✅ My OSRS Figurines & Gifts: crumb.store/ - Code ‘20off’ at checkout for 20% off your order - available for the first 10 people

Jagex: we care about our game! Game literally falling apart Jagex: this is fine.

Thank you for bringing this more attention. It's pathetic how top players like Woox and Zezima can't play their accounts for literal years and Jagex still hasn't fixed it.

Jagex honestly needs to focus MOST of their man power on this issue. Security is MUCH more important than fun game updates. This is absolutely game breaking, and Jagex is a multi hundred million dollar company. This is completely unacceptable in a modern internet age, and should be fixed as soon as possible.

Jagex fix your damn game security, its 2020 almost 2021 ffs. This isnt 2007 anymore.

Some british teen saying hes gonna mobilize a swat team to your house over runescape my lord

You know it's scary when it's 2020 and Jagex still doesn't let you use special characters and uppercase letters for your password.

as a programmer the solution is pretty easy, just change the api endpoints and request a modern captcha every 5 requests or so like they use on their main website

This scares me. Just straight up scares me.

Disgusting. I sincerly hope that no one has to get hurt before Jagex takes action. By that I mean I don't want to see a swatting related shooting, suicide due to harassament and doxing or anything like that.

I'm really started to realize Jagex is kind of a laughing stock.

Of COURSE ReturnOfWilderness is in that call, I'll pretend to be surprised for just a minute.

Botting: Jagex brings in data scientists and machine learning and still fails Brute force attempts: Account wide locks, not even limited to the attacking IP.

If this is happening to you, try to log in on mobile, the “play now”button works even when your pc is locked out. After being logged in on mobile for 10-30 mins, log back in with pc. Works every time. If you have to type password for mobile it’s the same problem unfortunately. And you have to wait. But having mobile logged in is the only tool I know of to combat the issue. Also, change your password. The log in issue hasn’t happened to me in a few weeks now. Like if this helped you

How to get a login?? contact customer support, jagex does leak that info their acc recovery is the biggest compromise to acc security they rely on billing details and other stupid stuff that in no way is a real secret so it just makes hijacking jagex easy

One super big tip and problably something that will end up fixing this. Since rs3 is on steam you can connect your osrs and steam account and bypass this to many login attempts bug. And i would assume same thing will work on osrs once it comes out on steam Edit: should work if your account is linked to phone too :)

Lmao they're like the OsRs Mafia, paying for a protection fee "That's a nice Runescape account ya got there.... Be a shame if... Something happened to it, I'm gonna make you an offa you can't refuse"

Finally non leagues content to CONSUME

Plot twist: zezima is locked out because people covering this topic are false logging into his account to use the error for footage.

Just makes you not want to play this game anymore. It's just crazy... From the toxicity, to scammers, to IRL threats, and crazy exploits like this. Runescape definitely ain't what it used to be anymore.

Great video man, very informative.

I love how ironically having an OG log in name is probably the most secure your account can be (as long as you have name changed).

I love how these companies willingly give out information if you socially engineer it well enough for whomever you're talking to at the support center. What makes it funny is that all these companies say "we will never ask for your information" to prevent scams.

This isn't social engineering. People need to stop using the term so loosely...

I never played this game, but after seeing few of the videos about this game, it seems like the overall quality of the game is at the same level as it’s graphic

I would gladly use that website to lock JMod accounts and see the payment as a donation to the osrs community.

And the community don't give a shit about this, they even defend it. As a new player, last day I asked about taking membership but I wasn't so sure because some stuff like this happening. I got called nitpicky, that those ain't problems, crybaby, etc just because I told them there was issues (and I also linked top posts of the subreddit telling very recent history about other kind of problems) They don't care. EDIT : when I created my account I was BAFFLED to see that the password dosen't accept special characters. This is a MAJOR security issue.

btw no one should try searching their login on that rs breach site as they track search data on the site. kinda surprised crumb didn't say that

The worst part is that it isn't even hard to fix this issue in general, they just have many badly engineered systems on top of each other.

Being locked out daily! The reason I've left the game and stopped making videos. Wish Jagex would offer a solution.

Holy shit this is such a strange game in so many ways xD I hope it never dies

I don’t even play RuneScape, never have and probably never will but these topics are so interesting. And for that sir you earned my sub

I’m a victim of the spam login bs... Jagex really needs to fix account security and now.. it’s 2020 ffs

Yo I swear to god this started happening to me like a week ago man wtf Edit: I was also rank 3 on leagues around the time and was suspecting being doxxed because of being top page .

-I'm gonna send a SWAT team to your door -really? What continent do I live on? -... -you know most continents don't have American SWAT? -...

The website where you fill in your information to see if your account is breached seems like a honeypot made by hackers

This is what happens, when a game studio get bought out by investors. Its not about the game anymore. Its about the money. Its really not the developers faults either, there told to focus on content, and things that get player engagement by there shareholders. My bets, when this gets enuff stink about it that it might impact the share price. Then they will be told to do something about it. But it will be too late. Blame Macarthur Fortune Holding for this. Even on there website its "Client first" And if you play RS your not the client, your the product.

Runescape is the only service I know where a password is not case sensitive. Login system is fucked.

Jagex doesn't give a fuck. Why I haven't played in 6 years. Enjoy your content through.

It never seizes to amaze me how theirs always some shenanigans going on in rs and someone’s always up to some bullshit. Love the vids crumb 👍🏼

I recently have been hacked and i have no clue how since i have two step authenticator . For the past two keeps I have been unable to log in with the " too many log in attempts message" that should had been a red flag for me to register a new email and password . I was at my parents house and downloaded runelite , got on for 5 minutes and logged off . The next day I logged in and all my valuables estimated in 300m+ were gone . The person even wiped my pots and food and strangely kept other things in the bank to seem like my account wasn't touched . I feel like I fell for a phishing site but then again i downloaded rune lite from the official website so idk what happened honestly . I have registered a new email with 2SA and changed the password about 3 times and I'm STILL getting locked from my account for hours before I can actually play again , idk what to do or what is happening , jagex replied to my email saying they will try their best to fix the problem and the best way I can play is through Steam 😢

It never ceases to amaze me how much shady and corrupt s*** goes down on RS. Just mind boggling

Quickest way to sort these things out is to come togethet as a community. If most people stop playing the game for a few days they might realise that they need to do something. As long as everything is going o as usual and they hit daily player targets they wont care.

This shit is scary .. and dark .. I’ve known about this flaw and I have a seperate RuneScape email written on paper with no linked emails and 2fa on everything from email to social media , bank pin , still I try my best to stay safe With display names it’s a lot harder to find out info but there’s always a small chance .. stay safe yall

This is still an issue today, came home from work to this bullshit tonight. My account should be safe, it's just mad annoying.

Literally stopped playing OSRS only because of the community. This video shows perfectly how bad it gets, so sad.

I've been getting the "too many login attempts" prompt for at least three months, the only way around is setting a VPN with a different IP adress every time I try to login, otherwise it won't let me play at all. I hope they fix this once and for all.

this just solidifies the fact that Runescape is such an unhealthy game to play spiritually, physically and mentally and it's just not worth the time that you have to invest in it, imagine spending 10 years on something then all of that is stolen from you because the devs are too busy counting their bankrolls to even give a flip about you or the security of you're account. Really sad tbh

Lol you sent me down a mad RuneScape KZbin rabbit hole with the return of wilderness stuff 😂.

tbh everytime i see updates about runescape, its about scams, hacks, bots and it honestly makes me wanna quit

I get the log in attempt bug when I try and play with Nord VPN running on my PC, anyone else get that?

While this is a real issue, the only reason Zezima can't log in, is because he wants to log in with his name, instead of switching to an email. Jagex have contacted him saying that all he has to do is change to an email, and he will be able to log in. Kinda disingenuous.

I have a separate issue with the "Too many login attempts" message. Sometimes when I try to log in using my home's internet, no matter what I do or what account I use it says "Too many login attempts". If I use a VPN or tether my phone to my computer, it lets me log in and I can even disconnect afterwards and play off my home's internet. Can't swap worlds or log out though or else I'll need to do it all over again.

Hopefully this will draw immediate attention to how terrible Jagex customer support is, and FORCE them to do something about it.

i'm facing the " too many login attempts bug ", i can't login from my isp so i just connect to my mobile hotspot login then i reconnect back to my router, it's strange because sometimes it allows me to login from my router directly but at other times i have to switch to my mobile hotspot

Not sure why I am watching this, but big thumbs up to you for making a product and selling your own creations. Way cooler than 99% of merch shills, good job.

thought i should let you know that when the guy told woox jagex gave him his info, he was trolling. jagex doesn't just hand over player info. i've tried to get the names of emails of accounts i'd forgotten in the past with zero luck.

this happened to me b4 and it scared the s*-*t out of me

The strange thing is - having an account lockout is actually a security recommendation. Failure to have an account lockout is, according to the National Cyber Security Center (NCSC) and any penetration testing services, a vulnerability - since it leads to brute force attacks. The issue here is the implementation. Normally we'd expect to see either an IP account lockout (however this is bypassed by any VPN service) or a quick unlock method (since Multi-factor exists this is kinda easy to implement). In regards to the "username enumeration" - in that it's possible to work out the valid usernames/emails based on the authenticator response - yeah that's another security vulnerability that Jagex needs to look into. With regards to data dumps - nothing much Jagex can do about that, besides looking through the dumps themselves and ensuring no username:password combinations match those in the dumps. You'd be surprised how many websites are vulnerable to this style of attack (most common social media platforms are).

So this is why when i logged in today after getting too many logins all my items were missing?

I'm facing the same problem now, I even tried making a fresh e-mail and a fresh osrs account and they won't work either, it's seriously annoying and it's disgusting that Jagex won't do anything for years now

Awesome video brother. Crazy this is going on.

i dont understand why jagex doesnt implement some sort of idea where you only allow certain ip adresses to attempt to bypass the time wait and to also login more than x amount of times an minute

-*I have been locked out on two accounts for hours at a time, sometimes weeks.* I don’t think I’m going to make a 3rd Rebuild, I have cancelled all subscriptions and quit the game. It’s been a good 14 years RuneScape, bye.

This was an incredible video! It's absolutely terrifying to see this happening, this is something that really needs to get fixed

This happened to me a few weeks ago, couldn't log in for a few days and even had to make a twitter account to contact Jagexs more than questionable customer support

This has just happened to me a year after you uploaded this video. I hope my account isn't being hacked. I don't even have that much

as a rs3 player I am glad playing via steam bypasses this system so I cannot face the bug or extortion luckily

The people threatening swats should be in prison. Theres got to be a way for discord to track them

My account has this issue. It began months ago and it still plagues me. My account is not hacked is the thing though and no one is attempting to access it, it seems only my log in info is leaked. I can log in to my account on mobile, using the 1 click log in method. How has jagex not implemented some type of 1 click log in method for PC as that would fix this issue.........

Two solutions I see would be: 1- Too many login attempts locks the IP, not the account 2- Two step login, no not authenticator, login. First login you can fail, it will never lock the account, second can fail and will lock it. Exemple: First login Name is X and password is 123, second it lets you access the login for the accounts within X, you can't see what accounts are there and still need the password. Say Zezima is within the account X then someone would need to login to X then login to Zezima, you couldn't log in to Zezima directly. This would mean a hell of a lot of work though for the accounts that already exist for both OSRS, RS3 and the website and probably needs something more reliable than "we've sent you an e-mail to create your first login account." Lock by IP is more viable and easier to do for sure. There probably are thousands of ways to fix this issue though and my second one is probably way too complicated for nothing, but for whatever reason it came to mind during that video.

well, good thing none of my accounts are in any databases according to the search thing. That puts my mind at ease somewhat

Crazy research man! Great video!

I honesty don't how some people can be this disgustingly evil

"To make it worse it doesn't look ike Jagex is going to be fixing this issue anytime soon". Maybe because they sold out to the Chinese, and only care about MONEY. Their whole team is a sham!

I actually get followed by a lot of the names you see on the list they are also scammer accounts boyyyyyy this video shows no where near how bad it truly is

Been locked out my account for 4 days now... e-mailed Jagex like 5 times, all their responses were the same, they can’t do anything about it but they’re “investigating” the issue. They just link you to the same generic email. I don’t understand why they don’t just add a recaptcha for every 5 failed login attempts or something, to fight off the login bots.

Having the authenticator present whether the password is correct or not is the correct procedure for 2-factor. Otherwise brute-forcing becomes extremely easy. Just FYI

imagine having your job be ruining a video game... pathetic. Thanks for making vids to highlight this issue man

RS and OSRS have increased profits every year since 2015, Jagex really shouldn't be letting these problems slide just so they can develop flashy new content instead. Why not just reinvest some of irl mils they're making into important stuff that'll prevent your more committed from quitting

If i use my Google account to login on RuneScape do i have to worry about that?

Another problem not being talked about is the lack of ability to change your login e-mail.

Why do you pronounce Woox as Wux and Zezima as Ze-zeema?

WOW!....this is Greasssssyyyyyyyyyyyy never showing my email, also glad i use VPN protection, and not the free kind either ^-^

where do i see if any of my usernames or password have been compromised?

Hi is it still a problem? Can people still lock player accounts just by knowing their username and spamming wrong passwords?

Gotta love how we use Zezima against Jagex. Luv ya Z!

Is this still an existing thing? I just fell for a fishing scam and immediately changed my password and bank pin once I reilized what happened but I'm scared that it's not enough

"Jagex should not be handing you log in information without being absolutely sure you are who you" Ok, what if I last logged in five years ago and remember very little about my account? Should I just, lose access to my account now?

My account is on one of those leaked databases. I was reckless with private servers when I was younger and lost many accounts including my rs account. I had to change my username and password combo. It was a lesson learned for sure.

I'm curious what OSRS runs on. Is it modern hardware or legacy hardware? Through personal experience upgrading security around applications while running on legacy hardware is a major pain and typically requires migrating everything to new up-to-date hardware which is very expensive, time consuming and has a lot of risks. For example, Blizzard struggled to get WoW classic to run on current architecture due to how outdated and incompatible it was. I wonder if OSRS has those same issues. Wish I could work with their IT team T.T

How is it that Jagex hasn't been brought up by some kind of tribunal or some shit? You'd think with the amount of data breaches people exploit in this game, they'd at least be investigated as a company as to why this is happening. Instead it's like a complete black hole where the money goes because it certainly isn't going into maintaining one of the most important and fundamental things about any game... the security that allows you to play the bloody thing without fear of being targeted. Just knowing you can be a potential target for a laundry list of cyber threats in this game and that Jagex 90% of the time won't even help you, let alone resolve the issue, is an apocalyptic failure on the part of the company itself.

but whats crazy is when i go to a friends few streets away i can login from his house...

I quit because i cant log in and when i do log in to do anything i have 30 people following me telling me im permed from doing anything i cant chop trees pk literally anything they find me in 5 seconds somehow and harass me everywhere i go i could record it and show you

My account says it’s disabled. I haven’t played on it for a couple years and decided to come back. Anyone know a solution?

scammers have such a big ego like if i get scammed id be pissed of for likes 2 days then ill get over it But scammers think they are game ending someone's life

dear crumb my max account still blocked because too many attempts i sent message to the game but after the fixed it its back what i need to do plz help

Incredibly easy fix by letting players change old accounts to an email login. Jagex just has fucking horrendous customer support and they don't give a shit about you.

The fact they're offering premium accounts and services for some people and yet completely unwilling to fix glaring security issues is an absolute joke.

I got rangers boots on my iron and someone hacked me and took all my food and my rangers. Idk if I will continue playing. I don't even understand how my bank was accessed with a pin.