I got hacked for ~7m worth of items last night. I scanned my pc with malwarebytes, but found nothing. Now the weird thing is that I have NO clue how they got access to my password, though in the end it was my fault for not having a bank pin . So is it possible that osbot password database could be hacked?

 

 

Sorry if this is the wrong place to post this, I'm just trying to find out How they did it so I can prevent it in the future.

 

 

 

Databases can be hacaked but even then passwords are stored in a hashed string not plain text. Your rs account information is actually stored on your computer. Osbot doesn't store them anywhere else. If your account info was stolen there is 0 chance that it was an osbot vulnerability.

 

Thanks for clarifying that.

Edited January 20, 201511 yr by Cockiezi

Osbot ist not the reason.

Is it possible that you clicked on any youtube links? Maybe it was your "best friend"?

 

Databases can be hacaked but even then passwords are stored in a hashed string not plain text. Your rs account information is actually stored on your computer. Osbot doesn't store them anywhere else. If your account info was stolen there is 0 chance that it was an osbot vulnerability.

I haven't clicked on any youtube links. And no, it wasn't my "best friend". He hasn't touched rs for over a year. Now that I said that my irl friend has access to the account, I'm guessing you automatically think it was him. I can't blame you if you do.

 

One thing I suspected is private servers. I've only played one, which is a popular one so I doubt they'd do any shady business like that, though you never know, right?

All passwords are saved on your computer.

You can be easily and most of all unnoticed been infected by a virus.

Scan your computer, I even advise you to put it back to factory settings if you think you didnt find anything.

i doubt it can be hacked

To reiterate what everyone has said above:

It is in no way related to OSbot.

Even if OSbot's databases were hacked the passwords are encrypted with a one-way hash that would take a long time to crack even on a super computer.

The local account information for your client is only stored on your PC. If you have uploaded this anywhere or shared it with someone that could be the cause but, that would be your fault. It is not a security concern for OSbot.

In all honesty you likely either fell for a phishing scam(fake RS page) or it was an inside job by either someone you know IRL or some service you use.

--------------------------------------------------------------------------

To give you an example of a Phishing scam I recently fell for(cost me my fury but, it was a good attack)

Streamer is hosting a giveaway.

To join you must post in a thread on RS forums.

Post a tinylink that redirects to something like: secure-runescape.com/forum etc etc

It had an SSH certificate and looked completely genuine so I thought nothing of it.

I tried to log in and it failed then redirect to the actual site.

Shortly after I was hit by a target DDOS attack that logged me off my character.

They took this time to hop onto my account and clean me out. (They couldn't get into my bank due to pin)

I thought about seeking retribution but, TBH it was a good attack and I just appreciated it for what it was.