This is an automated archive made by the Lemmit Bot.
The original was posted on /r/2007scape by /u/Krikke93 on 2025-06-02 09:59:49+00:00.
As you can read from the title, my account has been compromised. This happened about 1,5 month ago and I am to blame for having a security flaw in my email system, so I’m not here to complain about it taking place. I am here to warn everyone of a serious security flaw after someone has had their account compromised.
Shortly after getting hacked, I fixed all my credentials, changing passwords on both my email and jagex account, removing and re-adding new authenticators (also on both) AND clicking “log out of all sessions” button in jagex account settings.
Despite these efforts, a couple days after this took place, someone managed to log back into my account to check if anything new was available to steal. I know this because my friends saw me logging in when I was asleep and when I checked my account the next day, my chat settings were all set to private.
Now, a month and a half later, I keep confirming someone is logging into my account about once a week (maybe an automated system).
The wild part is, my new passwords and authenticators on both my jagex account and emails remain unchanged. This means the hacker has access to some kind of login token that he saved from when I was first compromised and is able to continue to use that token to login, without needing any of my new credentials. This even spans across updates.
Just thought I’d warn everyone that once your account is compromised, someone may have access to your account for a long period of time. I hope, for everyone else’s sake, Jagex fixes this flaw in the near future.
Also, this has been brought up before and hasn’t been fixed since (about a year ago). Example posts here and here.
EDIT: My steam account was not linked to my jagex account. I double-checked this, as this is another known security flaw.
TLDR; After getting hacked once, it is possible the hacker maintains access to your account, even after changing your credentials and authenticators.
You must log in or register to comment.