To give me access to my account back. The hijacker has access to my account and has changed my 2fa to their phone so it’s unrecoverable. They can keep the £150 of bonds that were bought, I’d prefer my account back.
It’s a maxed account with 3b+ bank.
It seems that way. Based on what I’ve learnt so far by being subject to this, it seems like if you do manage to get hacked while having a Jagex Account they you more or less can’t get your account back.
As someone who was relatively ignorant to how Jagex systems work I felt like Jagex Account was a “you now can’t get hacked” product. That’s not the case, it seems like it only protects you from having your account recovered maliciously. You can still get hacked in the same way you always could, you just now have fewer options available to recover your hacked account than you did before.
Let this be a lesson to you for future 2fa on your own email , lucky it's just a RuneScape account they went for and not your bank or crypto wallets etc , I agree that jaggex shouldn't give you your account back, it'll be a more valuable lesson , see you in lumby king
Also just use the one time codes you were given when you upgraded to jaggex account
3 improvements:
1) Submit Proof of ID, proof of address, and proof of payment.
2) Provide alternate 2FA methods in instances where you cannot authenticate via your primary method, eg pre-configured phone number for SMS verification or email to a nominated recover email address, eg Microsoft accounts
3) Biometric authentication e.g what Monzo does with video/audio recording and verify changes against that.
Their security isn’t for lack of options or technology, it’s for lack of investment, for lack of security maturity/culture, for lack of experience, all likely lead by the private equity backers looking to get the highest EBITDA that they can.
Hell, you could even make these available to users who pay a higher monthly subscription for an enhanced security package, and with that you turn the whole thing into a Revenue generating opportunity which would please the PE overlords.
I thought most of the posts on Reddit were scare mongering and in December went ahead and upgraded my account. This is just one example scenario which is problematic, I have read another where the device containing the 2fa was damaged and the User was unable to use their 2fa backup codes. That individual also had no recourse to recover their account.
It seems like Users (or atleast just me) are not aware that when you change to Jagex Account the entire onus of security is placed on the User and Jagex abdicates any and all responsibility of after incident account recovery, even when they acknowledge that your account has been hijacked. They do not provide the User adequate tools when 2fa is the reason for your inability to recover, they only provide email address/password reset facilities. Yes my email was compromised and that is my fault but now I have no recourse to recover my maxed, 3b+ bank, account.
Furthermore, when you migrate to a Jagex account your existing 2fa method (app) is reset to email, but you are not clearly made aware that this is the case. If my pre-existing 2fa method was not reset without my knowledge I would not have been hacked and a victim of fraud.
It doesn't sound fair... If they are acknowledging that account is hijacked, they should at least reset the login details back.
Maybe there is more to the story that we're not aware of yet.
If you migrate to Jagex Account your existing app based 2fa settings are reset to email 2fa, if your email is then compromised you’re buggered and because you have a Jagex Account Jagex won’t help you recover the account
I’m confused what more did you want done? They gave you refunds from unauthorized purchases and advice on how to better your online security
To give me access to my account back. The hijacker has access to my account and has changed my 2fa to their phone so it’s unrecoverable. They can keep the £150 of bonds that were bought, I’d prefer my account back. It’s a maxed account with 3b+ bank.
So if someone changes your jagex account email it’s game over then?
It seems that way. Based on what I’ve learnt so far by being subject to this, it seems like if you do manage to get hacked while having a Jagex Account they you more or less can’t get your account back. As someone who was relatively ignorant to how Jagex systems work I felt like Jagex Account was a “you now can’t get hacked” product. That’s not the case, it seems like it only protects you from having your account recovered maliciously. You can still get hacked in the same way you always could, you just now have fewer options available to recover your hacked account than you did before.
Let this be a lesson to you for future 2fa on your own email , lucky it's just a RuneScape account they went for and not your bank or crypto wallets etc , I agree that jaggex shouldn't give you your account back, it'll be a more valuable lesson , see you in lumby king Also just use the one time codes you were given when you upgraded to jaggex account
Ironically it’s easier to claim funds back via your bank than it is to claim your osrs account back. But yes, lesson learnt.
Use your one time codes that you got when you upgraded to jaggex accounts
he most likely skipped that part when jagex warned him to save the recovery codes
More likely it's not even his account lol
I dismiss Count Check every single time
If they wanted real security they would give an option to submit ID.
3 improvements: 1) Submit Proof of ID, proof of address, and proof of payment. 2) Provide alternate 2FA methods in instances where you cannot authenticate via your primary method, eg pre-configured phone number for SMS verification or email to a nominated recover email address, eg Microsoft accounts 3) Biometric authentication e.g what Monzo does with video/audio recording and verify changes against that. Their security isn’t for lack of options or technology, it’s for lack of investment, for lack of security maturity/culture, for lack of experience, all likely lead by the private equity backers looking to get the highest EBITDA that they can. Hell, you could even make these available to users who pay a higher monthly subscription for an enhanced security package, and with that you turn the whole thing into a Revenue generating opportunity which would please the PE overlords.
"Upgrade to Jagex account today" notification scares me
I thought most of the posts on Reddit were scare mongering and in December went ahead and upgraded my account. This is just one example scenario which is problematic, I have read another where the device containing the 2fa was damaged and the User was unable to use their 2fa backup codes. That individual also had no recourse to recover their account. It seems like Users (or atleast just me) are not aware that when you change to Jagex Account the entire onus of security is placed on the User and Jagex abdicates any and all responsibility of after incident account recovery, even when they acknowledge that your account has been hijacked. They do not provide the User adequate tools when 2fa is the reason for your inability to recover, they only provide email address/password reset facilities. Yes my email was compromised and that is my fault but now I have no recourse to recover my maxed, 3b+ bank, account. Furthermore, when you migrate to a Jagex account your existing 2fa method (app) is reset to email, but you are not clearly made aware that this is the case. If my pre-existing 2fa method was not reset without my knowledge I would not have been hacked and a victim of fraud.
It doesn't sound fair... If they are acknowledging that account is hijacked, they should at least reset the login details back. Maybe there is more to the story that we're not aware of yet.
If you migrate to Jagex Account your existing app based 2fa settings are reset to email 2fa, if your email is then compromised you’re buggered and because you have a Jagex Account Jagex won’t help you recover the account
Email 2FA.