[xcrunner]

Consolidating the discussion into the following thread to prevent the spread of misinformation.
Potentially Hacked by RuneMate | Community | RuneMate

-- Original Post --

Pretty odd how a day after using Runemate again, both my accounts got hacked.

 

[american express]

Well......It wasn't Runemate.

How do you know your computer was clean? Does someone else have old information on the account? Did they recover it back from you?

 

[rsgpplz]

Nah, it definitely wasnt this app that got you hacked. Been using it a little over a year and ive never gotten hacked.

 

[xcrunner]

Nobody recovered the account, i would've gotten any email about that. My EMail is through gmail, and I have 2 step verification so if they wanted to get into it, they'd have to have my cell phone as well. I use AVG and Malwarebytes to keep my computer clean, and I haven't downloaded anything "suspicious" for a long time.

 

[vahtos]

Same thing happened to me not long ago. Hadn't played in a long time, started botting and then lost 15-20m. I was pretty annoyed at first, but then I realized that regardless of how my account may have been compromised, it was my own fault for not using the authenticator for my account. I don't think that anyone who would possibly have access to passwords stored by RM would hack accounts from the userbase. But even if someone did, it's on us for not using the security features provided.

Besides, RM earned me all my gold anyway!

 

[xcrunner]

There's gotta be something jagex can do. I've gotten a keylogger on my computer before (this was like 6 or 7 years ago) and they rolled back my account so I had all my stuff back

 

[arbiter]

Sigh... I've said this a million times before and I'll say it again. Anyone with two brain cells and a traffic sniffer like Wireshark can personally verify that your account info is encrypted client-side before being sent to the server. When you pull the account info from the server you receive the same encrypted data, which is then decrypted client-side for use. Now anyone with a little bit of reverse engineering experience and three brain cells can also verify that the encryption is overkill strong and uses information that would only be available to the user and is only ever stored in memory. Your account was likely stolen in one of the numerous ways accounts are stolen everyday including, but not limited to, a keylogger, phisher, or (the surprisingly most common option) a friend. When in doubt, Occam's razor.

tl;dr we couldn't access your account even if we wanted to and we don't want to.

 

[vahtos]

Support - Lost items - RuneScape Wiki

 

[derk]

Sigh... I've said this a million times before and I'll say it again. Anyone with two brain cells and a traffic sniffer like Wireshark can personally verify that your account info is encrypted client-side before being sent to the server. When you pull the account info from the server you receive the same encrypted data, which is then decrypted client-side for use. Now anyone with a little bit of reverse engineering experience and three brain cells can also verify that the encryption is overkill strong and uses information that would only be available to the user and is only ever stored in memory. Your account was likely stolen in one of the numerous ways accounts are stolen everyday including, but not limited to, a keylogger, phisher, or (the surprisingly most common option) a friend. When in doubt, Occam's razor.

tl;dr we couldn't access your account even if we wanted to and we don't want to.

Even IF you wanted to, how is a single RuneScape account worth more than the entire web of trust RuneMate has created over the past years?

It's ridiculous that you might even think such a thing.

 

[insomniac]

Pretty odd indeed


420goldgenerator.exe that is

 

[afg1]

You probably got phished from those stupid private messages saying to visit this site and sign up for free gold or become a jagex mod lol.

 

[slashnhax]

Nobody recovered the account, i would've gotten any email about that. My EMail is through gmail, and I have 2 step verification so if they wanted to get into it, they'd have to have my cell phone as well. I use AVG and Malwarebytes to keep my computer clean, and I haven't downloaded anything "suspicious" for a long time.

Smells like a dog mate to me. If they know you're using a botting program, or have used one before, they'd see that as an easy scapegoat.

 

[vahtos]

You probably got phished from those stupid private messages saying to visit this site and sign up for free gold or become a jagex mod lol.

People fall for this???

 

[party]

This post is hilarious.

 

[ichaseexp]

Untill i get hacked, rm didn't hack you

 

[xcrunner]

You probably got phished from those stupid private messages saying to visit this site and sign up for free gold or become a jagex mod lol.

Nope definitely wasn't a phisher, I don't fall for that stupid shit lol. I usually report the website to their hoster just for shits n giggles.

I do think I found out what it was, and I'd like to apologize to Runemate. Seems like the ISP that the base i'm deployed to uses for their base-wifi is extremely fishy. Other people I've talked to have been getting emails ever since they arrived here saying that someone is trying to log into various accounts (Usually game accounts & Steam).

 

[american express]

Nope definitely wasn't a phisher, I don't fall for that stupid shit lol. I usually report the website to their hoster just for shits n giggles.

I do think I found out what it was, and I'd like to apologize to Runemate. Seems like the ISP that the base i'm deployed to uses for their base-wifi is extremely fishy. Other people I've talked to have been getting emails ever since they arrived here saying that someone is trying to log into various accounts (Usually game accounts & Steam).

Open Wifi + Packet sniffer = GG

 

[ichaseexp]

Good ole mercia for you

 

[sicarius99]

Rip

 

[arbiter]

As always... it wasn't RuneMate. Glad you figured it out though and hopefully you can make it all back with RuneMate soon.