PSA - Account Security

Discussion in 'Announcements' started by Arbiter, Oct 11, 2015.

  1. Here at RuneMate there is nothing we take more seriously than account security. We have implemented the Advanced Encryption Standard to compliance levels comparable to those of the medical and defense industries. We passionately encourage the usage of Two-Step Verification and have rigorous system level checks to ensure that both our and your precious data and assets are kept private. Our software stack is updated weekly and security patches automated to ensure we don't receive an unpleasant surprise.

    These measures have proven very fruitful over the last two years and we expect our breach-free streak to continue indefinitely. However, there is only so much we can do without best practices being followed by our industry colleagues and users. We need your help to protect you.

    Best Practices
    1. Enable Two-Step Verification (also known as Two Factor Authentication) not only on RuneMate, but also every site that offers it. It is a proven method to significantly reduce the risk of account breaches.
    2. Never re-use the same password on multiple sites. Use either completely randomly generated passwords that are managed by an industry-tested password manager, such as LastPass or 1Password, or unique passwords that are easy to remember. While I strongly suggest the first option, if you opt to manage your own unique passwords then a good way to keep track of them is to use a non-trivial formula for making your password. For example, instead of using "cocacolaISgr8" for Facebook and Twitter I could use "FcocacolaISgr8B" for Facebook and "TcocacolaISgr8R" for Twitter.
    3. Password length is far more important than password complexity. I'll let Intel's info-graphic explain this one.[​IMG]
    4. Be mindful of who you trust. If a website looks poorly made and looks untrustworthy it probably is. When a publisher puts their heart into design and user experience, it's a fair assessment that they care about you and your security. Unfortunately, the inverse is just as true. This fact is particularly important in this scene where I have heard far too many horror stories about passwords being stored in cleartext and mass hacks simply because developers did not put the effort into preventing it. I am not discouraging you from trying our industry colleagues out, but simply re-emphasizing the importance of following these best practices, especially #2.
    5. Maintain a running anti-virus and firewall software from a reputable vendor on your computer at all times. Nobody, I repeat nobody, is above this rule, regardless of computer savvy or intelligence. My personal favorite is Malwarebytes, but Kasperky, Panda, and many others are all good options. Just as important is staying away from vendors who have a history of poor performance, like McAfee or Avast.
    Why are you telling me all this Arbiter? In the spirit of full disclosure it has come to our attention that a number of accounts on RuneMate have been hijacked. In response, the Executives and Staff of RuneMate immediately got into action to investigate. A full system scan and diagnostics was performed across our entire cloud network to ensure there was no breach. There was no such issue. Affected users were instructed and assisted in running a local system scan for malware and viruses. All existing RuneMate passwords and RuneScape account credentials were invalidated. Since we could not locate the source of breach internally, we started to look externally. We cross-referenced the account breaches with shared passwords (big no-no!) on other bot sites. A pattern emerged: a number of accounts that were breached had the same login credentials with our industry colleagues. With enough cross-referencing we narrowed it down to one and then reached out to one of their admins who confirmed there was a breach a while back. Our current working theory is that this older breach was now being cross-referenced with RuneMate to hijack more accounts. We will not name any names as we do not want to accuse any other parties. However, if you have accounts on multiple botting sites I highly recommend you change your credentials across all services they are shared i.e. Skype, PayPal, email, etc. Additionally, I implore you to change your RuneScape passwords regardless of it matching or not.
    #1 Arbiter, Oct 11, 2015
    Last edited: Oct 11, 2015
    Scrimmyy, worrorfight, Vichy and 7 others like this.
  2. Great work mate. Glad to be a part of RuneMate
    Arbiter likes this.
  3. thanks for keeping us safe uwu

    maybe someone ran all the runemate user emails/usernames through a cracker or something?
    Arbiter likes this.
  4. just to be sure so now the lack of account list is for this situation or all has been deleted permanently?
  5. We intentionally cleared them. We are quite positive that no internal data was breached, but better safe than sorry.
  6. so have i to rewrite all of them? i hate u sometimes but thank :)
  7. Yes you do. It's for the greater good, so I can't apologize for it. :p
  8. i need a dislike button for this post
  9. i guess I should have thought up a new password when prompted with this when I logged in but instead I used my old, rip
  10. never asked that :p
  11. This is why RuneMate will now and forever be the new RsBuddy, such a good bot with amazing bot authors,the BEST staff and a caring communiy. I love how the staff here actually cares about the members of the community and puts so much effort into everything that is done here. So to you @Arbiter and all the staff of RM, Thank you for everything :)
    Vichy, DaAlmyte, EpicBas and 5 others like this.
  12. Wait... are you the same Arbiter as the one who mass-hacked accounts a few years ago? If so, nice try nigga;) You ain't gonna get my info!

    I jking
    #12 Insomniac, Oct 11, 2015
    Last edited: Oct 11, 2015
    Defeat3d and vipertrek79 like this.
  13. so true,
  14. Nice, nice.
  15. Oh this was fun to woke up to
  16. I didn't know about this as I'm new to runemate and I can officially say my account has just been hacked by it being moved to a new email adress without any traces of it left. I didn't have the 2step authenticator for my runescape account itself enabled so it's mostly my own fault. Good thing I used a test account :D
  17. For those of you who didn't catch it, he's being funny (see facetious). You always gotta clarify or there's gonna be that one guy who takes it seriously and rolls with it lol.
    It is highly unlikely that your situation was related to this. There were no reports of RuneScape account breaches, just forum ones. I highly encourage you run a virus scan with one of the links provided in the original post. I would also encourage you to reach out to [email protected] as soon as possible to regain access to your account. They deal with this on a daily basis, so it shouldn't take long. Best of luck. :)
    Insomniac likes this.
  18. I'm running a virus scan now :)
  19. This is what so many fansites and bot websites lack - clear communication.

    Thank you for the update and keeping us in the know - clear communication is how you keep customers long term.
    Vichy likes this.
  20. RIP 55m =\

Share This Page