Here at RuneMate there is nothing we take more seriously than account security. We have implemented the Advanced Encryption Standard to compliance levels comparable to those of the medical and defense industries. We passionately encourage the usage of Two-Step Verification and have rigorous system level checks to ensure that both our and your precious data and assets are kept private. Our software stack is updated weekly and security patches automated to ensure we don't receive an unpleasant surprise. These measures have proven very fruitful over the last two years and we expect our breach-free streak to continue indefinitely. However, there is only so much we can do without best practices being followed by our industry colleagues and users. We need your help to protect you. Best Practices Enable Two-Step Verification (also known as Two Factor Authentication) not only on RuneMate, but also every site that offers it. It is a proven method to significantly reduce the risk of account breaches. Never re-use the same password on multiple sites. Use either completely randomly generated passwords that are managed by an industry-tested password manager, such as LastPass or 1Password, or unique passwords that are easy to remember. While I strongly suggest the first option, if you opt to manage your own unique passwords then a good way to keep track of them is to use a non-trivial formula for making your password. For example, instead of using "cocacolaISgr8" for Facebook and Twitter I could use "FcocacolaISgr8B" for Facebook and "TcocacolaISgr8R" for Twitter. Password length is far more important than password complexity. I'll let Intel's info-graphic explain this one. Be mindful of who you trust. If a website looks poorly made and looks untrustworthy it probably is. When a publisher puts their heart into design and user experience, it's a fair assessment that they care about you and your security. Unfortunately, the inverse is just as true. This fact is particularly important in this scene where I have heard far too many horror stories about passwords being stored in cleartext and mass hacks simply because developers did not put the effort into preventing it. I am not discouraging you from trying our industry colleagues out, but simply re-emphasizing the importance of following these best practices, especially #2. Maintain a running anti-virus and firewall software from a reputable vendor on your computer at all times. Nobody, I repeat nobody, is above this rule, regardless of computer savvy or intelligence. My personal favorite is Malwarebytes, but Kasperky, Panda, and many others are all good options. Just as important is staying away from vendors who have a history of poor performance, like McAfee or Avast. Why are you telling me all this Arbiter? In the spirit of full disclosure it has come to our attention that a number of accounts on RuneMate have been hijacked. In response, the Executives and Staff of RuneMate immediately got into action to investigate. A full system scan and diagnostics was performed across our entire cloud network to ensure there was no breach. There was no such issue. Affected users were instructed and assisted in running a local system scan for malware and viruses. All existing RuneMate passwords and RuneScape account credentials were invalidated. Since we could not locate the source of breach internally, we started to look externally. We cross-referenced the account breaches with shared passwords (big no-no!) on other bot sites. A pattern emerged: a number of accounts that were breached had the same login credentials with our industry colleagues. With enough cross-referencing we narrowed it down to one and then reached out to one of their admins who confirmed there was a breach a while back. Our current working theory is that this older breach was now being cross-referenced with RuneMate to hijack more accounts. We will not name any names as we do not want to accuse any other parties. However, if you have accounts on multiple botting sites I highly recommend you change your credentials across all services they are shared i.e. Skype, PayPal, email, etc. Additionally, I implore you to change your RuneScape passwords regardless of it matching or not.