Forums

Account recovered w/out email

Quick find code: 408-409-233-66140117

Chrike4
Sep Member 2019

Chrike4

Posts: 1Bronze Posts by user Forum Profile RuneMetrics Profile
Hi, so i'm a bit of an old player, account created in 2010 and had the same password ever since.

Long story short the account got compromised and cleaned (no bank pin). I'm not worried about the items as much as I am the account itself. At first i assumed they just guessed my password from one of the 15 hacks that haveibeenpwned tells me I was a part of. Most of which i used the same password for. Here's what scares though... I had two factor auth up. On the email itself i have a unique password thats over 20 characters, saved through lastpass, so i haven't typed it in in over a year. Ontop of that I have two factor auth and set it so that it will notify me any time someone attempts to log in with a correct password and is given the 2fa (It won't give the 2fa again after the first login). I see no way that my email could have been compromised.

On 10/14/19 I get an email "Disable Authenticator" at the time i thought it was spam since it wanted me to click a link but now that i know it was real i wonder if i clicked it by accident and actually disabled it. I have no way of knowing since that is the last email i receive from jagex.
On 11/24/19 I get an in account notification message from MOD SKYNET "We're contacting you as this account has been recently identified as being accessed by an unauthorised third party..."
"If you're reading this message it means that you've successfully recovered your account, to prevent this from happening again please be sure to..." And later down it says to add 2-step auth.

So here's my question to anyone, hopefully a mod that could look into the account and figure out just what the heck happened.
- Was it an account recovery that reset my 2fa?
- Why was the password still the exact same? Wouldn't recovery force them to change it?
- If it was an account recovery whats stopping them from just recovering it again?
- If it WASN'T then is it possible they reset 2fa without getting into email?

Just checking if I need to start over :(

22-Jan-2020 05:43:04

Malua
May Member 2006

Malua

Posts: 34,078Sapphire Posts by user Forum Profile RuneMetrics Profile
“Was it an account recovery that reset my 2fa?”

No. Authenticator can no longer be removed through a recovery.

“Why was the password still the exact same? Wouldn't recovery force them to change it?”

Your account cannot have been recovered - because Yes, a recovery does force a pw change.

“If it was an account recovery what’s stopping them from doing it again?”

It was not a recovery.

“If it wasn’t then is it possible they reset 2fa without getting into email?”

No. Email access is required now to disable 2fa.
Forum Community Helper -
Information about the Community Helper Team

24-Jan-2020 02:31:40 - Last edited on 24-Jan-2020 05:17:33 by Malua

Quick find code: 408-409-233-66140117Back to Top