So i tried to log back in on my oldschool runescape account, to do the 3 year event thing. However i had a authenticator on my account enabled. Odd, pretty sure i turned that off, oh well. So i disabled the authenticator and tried to log in. "Your account is already logged in" Meh, probably some bug. So the next day on school during break (had my laptop with me, IT ftw.) I was like let's try that again. Still logged in... Pretty sure that's not true. So i changed my password and logged in on the account. And guess what.. FREE MEMBERSHIP AND GP YEEEEE So apparantly, someone hacked my account. That wasnt my authenticator... That was the hacker's. The password was still the same tho. So this guy was GOLDFARMING on my osrs account. Gained about a mil of STR xp, and had like a mil worth of dragon bones in my bank. (Was hoping for more oh well lel). He did sell some of my cheaper gear tho. Not chill. Could get banned, the idea that someone else retreived my account details is pretty messed up. HOW DID HE DO IT? Also, how can someone without email acces set up a authenticator on my account. Fix your shit Jagex. There was this RSPS i downloaded the other day... And i checked my MSconfig and it was there, in the startup. That was probably the virus. He didn't hack anything else as far as im aware. And i lived happily ever after.