Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

Sign up now!

Scam

Status
Not open for further replies.

dsh

Joined
Mar 22, 2017
Messages
3
Dont use this client. Havent played on an account for 2 years. Used runemate for 3 hours, logged in a few days later, bank traded off.
 
Blazin all them herbs
Joined
Jul 10, 2017
Messages
179
Savior said:
I mean you can believe what you want...
if it makes you feel better to believe that runemate got hacked, instead of accepting that you were uncautious and got hacked on your own, then so be it

feel free to debug any sorts of connections going from the client to the runemate server. you'll find that the only time it's transferring your accounts login information (IF you enter them into the client) are encrypted. they're encrypted with your runemate login credentials (maybe amongst other things, idk). Technically arbiter could use the rm credentials you're sending to the server by logging into the client to decrypt your players credentials.

Let's ignore that this is already extremely unlikely, but okay, it is a minor security flaw.

Now arbiter has hundreds of thousands of player account credentials. What's he gonna do then, just pick random ones? or go after a specific runemate user? there isn't even a guarantee those credentials are valid.

Runemate sends very few information such as gp in inventory, any rings of duelings equipped, or a part of your quest list, in order to build navigation paths using runemate's web. this data isnt even mapped to a distinct player you've added to your client, just to your runemate user.

Lets assume he'd go by the accounts with the most wealth currently in the inventory by using the data of a completely different service (it's getting more and more ridiculous as you can see). Now if arbiter logged into these accounts, you would see a lot of users complaining about locked accounts due to suspicious account use, namely differences in IPs, jagex does that pretty easily.

Now i've seen some ban reports, and i've seen some "hacked" reports, but i've never seen a single "account locked" report on the forums.

Please do not feel offended, i really just want to make things clear.

TLDR: even if (and thats a big fucking if) the recent downtime involved a huge database leak, there are encryptions in place that prevent anyone from reading your account information.
 
Runemate Credits Guru
Joined
Jun 29, 2021
Messages
64
I'm not gonna lie, last night I had the most random hack, I've ever had in all the years I have been with osrs communites.. FIRST TIME EVER...

I was on a main account and saw my mule account login...My mistake it was a new mule account and I had yet to add a bank pin... Had over 150M swiped ...

Thing is in all my years of osrs I have never had a random hack like that... So random! - As I do not download or nor do I install files on this PC, the ONLY programme that windows signs as suspicious is Runemate.

Now I'm in no way saying it was because I use Runemate is the reason why I got hacked... Just seems strange that there's been a few posts about people being hacked then few days later I get the most random hack I've ever seen in my life...

Maybe something needs to be looked into here... I'm in no way a scripter or know the art at all but to be randomly hacked like that for the first time since being with osrs in late 1990's.

I wasn't even angry when it happened - was just so shocked and suprised as this has NEVER happened to me until last night.

Also the way the account was hacked, who ever done it had access to account email and password as they were never changed... I'm a very secure person and in NO WAY i would share any account info with anyone, let a lone a mule account.

It also happened not long after doing a Runemate credit sale for 65M using that mule account.

All seems a little strange....

[EDIT]
Looking at the time when this was posted, It was around the same time I got hacked.. 2-3am last night.

Also the fact there has been a few of these posts popping up these past few days and not one response from a member of staff, what is going on?

Is a little bit suspicious more i think about it.
 

dsh

Joined
Mar 22, 2017
Messages
3
Savior said:
I mean you can believe what you want...
if it makes you feel better to believe that runemate got hacked, instead of accepting that you were uncautious and got hacked on your own, then so be it

feel free to debug any sorts of connections going from the client to the runemate server. you'll find that the only time it's transferring your accounts login information (IF you enter them into the client) are encrypted. they're encrypted with your runemate login credentials (maybe amongst other things, idk). Technically arbiter could use the rm credentials you're sending to the server by logging into the client to decrypt your players credentials.

Let's ignore that this is already extremely unlikely, but okay, it is a minor security flaw.

Now arbiter has hundreds of thousands of player account credentials. What's he gonna do then, just pick random ones? or go after a specific runemate user? there isn't even a guarantee those credentials are valid.

Runemate sends very few information such as gp in inventory, any rings of duelings equipped, or a part of your quest list, in order to build navigation paths using runemate's web. this data isnt even mapped to a distinct player you've added to your client, just to your runemate user.

Lets assume he'd go by the accounts with the most wealth currently in the inventory by using the data of a completely different service (it's getting more and more ridiculous as you can see). Now if arbiter logged into these accounts, you would see a lot of users complaining about locked accounts due to suspicious account use, namely differences in IPs, jagex does that pretty easily.

Now i've seen some ban reports, and i've seen some "hacked" reports, but i've never seen a single "account locked" report on the forums.

Please do not feel offended, i really just want to make things clear.

TLDR: even if (and thats a big fucking if) the recent downtime involved a huge database leak, there are encryptions in place that prevent anyone from reading your account information.
So its just a coincidence that an account nobody has logged onto for YEARS gets hacked AS SOON AS I START USING RUNEMATE? And that every other acc I have that hasnt used RM is perfectly fine?
 
cuppa.drink(java);
Joined
Mar 13, 2018
Messages
7,103
So its just a coincidence that an account nobody has logged onto for YEARS gets hacked AS SOON AS I START USING RUNEMATE? And that every other acc I have that hasnt used RM is perfectly fine?
I mean I understand why that looks like that from your point of view, but it just flat out wouldn't make economical sense for RM to be taking random stuff off random accounts. It literally isn't worth the reputation hit.

To me this sounds like either:
- a big coincidence, that the password has been breached in some leak on a different site and someone just hacked it now (less likely imo)
- maybe something else you did the same day you were getting back into Runescape cheating got your password. There's tons of sites out there trying to get your info. There's a phishing fake Runelite site that pays for ads to be at the top of Google searches and has a similar domain. There's generally fake clients/plugins, there's account services that hack accounts, twitch scams, Runescape ads on Facebook leading to phishing links. There's fan sites/private servers that steal your stuff.

And I know that a possible reaction to that is "if all those people exist trying to hack accounts, why wouldn't Runemate?" And the answer in my mind, is that unlike all those sites, runemate is an actual business that's been around for like a decade (and the admins for longer).

Like I said I am sorry you got hacked, and I understand why you think it would be Runemate, but I'm just dropping my two cents why I think that's impossible.

How much did you lose anyway? Just wondering I guess.
 
Runemate Credits Guru
Joined
Jun 29, 2021
Messages
64
What about what happened to me, around the same time this happened to this new user... I have nothing to gain I'm an avid Runemate user have paid supporter / sponsor since joining plus spend god knows on credits...

The fact this happened to me has around the same time this post was created, could be a coincidence but when 1+1=2 you know its more mathmatical than pure coincidence...

I'm not saying it's anything to do with Runemate and the good lord knows I hope it isn't but the fact this is the first time it's happened to me in all my years at runescape black market communites, around the same time it's happening to other random RM users... I don't know seems more than just coincidence...

That said, I've been in the game since late 1990's, I can put my hand on heart and say this is the FIRST time i've ever had a random hit like this...Shortly after doing a sale of RM credits as well, only the account used for this trade was hit I have many other accounts but this was the one that was hit all others fine ...

Also I know how to protect myself from hackers/scammers as you learn it quickly being in this game and it becomes second nature - what to do and what NOT to do...

So to be randomly hit like this on a PC that only uses the RM client and has only ever installed the RM client... Apart from that Discord and Runelite, rest is official microsoft programmes.

Do the maths here and something isn't adding up - right??

[EDIT]
To be fair I wasn't going to post anything about it on RM, was going to look into it, do the usual security checks and changes to account info's etc and leave it as a very weird, random hit that has NEVER happened in all my YEARS and move on.
After looking into it for some hours and I cannot see ANY way my security would of been breached if not by a breach at RM to be honest... Then to see there was a user making a post about being randomly hit around the same time I was hit... I don't know seemed it was worth posting so someone can look into what ever needs to be looked into ... As if it continues to happen and RM continue getting the blame, it will end what we all love and use.. Let's be fair here and say something is looking dodgy at the least?
 
Last edited:
cuppa.drink(java);
Joined
Mar 13, 2018
Messages
7,103
What about what happened to me, around the same time this happened to this new user... I have nothing to gain I'm an avid Runemate user have paid supporter / sponsor since joining plus spend god knows on credits...
Sorry, I had just woke up and was replying from my phone, didn't see your post till now.

I was on a main account and saw my mule account login...My mistake it was a new mule account and I had yet to add a bank pin... Had over 150M swiped ...

Thing is in all my years of osrs I have never had a random hack like that... So random! - As I do not download or nor do I install files on this PC, the ONLY programme that windows signs as suspicious is Runemate.
I mean 150mil is enough that I understand why you're upset, and I'm sorry that happened, but when it comes down to it it's $45-60 (I don't know the current value), which as a business isn't worth the hit to it's reputation. Especially why would Runemate take 150m from one of it's sponsors/avid users? Again I know $45-60 is frustrating to lose as an individual, not trying to minimize it, but yeah, from a business point of view that's not worth it.

Also, question: you say the account was a new mule account; had you ever even added it to the Runemate client? Like typed it into Runemate? Or you think Runemate took it while running in the background, disconnected..?

The fact this happened to me has around the same time this post was created, could be a coincidence but when 1+1=2 you know its more mathmatical than pure coincidence...
I mean that's definitely a bit of a coincidence, but in the grand scheme of things, 2 accounts of users involved in Runescape cheating being hacked in a day out of the thousands of people who use RM in a day is not that big of a coincidence.

Also the fact there has been a few of these posts popping up these past few days and not one response from a member of staff, what is going on?
I mean honestly that's not really odd at all imo, the forums are pretty quiet in general and I don't think most of the staff comes on here a ton. And honestly I'm not sure what they can say that hasn't been said before. A few of them are on discord a lot more though.


Again, I'm really not trying to minimize this or anything, I guess I'm just giving my point of view. Obviously I don't know anything for sure, and I don't really have any way to prove anything. I'm personally just extremely convinced that Runemate is safe.
 
Runemate Credits Guru
Joined
Jun 29, 2021
Messages
64
All in all I'm where you are at Cuppa, I'm asking the same questions you are and believe what you believe...

I believe it wouldn't be Runemate as of course it makes no business sense, that is clear for anybody to see... i'm not denying that at all... but security breaches happen all the time, especially when that buisness owns a nice portion of peoples data...

This could happen by RM staff or someone on the outside of RM or even completely unrelated to RM, could still manage to get their hands on data, happens all the time to companies that net more than RM by the billions... So it does happen.

As already stated I hope to the good lord it hasn't as you know I'm an avid user, being the only client I use this would hit my "rs empire" hard so I hope this isn't the case here.

I've already stated I've spent a decent amount of time looking for other security breaches and have yet to found any, being in the game as long as many of us have, you know what to do and what not to do. Nor do I feel I need any advice on this as after 15+ years in the game and only being hit this once in 2022, I feel I can manage any security breaches there may be my end and there isn't.

For example when installing a programme and windows pops up telling you this .exe looks risky and advises you not to install it, this is the ONLY red flag I've allowed on any PC/laptop I own and that is to install and use the RM client.

Also the 150M doesn't bother me, not bitter nor angry, it will be a learning lesson and made back no problem, I just saw the coincidence and it wouldn't sit right with me if I didn't atleast voice my opinion.

Hacking people on a regular basis and getting away with it, no matter the amount taken will soon add up to nice little extra "on the side" for somebody. This isn't the first coincidence we've seen in past week or so... You can't keep seeing the same pattern and just call it a coincidence, that would be short minded - I believe.

All we can do is see what happens, if anyone else gets a random hit and take it from there but I do advise the RM staff to look into their secruity and look for any possible security breach - It certainly wouldn't harm to do so.

[EDIT]
Also we don't know how many users have been hit from RM, we've seen a few of these post pop over past week but I'm sure there are many who will assume what I did before seeing this post around the same time I was hit and that is;
"It must be my fault not RM, what did I do to put my account secruity at risk?"
People will assume this before thinking it's the client helping them achieve their RS goals.
 
Last edited:
Client Developer
Joined
Oct 12, 2015
Messages
3,760
Whenever these threads pop up I always have a bit of an internal debate with myself about whether or not I should comment. On one hand, I understand that you are upset, and it's probably worth explaining why we as a business have no interest in damaging our customers. On the other, it's incredibly difficult to convince someone that has made up their mind that they are wrong.

That said, I suppose I can make this comment and then hopefully people will be able to link back to it in future whenever these posts crop up.

1. These posts happen all the time, on every platform, and have since the beginning of time.
It's only reasonable, right? The client you use to cheat the game must be the thing that cheated you? Well to some degree you're right - this has happened in the past, but luckily for you, that practice has stayed in the past. Those clients died out long ago, and no mainstream client today has even the slightest interest in doing that to you, for their own sake as well as yours.

2. Capability / Opportunity
Who is even capable of stealing your login details? Well there's a few things to note about that:
  1. Your login details are stored in plain text in the game client. It's a flaw of Jagex's that has existed since the game first launched. Anybody who can read that information can (in theory) see your username and password.
  2. With that knowledge, you should know that every mainstream client blocks the ability of scripters/developers on their platform to access those fields in production.
  3. Separately, clients can ask you to enter your login information before we event get to that point, for use in login handlers etc.

So then you have to ask yourself what happens with this data, and there's 4 options:
  1. Store your data locally on your computer only, it's never sent to the server.
  2. Send your data to the server and store it in plain text.
  3. Send your data to the server, and encrypt/decrypt it on the server.
  4. Send your data to the server, but handle encryption and decryption on the local machine.

Options 2 and 3 are obviously no-fly's, since they both have obvious safety concerns. Option 1 sounds okay, but then you aren't able to sync your accounts between different computers. That's why almost every modern application in existence goes for option 4. In fact, we don't just encrypt your password before it leaves your machine, we encrypt all of the account information, using a key that is specific to your user. The only part of that data that is insecure is your account alias, which we forcibly stop you from making similar to your login username and password.

In summary, it's literally impossible for Bot Authors to steal your information because we make it so. In fact, every line of code that makes it way onto the bot store is both automatically and manually reviewed by our team, and as Executives of the platform, only one of us has access to any data, and it's all encrypted anyway.

People have been attempting to reverse engineer our software since it was launched, as people do with all kinds of software. If we were doing anything nefarious, it would be known by now.

3. Motive
The next thing you'd have to consider is what reason a business such as ours might have for wanting to hack your items.

Think about the potential impact that might have on our reputation as a service provider, we would lost almost all of our customers, immediately. It would be the end of our business if it turned out that we were using our users' data inappropriately. That alone is worth more financially (and personally) to us than whatever pixels you have in your in-game bank. While that itself is a large enough motivator to not misuse your data, it's almost irrelevant because we have no interest in doing it in the first place, we don't even play the game anymore, we're just people in creating a client that provides the best experience we can offer for our users.

4. How do people get hacked?
This can get a bit more technical but I'll try to keep it basic. There's various ways your account can be attacked, and I'll order them by the frequency by which I think they occur:
  1. Phishing - putting your username/password into a malicious website/bit of software. Doesn't even have to be OSRS related, if you use the same password in multiple places.
  2. Password Dumps - breached sites have their databases dumped and user account information is made public. These could be from as far back as like 2005. You try a username/password combo on your favourite game and occasionally you'll get a hit. People tend to use the same password for everything, and don't change it.
  3. Abusing Jagex account recovery - doesn't happen as much nowadays but still a very prevalent way that people gain access to others' accounts. I don't know enough about how this works to comment.
  4. Actual malicious software - viruses/RATs/etc.
  5. Malicious 3rd party clients (OpenOSRS plugins etc) (Not really a problem anymore)
I've intentionally left out mainstream clients being malicious, because it just doesn't happen.

5. Prevention
So how can you prevent being hacked? Personally, I haven't been hacked since I added 2FA to my OSRS account(s) and my email, I know the same of true of anyone else I have asked with the same setup.

Besides that, Jagex has a pretty reasonable article explaining how you can secure your account.


That's about all I can think of at the moment, though maybe I could flesh out why we have no motive to hack you a bit more. I might update this again later if anybody has anything obvious that I've missed.

For any other questions or remarks, I'm hoping that you'll just take us on our word.
 
Joined
Jun 9, 2015
Messages
3,717
I might update this again later if anybody has anything obvious that I've missed.
I do know that people fell for that RuneLite scam, where they thought they had downloaded the 'official' RuneLite client but it turned out to be a keylogger. I think it was advertised on Google as well so it showed up as the top result...
 
Client Developer
Joined
Oct 12, 2015
Messages
3,760
I do know that people fell for that RuneLite scam, where they thought they had downloaded the 'official' RuneLite client but it turned out to be a keylogger. I think it was advertised on Google as well so it showed up as the top result...

That's right yeah, and a lot of the time people won't notice. The majority of posts I've seen like this have always started the same way: "It must be X I've not used anything else!". And they always end one of two ways, either they put their hands over their ears and leave, or they actually look into it and realise they were compromised another way.
 
Runemate Credits Guru
Joined
Jun 29, 2021
Messages
64
I really appreciate staff coming here to really explain how things work as we the users have no idea, defiantly gained some insight.

As I've stated I'm going to take it as a random hit and move on and keep an eye on things as thats all we can do.

I do have a question about Runelite plugins as I got a bit bored that evening and decided to try some new plugins that maybe not so well known, I uninstalled not long after installing as they seemed to have no- to little use ... Could this be a possible breach in security? Using random plugins on Runelite?

Again, all we can do is try learn from a situation and move on, glad to be able to have the discussion without being immediately silenced.

God bless and let's hope these random hits are just what they are random and don't happen again.

I still call RM my home and still continue using it as we speak, I just had some questions that needed answered, thank you for answering them.

O.G
 
Client Developer
Joined
Oct 12, 2015
Messages
3,760
I really appreciate staff coming here to really explain how things work as we the users have no idea, defiantly gained some insight.

As I've stated I'm going to take it as a random hit and move on and keep an eye on things as thats all we can do.

I do have a question about Runelite plugins as I got a bit bored that evening and decided to try some new plugins that maybe not so well known, I uninstalled not long after installing as they seemed to have no- to little use ... Could this be a possible breach in security? Using random plugins on Runelite?

Again, all we can do is try learn from a situation and move on, glad to be able to have the discussion without being immediately silenced.

God bless and let's hope these random hits are just what they are random and don't happen again.

I still call RM my home and still continue using it as we speak, I just had some questions that needed answered, thank you for answering them.

O.G

Plugins from RuneLite's plugin hub are almost certainly safe, yeah. I was really talking about dodgy OpenOSRS plugins (& bots) - it would have been all too easy for them to gather user account data.

Again, I want to re-iterate, if you have 2FA enabled on both your OSRS accounts and the email associated with it, based on my experience your accounts should be really safe.
 

dsh

Joined
Mar 22, 2017
Messages
3
I mean I understand why that looks like that from your point of view, but it just flat out wouldn't make economical sense for RM to be taking random stuff off random accounts. It literally isn't worth the reputation hit.

To me this sounds like either:
- a big coincidence, that the password has been breached in some leak on a different site and someone just hacked it now (less likely imo)
- maybe something else you did the same day you were getting back into Runescape cheating got your password. There's tons of sites out there trying to get your info. There's a phishing fake Runelite site that pays for ads to be at the top of Google searches and has a similar domain. There's generally fake clients/plugins, there's account services that hack accounts, twitch scams, Runescape ads on Facebook leading to phishing links. There's fan sites/private servers that steal your stuff.

And I know that a possible reaction to that is "if all those people exist trying to hack accounts, why wouldn't Runemate?" And the answer in my mind, is that unlike all those sites, runemate is an actual business that's been around for like a decade (and the admins for longer).

Like I said I am sorry you got hacked, and I understand why you think it would be Runemate, but I'm just dropping my two cents why I think that's impossible.

How much did you lose anyway? Just wondering I guess.


I dont think that it has anything to do with maliciousness from the staff at RM; however I think a plugin or db breach may have been the culprit; as you say it wouldnt make sense for RM staff to do anything like that.

I barely lost anything cuz the acc was poor; however its still alarming that specifically RM is the only thing I had used on this account; if I had used multiple different providers, openosrs plugins, ect on this account yeah it could be any of them; what is worrying is that RM is the only thing I used on this specific account
 
Client Developer
Joined
Oct 12, 2015
Messages
3,760
I dont think that it has anything to do with maliciousness from the staff at RM; however I think a plugin or db breach may have been the culprit; as you say it wouldnt make sense for RM staff to do anything like that.

I barely lost anything cuz the acc was poor; however its still alarming that specifically RM is the only thing I had used on this account; if I had used multiple different providers, openosrs plugins, ect on this account yeah it could be any of them; what is worrying is that RM is the only thing I used on this specific account

We don't have plugins and we've never suffered a breach. Even if we had been breached, account information wouldn't be accessible because it's encrypted before it leaves your client.
 
Blazin all them herbs
Joined
Jul 10, 2017
Messages
179
I've been hacked by Jagex a lot, they cleaned my accounts right out and got me banned for macro use! It's crazy.
 
Status
Not open for further replies.
Top