Original Reddit post

I’ve been seeing a lot of posts lately about stolen accounts and that Jagex MFA must be at fault. Quick background about why I’m qualified to talk about this, I’m a digital forensic investigator specializing in cloud incident response (Microsoft, Google, Salesforce, etc.). The current threat landscape for phishing involves AiTM or proxy token theft methods in which a session token is captured and then abled to be reused to generate new interactive sign-ins without the need to re-authenticate. What this means for people getting hacked; you don’t have to download anything, or have a virus or really interact with anything other than a phishing site and often these sites mirror the legitimate website down to the studs so you wouldn’t necessarily even notice a difference. This is applicable to essentially any platform that isn’t using FIDO2 methods of authentication like smart cards, passkeys, and biometrics (your bank account, your email, anything you can sign into really for the most part). Because it’s such an easy phish to deploy, there isn’t much defense other than just not clicking on sketchy stuff. “BuT i DoN’t”, clearly you did and it was either with your OSRS creds or your email creds most likely and then they pivoted into the account from your email. Super easy to set up inbox or forwarding rules to divert mail from Jagex so you wouldn’t even know. Long story short, it’s a security gap in basically all cloud platforms, put a passkey on your email (yahoo, google, and Microsoft all support them) and don’t interact with any OSRS sites aside from looking at patch notes to be super safe! submitted by /u/Warlocked-In

Originally posted by u/Warlocked-In on r/2007scape