So what exactly happened?
Well, we were the latest victims of a nasty group of people going around finding vulnerabilities in RuneScape fan sites. There was an old, outdated piece of code lingering on our site longer than it should have been and these guys took advantage of it. They managed to grab the entire members database including emails, RHQ login and display names, hashed passwords, and more.
At some point we figured out the hole in our security and a hotfix was implemented preventing this type of action further, but it was too late as they already had what they came for. When it was discovered exactly what had happened, we took the forums offline completely and began to investigate our options.
In the end we decided to completely start fresh with the forums. We decided this for a couple reasons.
- Our database had been filling up with junk for a number of years. It was time to clean it up and clear some things out anyways.
- You would all be required to at the very least enter a new password. We probably would have required a new login name as well.
- There was initially a minor glitch in the backup process with our forums.
- The hackers were also sometimes using info posted on your HQ accounts to help try and recover your accounts. Removing everything prevents them from having any current info or quite as easily being able to match up who is who.
- A number of people would ask for their accounts to be removed anyways due to a lack of trust from us now.
It was just better for everyone's safety to wipe it all. We are aware of who is responsible, so please do not post any links regarding this issue as it will only lead to an instant ban of your account.
On behalf of everyone here at RuneHQ, I'm deeply sorry that this happened and I apologize for everything that has taken place. I hope you continue to use us as your number one source for all RuneScape information as we will continuing striving to be the best help site out there.
When you re-register, please keep in mind that you should NEVER use your RuneScape password on any other website. Your password should also be complex. Here is a very short list of passwords you should never use:
- password
- dragon
- runescape
- qwerty
- abc123
- [your username]
- [anything that is one, simple, real word]