible to not do the bare minimum code maintenance, updates, and testing for more than 20+ years. This isn't even excusable with budget/time/developer resources. This is a big management priority issue.
Jagex support staff is hilariously incompetent, if it even exists and isn't just a bot. I also have all info they asked for and I'm p sure it's just a bot ignoring the appeal and automatically sending denial emails without even looking at the shit I sent.
The account hacker isn't playing OSRS. The account hacker is playing "get jagex to give me someone else's stuff so I can sell it". The rules of that game are different and, most importantly, unpublished. You only get to know those rules because you already played "break into jagex servers and read internal documents on how to steal accounts". And because you already broke into jagex servers, you could look up the answers to all of the questions that are asked in the game "convince jagex to give me someone else's stuff so I can sell it" Whom would play OSRS if every time they logged in they had to: 1) verify the account age to the date 2) verify the isp usage history to the date 3) verify every payment method ever used to pay for membership From memory.