Hey everyone, just giving ya'll a friendly reminder to update your account security since today I was hacked, even with a bank pin, authenticator, 2-step verification, the works.

Happy 'Scaping, and hope ya'll are getting those sweet dxp gains! 

Great reminder! and don't click on links if its not offical runescape site!

Hopefully you didn't lose much

Great reminder! and don't click on links if its not offical runescape site!

Hopefully you didn't lose much

No weird links or anything. More like a ddos on my network. Lagged out thinking my internet went down for 10 mins. Came back to a lot of changed things.

Thanks for the reminder Kurtk, give me a pm in game if you need anything 

That sucks man same deal as above, dont hesitate to ask!

Oh man, sorry this happened to you

You can google "Have I been pwned", go to the website enter in your email, and check if your info is on the dark web. What you are saying just doesn't make sense. I have had my account for 13 years and never been hacked. The only way I imagine them guessing your info is it is on the dark web and your pin is something easy to guess like an address or a birthday.

Your email was probably hacked and they disabled the authenticator. You should have 2 factor authentication on the email too. There's no way that I know of to remove the 7 day limit of the bank PIN, so either your computer was compromised and they've been recording you enter the pin or your pin was saved somewhere in text or very guessable. If it happened to me and I couldn't be bothered to investigate how exactly it happened, I would just wipe all the data from my computer and do a fresh install of the operating system, and make sure the email account was secure. I'd probably also be a bit wary about other devices on the same network potentially being infected.

You should use a different password everywhere and you should use a password manager to keep track of them (because memorizing so many passwords isn't really realistic). I recommend using LastPass. You can use it as a browser extension or portable exe. It syncs the passwords on their server in an encrypted format, so they can't access the password files because they don't have the keys to decrypt. You can have 2FA on the downloads from their server.

Other popular alternatives would be 1Password, Dashlane or KeePass. KeePass is probably the most secure one, but then you run into synchronization issues between different devices. There is a plugin for synchronization but I don't trust that.