Hackers Are Locking RuneScape Accounts Forever - OSRS Login Spam Glitch
ฝัง
- เผยแพร่เมื่อ 21 ส.ค. 2020
- In today's OSRS video I discuss how "hackers" can disable any RuneScape account using only your username. Jagex is still trying to discover a fix.
↓FOLLOW ME IN THESE PLACES ↓
► Twitch: / colonellors
► Discord: / discord
► Join the "Colonello" CC!
Music by Jagex.
/ runescapesoundtrack
www.runescape.com/downloads_mu...
Outro Song:
Phife For Life - Otis McDonald - เกม
![[LIVE] : ONE ลุมพินี 70 | คู่เอก "โฟกัส vs สเตฟาน"](http://i.ytimg.com/vi/_fVieQ89DRQ/mqdefault.jpg)
One useful tip I'd like to share is that whenever you get access to your account, enable the one-click login on your personal mobile device. If you do that before the brute attempts start, when the lockout happens, that quick login option bypasses the flood and lets you log in. That little trick helped me out for weeks at a time in the past and I couldn’t have maxed if I didn’t do that. I know each account, situation, and bot is ran by different groups of folks, but in talks with other compromised account owners it worked with every single one of them as well.
Vape Nation
Pin this comment ASAP
No, its doesn't help anything. It would said something like "there's and error, please log out and try again". And when you log out and log in again, it just gonna said "too many login attempt".
hi voldesad
ayo
They need to make it where regardless if you enter the right or wrong password it prompts you for authentication. If you can't enter that it won't count as a log in attempt.
TON O'CLAY It does that already, but even if you put in the wrong auth it counts as a login attempt.
If incorrect password/Auth combinations don't count as attempts, there's no point in the "too many attempts" message in the first place, as it's there to stop brute force attempts on the password.
@Kurt Erickson yes I thought about it some more after I'd typed that and realised that because of the short lifespan of the authenticator code what you're suggesting is right, so ignore my previous response!
None of these responses are any better or going to fix the issue people.are getting locked out of their accounts you want to fix this have it set were if you fail to log in correctly after 5 attempts the game considers you trying to hack someones account and IP bans you than have to go into the email attached to the account and confirm your location that the login attempt was coming from in order to lift the IP ban responding with that wasnt me would IP ban the other person and forward the player to an account security set up where a new username and password would be set up also your in-game character would be stripped of their items and trapped in there PoH
@@mrelemantal4743 The solution Kurt provided would help. The amount of time it would take the hacker to crack the 2FA is literally cosmical. And if you would input the incorrect 2FA it doesnt count as a login attempt.
$11 well spent
11$ for what
@@Nedvio membership
🦀🦀🦀🦀
Does that mean you can't get blocked out of your account if you have a membership?
@@j7964 it's a joke about how they increased membership cost to "improve the game" while constantly under delivering
You really had to throw in the mod mark clip huh
Free 100K Plox ?
I vomited when Mod Mark said EOC was going to be the best thing to happen to RS
It’s not a real video without Marky :)
@@ColonelloRS we seriously need to help falsely banned players such as antimen and wailord ex and BL000OOO000D
@@ColonelloRS Since my login email can't be changed, is there ANYTHING that can be done since my user email was leaked a long time ago and apparently someone has been brute forcing since i won 10b from odablock last night????
We have to start demanding the BARE MINIMUM from Jagex!
Customer Support, stable servers, much stronger anti-botting measures and better account security.
You must not have good internet then if you lag i never lag. Anti boting is not easy but i can agree they could stop it if they wanted. Account security i agree they should have it way better with customer support
Good luck with that.
@@bendouglas3729 nah i have fiber and the servers are laggy as fuck dead clicks all the time
Alex Arnold having fibre does not determine your connection to a server. You could live far away from a server and fibre makes no difference
@@Ebolachicken i only gave money when i first started and have not gave anything after
I hope this vid goes big, I've shared the sentiment for a long time. It's just unbelievable a paid service let's this absurd kind of abuse happen.
SSS I think the bigger issue is Jagex’s poor account support, there isn’t really a contact option unlike other MMOs where someone does get in touch.
@SSS You don't need trillions to let people change their email login in a safe way, or to figure out a way to not lock account owners of their account just because someone is trying to login into it illegitimately
If you fell for this your dumb
Well said
It never went big, and never will lol
Imagine your display name being able to compromise your account... Jagex really needs to step up account security
my account was created in early 2005 so my login name IS my Runescape Username..... im fucked if i ever happens to me
@@metallicarabbit same and I made mine in 2007 but I’ve since changed my name so I think I may be a good
I guess no one over there thought about adding a robot check a.k.a a CAPTCHA after X incorrect login attempts. A good number IMO would be 3 or 5 incorrect attempts before asked to do the puzzle. Would slow down the spam to a crawl.
Look into services such as 2captcha. They allow you to automate captchas so it may slow the issue down but it wouldn't solve it.
Yeah idk why they never added this honestly
Many bruteforcers have built in captcha completes anyways
And it could bypass the too msny login attempts
@@ZippyChannelgaming well i'm late af but most of those services cost money per captcha solved. Even if it's like a penny per captcha, that might slow them down since they're trying hundreds if not thousands of time. And that cost may add up
They need to add a trusted devices tab in the account management and you can manually add and verify the computer or mobile devices you play on that way as soon as a login attempt from outside the trusted devices is made its instantly rejected until confirmed through your email and adding it as a trusted device it would also give you more time to act if you found out somebody may have your information because your email may be more secure then your runescape account
I remember this happening to Soulja on stream and he had to make a new account iirc
yeah he was trying to meet up with ItsWill but he showed his email and ppl were trying to log into his account
Yeah but fuck Soulja boy .. lol
@@Amenbrudda SOULJA CONSOLE COMING TO YOUUUUUUUUUUUUUUUUUUUUUU!
$11 a month btw
Does that mean you can't get blocked out of your account if you have a membership?
@@j7964 Nope, if anything it actually just makes you a bigger target.
The reactions at the start were exactly my reaction when the bug happened to me a while ago
Bruihhhhhh finally someone post this issue.... the same thing happened to me with the too many login attempts and they spammed my account to keep me off my account and spammed my email for password recoveries. Unfortunately for me when I did a password reset they sent me a phishing link the same time I had did a recovery that had the same email info as jagex, and then they’ve eventually hacked me. I contacted jagex support and msg them daily on Twitter for help on the issue. Day by day I waited and waited and waited with each day with no response for any kind of help and many other ppl with the same issue.... eventually my bank delay had been broken through and I lost 3.2b and they still have my account. Zero response from jagex support and zero help. Lost 4 years of pure hard work... still trying to get it back. Happened to me 07/21, and I’m still trying as of 08/22. Mega huge issue..... -_- and the worst part about it I had Authenticators and everything set for it. Meant nothing at the end.
Damn I wanna cry for you
I didn’t lose as much as you, I lost 340m cash and 90m in items, I got my account back last month, it was hacked last year, I’m gutted
Jagex hacking to rwt
Jesus Ramirez definitely crossed my mind once tbh
@@Jesus.G.Ramirez what does that mean?
Jagex: Colonello you're no longer a pmod.
Colonello:
did they take his pmod status?
@@IamKogl jagex is petty as fuck. I was a pmod back in 2012, and I had mine taken because on the forum for pmods, I spoke about how their was a bot farm that had been reported for months and they took no action, and the accounts had some level 99s in woodcutting and the same accounts were being reported, and me and three others called them out on their complete failure. And they basically told me in a 5 sentence message that my comments were a deliberate attack on the company and that I was not displaying the attitude a player moderator should have about the community. Bot farm was never banned, some of those accounts were on the hiscores years later. I wish I could remember their names so I could look them back up.
@@nicholasleach2019 I used to be a pmod as well. Basically, if a pmod or an fmod criticizes jagex - they get demodded. Simple as that.
@@holyangemon9076 what I think is funny, right after that happened, my account user name got stolen, and instead of giving it back to me they black listed it and said they can't have the former name of a pmod being floated around. I've resented the company ever since, but I enjoy the game too much to let that prevent me from playing
@@nicholasleach2019 That is extremely messed up, but also not surprised Jagex would do something like that. I can still see my name on a leaked pmod list from a simple google search. I stopped playing for a while already but I find videos like these very interesting. I felt like I was just a tool for jagex when I was a pmod back then. I heard that the mute is only 1 hour now? When I was a pmod, it was 48 hours. Shows how much trust the jmods have with their pmods.
This has happened to me multiple times, and my login is an email. Not even my email, but a family members. When this does happen I used to panic, but I have 2fa on everything and trust that that's going to safeguard my account. I find that I can log into mobile no issue when it's being spammed on PC. I tried to reach out to jmods about it, and people just flamed me on reddit (which is jagex's only 'reliable' customer support.) Changing our login emails is the only way forward imo, allow us to have 1-3 per year. We're told to change our passwords every few months, but now we're in a time where login emails aren't safe either. We play this game for nostalgia, and unfortunately that means dealing with the 20 year old login system.
Same man.. I think personally it was my 2 step on email which kept them out as they can't do fuck all without disabling my auth which requires email access honestly 2 step is a life saver for RS accounts in shocked not alot of people have 2 step on emails..
To play devil's advocate, even if they did allow you to change your login email. The person hacking into your account could keep you locked out while they change that as well.
Even if it's 1-3 times a year, Say you don't ever use it (which there are gonna be a lot that wouldn't use it, due to the whole "can't be asked" mentality.) It'd only make things worse IMO.
No system will ever be bulletproof especially if the support is lacking and people aren't taking some precaution to protect their stuff, Rather 2FA, Bank Pin, Changing passwords regularly to something that isn't just "password" or a variant of it.
0:47 lmao NightmareRH XD
I'm so glad I wasn't the only one who recognised that clip hahaha
@@jamesmalcolm6691 thats my guy !
I feel like this video not only helps fix the problem but runs the risk of having more people aware on this bug and causing chaos. I'm not really sure how I feel right now.
Jokes on them I don’t even know my login name.
steam login ftw.
A simple fix could be to make it so if Authenticator is enabled then when trying to log in for the first time in 30 days or under a new IP it would require Authenticator 100% of the time if your password was wrong or right, then make you log in again(assuming you had to use Authenticator). Not sure if this would create the same problem as I’m not super techy, but maybe switching the first verification to google would be helpful. This would also make it so a bit can’t just guess your password a bunch of times until it gets it right. Since Authenticator changes every so often they’d have to get it right on the first few tries.
maybe make it so that after like 10 failed attempted logins that it forces the user to do a 2 step auth to try any more passwords again and if the "hacker" cant provide it it just won't let any more attempts. it will totally stall out the attempts until the real user is able to get at their account.
Good idea right here
That's a great idea, which means it won't happen lol
ohhhhh, so that's what happened to me twice. Thanks for sharing this information.
Glad to help
Did you get your account back?
@@rusty3493 yeah
Thank you for shining light on the topic. I myself was cleaned and had a tbow loan from a friend and now I'm 1.2b in debt. :c
Love the vids bro
lmaoooo good lucc trying to guess my 06 mindset x.D i was influenced by a lot
it's still happening to me. why hasn't there been a fix for this ffs
How long? Just curius because it might happen to me x.x
My fav outro ever
This video has been made so perfectly! It really shows how much work you put into your videos! Keep up the great work 👌💕
Thank you!!
Penetration tester here. When we find no brute force protection (account lockout) we recommend some solutions like block the user username from logging in (you need to block the username because of DDoS attacks come from different IP addresses). We actually always knew that a Denial of Service can be achieved by knowing only the username. But there is a better solution that we always mention in recommendations and that is a good captcha after X failed logim attempts on the username. This needs to be fixed by Jagex. By asking for a captcha, the victim user will be able to log in by fillingit in correctly regardless of ongoing spamming. Any website is vulnerable to this attack that only uses account lockout as a brute force protection. Tell this to Jagex and the issue will be resolved, this is a free professional recommendation ;)
Could they not request account authentication even if the password is wrong? That way you cant even attempt to log in using just the username without the authentication which would be linked to the users phone.
What would be drawbacks of doing this, if any?
@@bryanjordan8876 im by no means an expert but i do believe it's standard protocol to never confirm a username is correct, and ideally the login server shouldn't know if the username is correct either, so that's why you get the "wrong user or password" message not on or the other. I suppose you could request authentication on wrong usernames too though. Logic is of course that if you give confirmation that the username is correct then you make things easier to bruteforce or denial
Niels Rasmussen another CSEC professional here, you’re correct pretty much. For more reading material look up: “hashing” and “salting”
@@bryanjordan8876 It is not really clear what you mean, by providing the correct credentials, that is an account authentication. I think what you mean is some kind of MFA (Multi Factor Authentication - which means you have to provide additional secret, like a temporary password received via SMS/Email or some other Token). The best practice for developers to only ask for the second authentication once the first one is successful. MFA is a great tool to have against leaked credentials but the application would be harder to use. I have quit Runescape and I am not sure whether such MFA solutions are implemented or not. But the real problem here is that the attacker locks out the victim user by spamming the correct name but invalid password. The correct solution really would be that after X wrong attempts the user would need to fill out a captcha and should not be locked out. This way the user would know: I am probably under attack but it does not really matter. As Niels Rasmussen said: user enumeration should not be possible on the login page (or anywhere else, but there is not really much you can do on the registration page where the username should be unique). I would add, that the server would absolutely should know whether the username is right or wrong but it should not disclose that information to the client, therefore you would get the same error message in both cases. So, to have it clear: the login page would ask for the MFA Pin/Token/Action for re-authentication AFTER the user has provided correct credentials (even the password). That would be another security layer against account theft but wouldn't really stop DoS-ing another user's account unless they have some special implementation. But I think that would be harder to implement and would be harder to use for players.
Yeap.. Account locking is one of the oldest tricks in the book
sick vids keep it up
Love the intro
Men this was happening to me yesterday thanks for the video
Gz bud
Thank you for making this video, this has been affecting me as well. Here is my story: I have 2 accounts that login with usernames (as opposed to emails). I started to get recovery requests for two of my accounts, these appeared to be authentic recovery requests from jagex. This was around 4 weeks after the mass recovery requests experienced this year. I didn't click the links anyways. Then 2 weeks after that, at around 3-4 am local time, every night for weeks, i started to get "too many login attempts" messages and i wouldn't be able to login. Remember both accounts experiencing this log in with USERNAMES, I have never told my usernames to anyone in my life. I would understand moreso if a email login was leaked. recovery requests only show usernames not log in names. SO either there was a leak at jagex or something else crazy like that. I sent a message to jagex customer service explaining the series of events like here. I have NOT received a response, it has been several months. However the recovery requests and "too many login attempts" has stopped.
So what i got from this is that your login username is the same as your screen name which means that everyone knew (even if they didn't realize it) your login username, it's fucking stupid that you got a "contact e-mail" and a "login" username/e-mail
Why not merge the 2? or set a recovery e-mail as another security? 2FA doesn't work obviously, got hacked (when i wasn't playing) and they disabled my 2FA without me getting any e-mails, i checked later and no e-mails were sent from Jagex, when i asked how this was possible it was the cookie cutter response "set up 2FA on your e-mail and Runescape account" thanks, had it on both and Microsoft actually notifies me when people are trying to log in on my account but failing (or even if they get in but get blocked because it's ways away from my normal location)
There actually has been a data leak a while back where everyone’s login username was leaked. No passwords or anything, just the login name.
@@DarkDyllon my screen name and my login names are very different. No one knows my login names.
@@GothGuyLars that honestly makes a lot of sense, I dont see any other way they could have gotten my login username. Luckily the attacks stopped, I have a long password so no brutforcing possible.
@@kailashbtw9103 When did you change your login name to a different name? They would still be able to see your original login name for a month if you changed it by adding you. From the looks of it they simply added you on their friends list and got your login name. Only way to get around that would be double namechange or waiting out the 30 days needed for the old name to disappear
Good video bro
I had something similar to this happen pre lockdown, couldn’t log on to my laptop but got in on my phone stayed logged in on my phone for well over 14hours apart from to attempt to log in on my laptop. After about 14hours I could log in and it’s never happened again since was really weird. Never got a reply from Jagex ether total radio silence....
I've had this issue for almost 6 months, there are days at a time where i can't access my account. I finally managed to contact Jagex support via email. They've admitted it's a technical error on their end and then refused to refund me for the years membership i have paid upfront (i have that in writing). They also said my account did not have the traits that they would typically see when being brute forced. Nobody is trying to login to my account, their login server is just failing. The support in this game is absolutely disgusting.
If you live in the UK you can probably get a refund the same way as you would when a company doesn't deliver a product you've bought. Jagex won't fight consumer rights organisations. Outside UK probably best to forget about the money.
There is an interesting trick you can do where you can make your login any email format, it doesn't have to be valid. You could make "literally@anything.com" and then tie a different email to it after creating. Your username would obviously be different as well.
Yeah but your fucked if u already have an account
Thank you for releasing this video, I am gonna cancel my reoccurring subscription just in case since I play on my big brothers old account which I don’t have the original email that was used to set up the account.
they need to add im not a robot 4head
this problem is priority #1 for me for the dev team, the botting problem can be pushed aside for now. I care more about account security than anything this game has to offer. I would pay good money monthly if we can get assurance that this problem gets fixed imo.
It's a good thing login usernames used to be the same as in game names. So loads of long term players good be caught with this 😭😭😭
Notice how you can change your contact email so they can try to sell you on more promos (more profits, they don't care if you can't log in), but you can't change the login username/ email. Insane.
I’ve been dealing with this issue for a year now. Sad to see there is still no fix for it after this long.
That was the most beautiful opening.
Just want to let you know, got home tonight from work and I'm having this happen now. Never had any issues until I started using mobile for some NMZ while at work, and now I'm dealing with this. So it's still an issue almost 2 years later, nice.
I remember when this was happening to sparc mac and jagex changed his login username for him
Huh good thing I found out about this before I started playing
Damn I had this happen to me last month. Scared the shit outta me but it was the login bug and not a hacker, thankfully.
Feels bad that there is no solution to this being that the Jagex team knows about it...
Thank you !!!
I wonder if this coincides with the strange private messages I’ve gotten in the past couple weeks on osrs from random people. They ask they just got back into OSRS and I was on their friends list. Then they ask what my original account name was so they could remember who I was. Luckily I didn’t reply because something seemed off.
Jagex, the only company that has zero customer support and none of their devs have any sort of degree or certs. Hence why the meme “oh that’s engine work” in other words runescript is spaghetti code and they’re too lazy or ignorant to fix it.
engine work means its cant be done in runescript, the content devs cant do anything about that
Finalpk so they have nobody readily available that can fix a massive issue deep in the engine? That’s even worse than just having lazy devs lol.
Their employees are so underqualified because of how low they pay. Look up their salaries, every person I was friends with from the UK moved to the US after getting a degree is computer science or equivalent because of how much more they could make. They offer machine learning majors, people who could make $100k+ a year in the US, like £40k a year
Finalpk runescript was created by Andrew Gower. In the official RuneScape documentary he mentioned it a bit, in the early days Jagex also offered an internship program where they specifically wanted people that had no coding background whatsoever so they could teach them runescript. (Hence the spaghetti code) It was a complete nightmare. There were so many things bugged on RuneScape Classic, Jagex couldn’t even figure out the Taverly chest bug where you use crystal keys, it was bugged open at all times for years.
Wait RuneScape is in its own language????
This happened to me a few weeks back. Was lucky they did not get on the account, But it took me a good 15 hours to get back on. Happy I am not the only one who has had to deal with this
This has been happening to me for a year and have received no support no matter how many times I contact Jagex . I sold bank and hid my 260m in my NMZ coffer and quit.
This is currently happening to me but I can get on when I use my phone hotspot or go somewhere with a different ip has there been a hot fix yet or am I screwed
I really think that case sensitive passwords would be the #1 way that Jagex can improve account security quickly. It seems insane to me that my password in 2020 is not case sensitive at all....
I theorized this over 13 years ago, I kept quiet though because once discovered this would fuck up a lot. Sadly, even when I messaged Jagex back then it wasn't fixed so...
People need to know this shit ! I shared in my discord .
@colonello This has been happening to me for 2 weeks.. Are there any solutions for this problem yet?
Jagex just finds brand new ways each and every day for me to be dissapointed in them.
Noticed no mention of MFA. Even if your login is leaked, would MFA indefinitely protect you until Jagex could do something about your account?
Most accounts are compromised through the account recovery system, which for some reason bypasses the 2FA.
Gilad Pellaeon shit
Also the solution to me seem simple atleast to safeguard your wealth until further fixes can be done, simply contact a moderator and ask them to have your account temporarely banned (with like a notice being setup somewhere to remind the mod that this ban was setup as a safety measure to secure the account and not for infraction) and wait until stuff calm down a bit i guess?
David Chaput Yea that could work. But good luck getting in contact with anyone that can ban your account.
Two-factor auth at the username level? That should fix it by using the generated code by google auth. You type in the username and press enter, then prompted to enter the code. It would be near to impossible to guess the code because it resets every 15sec. Then you prompt the same with a password but this time it has limited login attempts. A bit of a hassle and not user friendly, but a solution that could be an option to be activated for affected users.
Sorry, I was thrown completely for a loop at 4:40 , that's Kim (from the Yogscast) right? I never knew she visited Jagex!
Haha yeah thats Kim, not sure why she was there
Why not have 2 factor auth verification pass before logging onto the account
This is a denial of service attack. They will spam incorrect authenticator codes to achieve the “Too many login attempts” lock. Once your account has been locked, they will try to recover your account (this bypasses the 2FA because Jagex is retarded). And they will continue to lock you out of the account until your bank pin is disabled.
I had this issue last week. Couldn't login for 24hrs
Make sure u have 2FA on email and rs account. Also check for fishy login attempts on ur email. Thats how they got me
@@amar7325 Yeah, I use hardware based 2fa for my email, and my RS account has the authenticator. I wish Jagex supported security keys like Yubico.
Why am I subscribed 😂
why can't they just change it instead of tracking attempts on each username, track attempts coming from each ip?
The hackers use VPNs so their ip changes constantly
Yeah but it wouldn't lock the account owner out
nobody talks about it because nobody wants to give people the idea to do it
And yet here we are with an escalated situation because people where so silent, Jagex did not consider doing any measurements.
People that knew about this already fixed the problem Year’s ago babe
@@matthewjansen8318 ?
@@matthewjansen8318 ?
Hopefully you making this video will get jagex to bring back the login attempt cap or something
Doesn't having authenticator circumvent this issue? As when you login it prompts for your authentication code?
What about an option for a proxy display name, so that only you can know your real display name to recover the login username with?
A good thing to do that I’ve been doing is create a completely random email that you only use for runescape, if it’s tied to less accounts and subscriptions, it’ll be less likely to be overtaken by a hacker or bug like this
This is why my login is also hidden.
no1 knows who ur. who gives a shit
@@strangedevice2547 The same goes for you douchebag. If ya didn't care, don't reply you stupid bitch.
Some of my friends have had random authenticators set on their accounts and they couldn't log into it. Is this in any way related?
Alot of my accounts dont have an email..guess i gotta take a break til this is fixed.
I still don’t understand how they don’t have a customer service online chat or phone line..
Idk if anyone tried this yet, but "Too many login attempts", at least for me, gets fixed when I switch world. I'll let this know here so people can see if it works for them too.
0:46 my man NightmareRH
I heard about people getting hit by this on reddit, I wonder how many IPs are brute forcing at once.
I'm not sure if you're aware of the consistent amount of email leaks from rsps and even other websites but if a was a bot creator >_> I'd just setup a bot to go through leaks and try every username
The first thing everyone did after watching this video was try to log into their account.
They can’t just add in a multiple failed attempts timer that continues to get longer and longer the more you fail after say like 3 failed attempts?
That would just make this problem worse. Make the system easier to abuse as a way to lock someone out of their account.
If everyone had strong passwords, jagex could just remove the timer altogether and the problem would be gone. You can ddos jagex's login server with attempts to guess a 12-letter password for years and still never guess it.
Jezre the time out would based on whoever is making the attempts not the account.
Also the problem isn’t password strength they just need your login name and can spam wrong passwords to keep you out
Happens to Zezima and Sparc Mac all the time, bottom line don’t leak your original login name
Gabriel Godina exactly
@SSS prime example of victim blaming over here
@SSS You're shilling for a shitty company that doesn't care for the community or the game's integrity, OSRS and RS3 are both fucking hemorrhaging players and Jagex do shit to try and get players back into the game. They just add content for mid to high level players, but it's mostly boring shit that is slightly better efficient exp than methods that are years old. On top of that a new game breaking exploit is added with every new update. Jagex will ban someone for using certain non offensive clients, while leaving bots and scammers completely off Scot free. Anyone who questions or exposes a flaw that shows how poor of a company Jagex is they are blacklisted, banned, have pmod removed, or are just ignored, even though the person just wants the best for the game, the community and the company. It's retarded shit dude.
@SSS you do realize that all the top players usernames are pretty well known simply by knowing when they started playing the game, right?
SSS literally any random person can look at my account and see my login name, and I’m not name changing my name, it’s been the same for 14 years and has sentimental as well as millions of gp value if I were to sell it, not players fault Jagex is a shit company, and that’s the bottom line.
They need to add the ability to change the login name / email associated with the account. This would immediately solve the issue for anyone experiencing this.
It is for this reason that I almost exclusively use pre-2010 accounts that kid me made for absolutely no fucking reason. I used to be obsessed with making F2P alts to do random dumb shit on and it's paid off 12 years later because now I have ~15-20 pre-2010 accounts that login with a username instead of an email, and all the original names have been changed, so even if you do find my email, you can't get my username. Checkmate, hackers.
I have not played in a few months and I had to check my account cause of this video and this happened to me thankfully my account got locked and I was easily able to reset my password and unlock my account nothing was taken
This happened to me right after I downloaded a sketchy program. I thought I had downloaded a keylogger, turned out it added my PC to a botnet. I think it was using my IP to spam log-ins to other accounts and kept me out of mine in the process.
I thought I had that problem, but when I used expressvpn, it worked so I'm glad no one was hacking me
Another Runescape Glitch:
No support tickets or support what so ever.
this happened to me, it was 2 weeks that i couldnt login
another way is people simply use the create account page to figure out wich usernames are taken so they can login spam it
how do they even find out your email theyre spamming my login and i dont understand how did they found out
Whatched the video late lasta night and this morning couldn't log in with this message on both of my accounts. I was able to log in mobile but this needs to be addressed by jagex
Hey, i work for a business that actually has some similar issues. We fixed ours by creating a temporary bypass system where the person in contact with us will provide verification and we will reset the login name to a temporary one which does not abide by the same login as the one being spammed. It goes right through it and it forces the person to change their login name and puts the too many attempts timer on a 15 minute wait. After they type in the temporary login they change the login name to something of their choice and 15 minutes later they have access. That's what we do at least. I don't know what Jagex has the ability to do.
I was hacked a few months ago and still have no idea how it happened, and support literally told me it was my own fault. I was playing that night and went to sleep and woke up the next day and left for work - I Work at a hospital and during covid osrs was my only escape from the stress at the time.
I had 2FA on my gmail, and 2FA set up on my phone. I had recently built a brand new pc a few weeks before. Didn’t have anything sketchy downloaded only the osrs client and discord. Came back home from work and my osrs account 2FA was disabled, and my account cleaned of around 500m and all my items etc that took me years to get. My 2FA on gmail was still active and I had no logins other than my own computer.
With no help from support, and losing everything I just quit. This happened in June
Colon man good.
Odablock tweeted mod ash about this, the answer was something along the lines of "we dont have the system capabilities to fix this problem, and we cba to try"
this just happen to me three days ago, I got my account to unlocked and not even 24hours it got locked again with the message "too many login attempts" wtf. how long does this usually last?!
Any time I had the issue of "already logged in/too many attempts" spamming reset password/recover account would lock my account due to suspicious activity.
did that help you regain it?
This is literally happening to me and I've tried posting on reddit for support but got no response :/
i had the same problem of my account idk if was hack or not and i also cant log in my account in the runescape website so i need to know how to fix these or is it my internet
would two factor authenticators help with this, or complicate it even more?