Go to nordvpn.com/crumb or use code crumb to get a 2-year plan with a huge discount plus 1 additional month for free.

I'm watching a video on how to protect my account on a game that I haven't played in like 8 years. I'll never stop watching RS vids.

This should be played in the stronghold of security lol

Me: *Just wants to play a 20 year old game. * Crumb: "And here's why that's going to ruin your life. "

Free Armour trim varrock west Bank no scam

Thank goodness my younger self made a login username that was too embarrassingly bad to use anywhere else.

Phishing also happens by fake emails that look like they come from RuneScape and that make u believe your account got locked due to suspicious activity. Including a link for recovery. Then u enter all of your information because you're not thinking straight while in reality it just sends the information to the phishers which then can recover your account because you handed them all the information they need.

"Most players are casual, most players will go 3 days if not months without logging in" Welp, time to go rethink some things.

Today’s sponsor was perfect for this video content. 10/10 on rolling them in. Definitely liking this video.

I guess I’m pooping for 15 minutes and 52 seconds on my 10 minute break 🤣🤣💪

I didn't learn much from this video because infosec is my job/career right now, but I enjoyed the way that you presented the information and anytime that someone provides others with good information about how vulnerable they are on the web and how any information you spread on the internet can and will be used to steal things or find out other information about you, that's a good video in my book. Earned yourself a sub for this video. When you were talking about the time zone thing, I was like "Yeah, yeah... He gets it." Thanks for the vid.

This is why you have a throwaway email when signing up for stuff

Using the Mantis Lords theme in the middle of video was beautiful. Respect.

YO YO YO CRUMB I got my Jad about a month ago and I love it man, I haven't played in 10 years and it still sits right on my desk

I just recovered a lvl 108 account. Whoever stole it was using it to bot the gauntlet in priffidinis. When I got hacked I think I had like 120m of gear. I secured my email with two step verification and put on my own authenticator. My account had 452m on it after recovery and I gifted 70m of it to my older brother who's just now getting back into osrs. I also decked myself out with really good gear. My account now also has 70 herblore, mining, and smithing. It was a pretty good late Christmas present. My brother even got his girlfriend into it

Masquerade attacks are very useful for account recovery (impersonate as somebody else/act as legitimate user) to retrieve credentials. It’s a very cruel world out there. (I have a bachelors in cyber security)

If I ever had to recover my account, I wouldn't be able to. I made my account at a library and I have *no* idea what their ISP was.

Those who made their accounts back when you only had a simple login name that doubled as your rsn and not an email address, have an additional layer of protection against hackers, if they changed their name before and they have refrained from posting images and such that revealed their login name and sites like RuneClan didn't track them. Even if the email address that is registered to an account like that gets hacked, the hacker still has to figure out their original login name before they can access the account. Unless they gave it away on a phishing site of course...

A vulnerability that Jagex recently created revolves around the 15 year cape on RS3. When you receive that cape it causes a server wide message saying you got it. Many of those older accounts use their username, not email, to login 🤦

Best piece of advice. Do not be greedy and earn your own money. That way you are also less vulnerable to being manipulated.

Rip to all the accounts that ended up at Zulrah .

Creation date shouldn't be something jagex uses for account recovery. First of all im sure actual owners of accounts dont know the date account wad created. If someone has access to the account all they have to do is talk to hans to see how many days ago the accounts first log-in was and back track it to find account creation date.

I guess I'm doing good with not bothering to make "friends" in-game there's much to grind anyway

RS has such an ancient security system. A bit of trivial information about your location is enough to hack you. That's so silly. Games like wow etc simply tie your account to your IRL identity, so even if you're hacked and totally locked from your account, email, etc simply showing your ID to a customer service agent is enough to get you your account back. Getting some trivial info about you is one thing, but obtaining an actual scan of your ID is a whole new level of shadyness, so it's so much safer having a security system tied to your identity or something more personal so you can prove properly you own the account in ways a hacker would never be able to.

I've seen grinderscape advertised a lot here on KZbin.

After watching this i know now how i end up being in lumbrigde left with only untradeables hahah. Sick

This is so complicated. Thanks for putting this together.

I like how Jagex will shoutout to the world when you complete the 5, 10, 15 year cape. Literally telling everyone when your account was created.

How are you gonna plug a website (have i been pwnd) in a segment about credential stuffing/breached log-ins???????????? "hey just put your email here but dont put your info on random sites" L0L

You've successfully scared me to play this game that i love lol

This is my biggest fear, I have my account protected in all ways imaginable but people somehow still get hacked. Id be devastated if I lost everything and potentially just get perma banned, all those hours lost.

I feel bad for 'almost' falling for a give away scam stream lol... i was very tired and browsing twitch, linked me to an rs forum page then had to login which i did and then asked for my bank pin. Thats the moment i started sweating man, quickly changed EVERYTHING. Great video man, thankfully i was on time with changing my stuff and hope no one else made this mistake and got robbed

The day my steam account almost got phished was the day I went full into cybersecurity. And the worst part about it, is that there are always more steps you can take to beef up security, It's a never ending cycle.

i get excited every time crumb uploads a new rs video

Another batch of tip are the antiscam good practices. If it sounds too good to be true it is: do not engage. You cannot out fox these people very few can and typically there are counter measures in place for this: do not engage. Rather be a live chicken than a dead sheep. Anything sketchy even slightly do not engage

Hey man I bought a bob the cat 3d print from you a few months ago, definitely one of my favorite pieces

I was hacked yesterday. I logged out at 5pm, came back two hours later and they took all my stuff and changed my character name. I was just coming out of mid-level grinding, too. Don't know if I want to build it all back again.

Thanks for the great lunch break content my friend

with all that you got an ad for runescape gold at the end 🤣

Great Video :) Crumb the hero we needed when we were 13 years old. most of us had to learn it the hard way >.

You should do cyber security training for companies lol, great tips for keeping your account secure.

12:00 this is literally a security measure a lot of companies and security specialists use. For example, they will make router responses look like they are from a certain brand, while they are of a different type, then when the hacker tries to ping the router it doesn't understand anything it gets pinged.

Octopath Traveler music, good taste

I got my account hacked but when I finally logged back on I had 99 range. They used my account as a rev cave slave.

Also, if you’re streaming on twitch you can disable people posting links in the chat.

The solution is to create a website and use that email to attach to the account. Unless they know that website and email somehow, they'd never find out. I actually know this because when I made a website, I found out as admin, I could make as many emails as I wanted. The possibilities were endless.

Luckily for me, i met a guy in game that works for jagex. Super cool dude, he offered to personally safeguard my account if I gave him my account info. Now I'll never get hacked :)

Just came back to the game after quitting from being lured for my twisted bow 5 years ago to find my account recently banned 2 months ago for macronutrients and was a CG bot with the Younglef pet.. I had 2 factor and believe it was the brute force method to take the remaining 100mil I had.. great insightful video as usual crumb 💪🏻

My Iron was a victim of exactly this a few months ago. I disabled authenticator while moving apartments and playing mobile for a few weeks, turns out my password was leaked and matched in an old db. RIP never again.

its kinda sad that sql injection is still a thing... its been around since i was a young lad... but new vulnerabilities are found in MySQL, Apache, ect... every day. Crumb you should do a video about the data leak that Jagex had :)

6:40 what cape is that? xD Also ty crumb for this video

Putting on my breaking into my own account shoes 👞

Funny seeing PS's that I've worked on dev wise are on that list xD

People that have old accounts have login usernames that are the same as their in game name right? But you can change your ign to something else without changing your login name iirc. Are those accounts inherently harder to hack using the brute force method? How would hackers get those login names if it isn’t the current ign nor an email?

How come when my authenticator code changes after the 30 secs i get the invalid message on the rs client after it changes? Doesn't seem like it lasts 3 mins

This is a really good video, thank you ❤️👑

By the way If you get a lot of phishing emails from runescape or other, then your email has been exposed and is in one of these databases.

Important video

Great video as usual Crumb. Keep it up!!!

I logged in last night after a year to see that I had a 150m bank account on my account. ended up logging off, just logged in today to see its all gone now. So here I am, a broke, hacked Rser confused and mad as hell

i think the most common phish attempts ive had tried on me in game is the JagLD throw away accounts that pm you about maturity if you have PM on

please tell me this wasn't your first time looking on have i been pwned :D , theres also some OG black hatters that still use RATS, more of a targetted method tho. Nice vid keep it up.

The list of clans dumped had some hilarious fuckups for clans with spaces in the name. They got split into different lines and then alphabetically sorted.

3:12 Is that guy fighting fucking Master Chief?

watching this video makes me so sad to know this what happened to my main account after months of a break just find out it was botted on and then banned :(

I wish i saw this before yesterday, i tought i was on official website on a forum. After diner on my fresh start account 50m gone and a lot of my gear :'( i am really stupid wish jagex promoten this video to everyone. Keep up the good work.

Do hackers tend to target maxed accounts or do they usually go for more valuable banks?

RS lets you go to hans and he gives you the exact day you will be 5/10/15 years old to get the cape so you can get the exact creation date of the account

Informative. Thanks

I learnt that the auth lasts 3 mins not 30 seconds, will stop me deleting it and re-writing it whenever I feel like I wont make the timer :P thanks

Good thing you can do is make your sign in an email that’s only used for runescape, makes it harder to even know what your signin would be if you email is hacked.

most of it probably comes across as schizophrenia as fuck but its really just normal precautions people give out so much info about themselves online today compared to back in the 90s and 00s when your profile would be arbitrary name and pic no personal info

You should change your password and associated email every few years. This is because the older the email and the more its used the easier it is to find via sign ups and things like that. You password should something with no relation to you and completely random in nature or spelling. You should have your password somewhere secure and do not have it anywhere online if you can help it. I’m not paranoid I’m prepared. I do whatever is needed to be done to protect my identity even changing my name so that no matter what game you go on you could never trace it back to me i make a new email anytime i feel like someone might be onto me. I suggest you all do the same. But if you really wanna be safe. Dump the internet all together. Its not worth you time and effort.

Thanks, just checked a few my email accounts and rip breaches. Got them fixed though.

Phising sites will also grab your ip and ddos you so that your character will be logged out, so they can hop on and take your gold, happened to me like 6 years ago

3:11 I think I know that site for some reason....

This is fucked up man... I just play this game for fun. Now I gotta worry about cyber attacks. Regardless thanks for opening my eyes to this shady business. Liked, Commented & Subscribed Good day to you sir.

I strongly recommend against going to a website and entering your email and password on the basis of seeing if its been breached? that in itself is a breach...

i’ve never teleported to a bank faster to talk to a banker….

Brother thank you Soo Much, your a Hero in Disguise!!!! MUCH LOVE 🙏🏼🙏🏼🙏🏼🙏🏼🙏🏼🙏🏼🙏🏼❤️❤️❤️❤️❤️❤️❤️🎉🎉🎉🎉🎉🎉🎊🎊🎊🎊🎊🎊🕺🏻🕺🏻🕺🏻🕺🏻🕺🏻🕺🏻🕺🏻

Lol my clan always doxxes itself when someone maxes, we go down to lumby and check our play time

i never understand why companies who employ 2 factor authentication dont have it ask for the auth code from any email attempt and have both pass and 2factor validated at once. would entirely prevent the step where hackers can check if the email is valid. so dumb

my first ever Runescape account got hacked about 1 week after i made it back in 2006 because i was a naive idiotic 8 year old and i gave my password to a friend at school and he hacked me. RIP kes1809, 2006 - 2006

I dont think bruteforce works anymore as nowadays most companies have account lock system, if you wrongly enter your password 3 times, your account will be locked, and only to unlock it is with associated accounts email, also you should never use same password everywhere, if some website is hacked and password is being leaked even so its hashed then all your accounts will be compromised sooner or later, and last one is always make password with minimum of 8 characters, atleast 1 upper case password and atleast 1 number.

What is that banned rendi video? I need to watch it while drinking this bud light

I have an idea and I would really like someone like yourself to consider it. I grew up with this game, I no longer play as I'm working and owning a house, family life etc and I'm sure alot of the old players are the same. You can never really quit the game because it becomes a part of you and your childhood. Logging in.. talking and adventuring with friends, great times. I would love one if the rs content creators somehow got in touch with the old greats.. I mahatma I.. 3 hit u.. maybe old high ranking players of the old days.. i kasoy I ! Maybe old famous pkers... maybe get some stories off them and see where they ended up today, what do you think?

My Ironman got hacked and I have no idea how, my username is completely unknown because it was made in 06 so it has a username not an email, and the password is incredibly complex and not used for anything else

Giving away a free trimmed rune set to the one who trust trades me the most money.

Had 2fa enabled and just lost my account to a hacker this past January, only discovered this the other day and got it back and my banks been ransacked and im dressed like a bot filled with pineapple pizzas and ranged potions. Account had been secure for 3 years

Awesome video! This stuff is so interesting

Whats the program being used @4:15

This is why I deleted all my socials links on twitch so they lead to nowhere and I also have nothing associated with my social media emails lol 😂 🤦🏻‍♂️💭🥴 Also I don’t use any third party apps related to RuneScape like alt1

This video shows I’m still one lucky bastard then

crazy me and my friend mention something about bank pins on the fourms back in 2006 before they had bank pins because my friend hacked me after i hacked him for hes abby whip at the time they were 6 mil and never used one before was more concern of the profit of it and crazy thing is he lived right across the street from me and we went to school together. After me and my friend came up with a plan of asking him to use his whip then the friend trade me the whip and him lying saying he was hacked my friend we hacked came to my house and confronted me about it since the guy who borrowed the whip was my friend. Scared i was awnsuring the door when i seen it was him knowing i just scamed him for his whip but he didn't know it was me but had suspenion so he ask for me to log into my account. As i am loging into my account he is behind me so i am under alot of pressure i acidently typed my password into my username and i didn't think he saw it by the time i loged in i already traded the whip back to my friend that lived 15 miles from us so i didn't have it on me at the time so he didn't see it. Once he left my friend sold the whip and we split i think it was 6-8 mil at the time we didn't even have 1 mil so this was alot. I think i brought full guthix a cannon dragon legs and some other stuff. It was a friday this all happen, I Was traveling to my grandmas house that day and was a three hour drive when i got there and loged in all my stuff and items was gone. My friend hacked back his whip plus more lol guess you can say karma.(story of how bank pins got added into the game) If i would of had a bank pin at this time none of my items would have been hacked so noticed this i took to the fourms and started a petion on bank pins and got over 500 signatures at the time were peoplle just post on the thead to make it top post. Never got any regconation (kinda sad) for it but glad to put one more layer of protection to keep hackers somewhat out even tho i was one somewhat of myself lol pretty sure u can still find the forum we created of the idea of bank pins before they were added into the game.

one of my accounts just got hacked and ive never told anyone the password, was so weird i didnt even play the account it was f2p old pure i havnt played in years, i saw it log on and was so confused i recovered it and it was member, at granite rocks with a dragon pick axe and 10m in the bank.

jagex needs to fix that shit

Me watching this after I got hacked

A video around your ad nice

They got into my account also but i dind click any fishy mails and use a other email for it and password so idk how they did it

what was that russian website to see the accounts? I know I've been pwned but want to see which passwords I should refrain from reusing