PSA - Account Security

Discussion in 'Announcements' started by Arbiter, Oct 11, 2015.

  1. Arbiter

    Arbiter Mod Automation

    Joined:
    Jul 26, 2013
    Messages:
    2,521
    Likes Received:
    1,039
    Here at RuneMate there is nothing we take more seriously than account security. We have implemented the Advanced Encryption Standard to compliance levels comparable to those of the medical and defense industries. We passionately encourage the usage of Two-Step Verification and have rigorous system level checks to ensure that both our and your precious data and assets are kept private. Our software stack is updated weekly and security patches automated to ensure we don't receive an unpleasant surprise.

    These measures have proven very fruitful over the last two years and we expect our breach-free streak to continue indefinitely. However, there is only so much we can do without best practices being followed by our industry colleagues and users. We need your help to protect you.


    Best Practices
    1. Enable Two-Step Verification (also known as Two Factor Authentication) not only on RuneMate, but also every site that offers it. It is a proven method to significantly reduce the risk of account breaches.
    2. Never re-use the same password on multiple sites. Use either completely randomly generated passwords that are managed by an industry-tested password manager, such as LastPass or 1Password, or unique passwords that are easy to remember. While I strongly suggest the first option, if you opt to manage your own unique passwords then a good way to keep track of them is to use a non-trivial formula for making your password. For example, instead of using "cocacolaISgr8" for Facebook and Twitter I could use "FcocacolaISgr8B" for Facebook and "TcocacolaISgr8R" for Twitter.
    3. Password length is far more important than password complexity. I'll let Intel's info-graphic explain this one.[​IMG]
    4. Be mindful of who you trust. If a website looks poorly made and looks untrustworthy it probably is. When a publisher puts their heart into design and user experience, it's a fair assessment that they care about you and your security. Unfortunately, the inverse is just as true. This fact is particularly important in this scene where I have heard far too many horror stories about passwords being stored in cleartext and mass hacks simply because developers did not put the effort into preventing it. I am not discouraging you from trying our industry colleagues out, but simply re-emphasizing the importance of following these best practices, especially #2.
    5. Maintain a running anti-virus and firewall software from a reputable vendor on your computer at all times. Nobody, I repeat nobody, is above this rule, regardless of computer savvy or intelligence. My personal favorite is Malwarebytes, but Kasperky, Panda, and many others are all good options. Just as important is staying away from vendors who have a history of poor performance, like McAfee or Avast.
    Why are you telling me all this Arbiter? In the spirit of full disclosure it has come to our attention that a number of accounts on RuneMate have been hijacked. In response, the Executives and Staff of RuneMate immediately got into action to investigate. A full system scan and diagnostics was performed across our entire cloud network to ensure there was no breach. There was no such issue. Affected users were instructed and assisted in running a local system scan for malware and viruses. All existing RuneMate passwords and RuneScape account credentials were invalidated. Since we could not locate the source of breach internally, we started to look externally. We cross-referenced the account breaches with shared passwords (big no-no!) on other bot sites. A pattern emerged: a number of accounts that were breached had the same login credentials with our industry colleagues. With enough cross-referencing we narrowed it down to one and then reached out to one of their admins who confirmed there was a breach a while back. Our current working theory is that this older breach was now being cross-referenced with RuneMate to hijack more accounts. We will not name any names as we do not want to accuse any other parties. However, if you have accounts on multiple botting sites I highly recommend you change your credentials across all services they are shared i.e. Skype, PayPal, email, etc. Additionally, I implore you to change your RuneScape passwords regardless of it matching or not.
     
    #1 Arbiter, Oct 11, 2015
    Last edited: Oct 11, 2015
    Scrimmyy, worrorfight, Vichy and 7 others like this.
  2. Echolocke

    Joined:
    Sep 29, 2015
    Messages:
    132
    Likes Received:
    40
    Great work mate. Glad to be a part of RuneMate
     
    Arbiter likes this.
  3. memeking420

    Joined:
    Sep 27, 2015
    Messages:
    52
    Likes Received:
    11
    thanks for keeping us safe uwu

    maybe someone ran all the runemate user emails/usernames through a cracker or something?
     
    Arbiter likes this.
  4. alkimista

    Joined:
    Dec 11, 2014
    Messages:
    348
    Likes Received:
    17
    just to be sure so now the lack of account list is for this situation or all has been deleted permanently?
     
  5. Arbiter

    Arbiter Mod Automation

    Joined:
    Jul 26, 2013
    Messages:
    2,521
    Likes Received:
    1,039
    We intentionally cleared them. We are quite positive that no internal data was breached, but better safe than sorry.
     
  6. alkimista

    Joined:
    Dec 11, 2014
    Messages:
    348
    Likes Received:
    17
    so have i to rewrite all of them? i hate u sometimes but thank :)
     
  7. Arbiter

    Arbiter Mod Automation

    Joined:
    Jul 26, 2013
    Messages:
    2,521
    Likes Received:
    1,039
    Yes you do. It's for the greater good, so I can't apologize for it. :p
     
  8. Defeat3d

    Defeat3d Prime Celestial

    Joined:
    Oct 30, 2014
    Messages:
    1,316
    Likes Received:
    558
    i need a dislike button for this post
     
  9. Mkl

    Mkl

    Joined:
    Mar 9, 2014
    Messages:
    123
    Likes Received:
    6
    i guess I should have thought up a new password when prompted with this when I logged in but instead I used my old, rip
     
  10. alkimista

    Joined:
    Dec 11, 2014
    Messages:
    348
    Likes Received:
    17
    never asked that :p
     
  11. moneyblades

    Joined:
    May 16, 2015
    Messages:
    333
    Likes Received:
    110
    This is why RuneMate will now and forever be the new RsBuddy, such a good bot with amazing bot authors,the BEST staff and a caring communiy. I love how the staff here actually cares about the members of the community and puts so much effort into everything that is done here. So to you @Arbiter and all the staff of RM, Thank you for everything :)
     
    Vichy, DaAlmyte, EpicBas and 5 others like this.
  12. Insomniac

    Joined:
    Jan 27, 2015
    Messages:
    1,536
    Likes Received:
    514
    Wait... are you the same Arbiter as the one who mass-hacked accounts a few years ago? If so, nice try nigga;) You ain't gonna get my info!



    I jking
     
    #12 Insomniac, Oct 11, 2015
    Last edited: Oct 11, 2015
    Defeat3d and vipertrek79 like this.
  13. hey

    hey

    Joined:
    Dec 4, 2014
    Messages:
    65
    Likes Received:
    8
    so true,
     
  14. tas182

    Joined:
    Oct 2, 2015
    Messages:
    80
    Likes Received:
    6
    Nice, nice.
     
  15. WYD

    WYD

    Joined:
    Mar 14, 2014
    Messages:
    479
    Likes Received:
    63
    Oh this was fun to woke up to
     
  16. Eugeen

    Joined:
    Oct 10, 2015
    Messages:
    17
    Likes Received:
    3
    I didn't know about this as I'm new to runemate and I can officially say my account has just been hacked by it being moved to a new email adress without any traces of it left. I didn't have the 2step authenticator for my runescape account itself enabled so it's mostly my own fault. Good thing I used a test account :D
     
  17. Arbiter

    Arbiter Mod Automation

    Joined:
    Jul 26, 2013
    Messages:
    2,521
    Likes Received:
    1,039
    For those of you who didn't catch it, he's being funny (see facetious). You always gotta clarify or there's gonna be that one guy who takes it seriously and rolls with it lol.
    It is highly unlikely that your situation was related to this. There were no reports of RuneScape account breaches, just forum ones. I highly encourage you run a virus scan with one of the links provided in the original post. I would also encourage you to reach out to [email protected] as soon as possible to regain access to your account. They deal with this on a daily basis, so it shouldn't take long. Best of luck. :)
     
    Insomniac likes this.
  18. WYD

    WYD

    Joined:
    Mar 14, 2014
    Messages:
    479
    Likes Received:
    63
    I'm running a virus scan now :)
     
  19. kazemanie

    kazemanie *The Actual Favourite*

    Joined:
    Oct 2, 2015
    Messages:
    970
    Likes Received:
    308
    This is what so many fansites and bot websites lack - clear communication.

    Thank you for the update and keeping us in the know - clear communication is how you keep customers long term.
     
    Vichy likes this.
  20. hegsy

    Joined:
    Apr 1, 2015
    Messages:
    74
    Likes Received:
    5
    RIP 55m =\
     

Share This Page

Loading...