If the hacker was able to bypass your authenticator, it likely means one of two things, either they had access to your phone or they had access to your e-mail. The most likely scenario is that they had access to your e-mail as well as your Runescape account, which allows them to disable your authenticator.
This means your e-mail has likely been compromised and I would recommend resecuring it, as well as enabling authentication on your e-mail if your e-mail provider offers that. A Runescape account is only as secure as the computer you play it on and the e-mail address linked to it. Also, I don't know if you did but since you were hacked it's likely that your e-mail password and Runescape password were the same, that puts your account at more risk. Your e-mail password should always be different than your Runescape password.
I would assume that your computer was compromised in some way, either by a virus/malware/etc, and through that the hacker was able to obtain your login details through a keylogger or something of the sort. I would highly recommend securing your computer as fast as possible (do an in-depth virus scan) and after you ensure your computer is safe again, change all your account security again, as it could still be accessible by the hacker.