September 21, 2018 Jagex says no payment info was compromised after an Old School RuneScape dev stole gold from players.
This week, Jagex announced that a developer on Old School RuneScape has been fired as a result of “gross misuse of moderator privileges.” This employee reportedly used backend access to the game in order to steal billions of in-game gold from players, and while that money has been returned to players many are concerned that it indicates an even more substantial security compromise.
The company has issued a statement today which asserts that concerns over whether this employee had access to confidential payment information are unfounded.
“Further to yesterday’s announcement, we can confirm that none of our players’ bank or card details were compromised. We work with an industry-respected, fully compliant third-party payment processor, to purposefully avoid staff having access to players’ full bank or card details. This also applies when players choose to save their details at payment stage for any future purchases. Jagex undergoes regular, third-party testing to ensure we maintain the highest security standards.”
In the original announcement, Jagex says that “During our rigorous routine system checks, irregular activity was identified on small number of accounts, including the movement of wealth and items back into the live game. Following our investigation, we were able to resolve the issue before any significant impact was made to the wider game, or economy.”
The company adds that “we are actively working with the Police regarding the incident, but given this an ongoing legal matter we are unable to provide further details.”
One of the most prominent victims of the attack, mazrim_lol on Reddit, posted a message from player support earlier saying that the stolen gold had been returned. Mazrim posted about the missing 45 billion in gold several months ago, and at the time Jagex reps suggested that the account was hijacked due to poor personal security. Another post said that credit card info was also likely compromised, though Jagex says no such compromises are related to the employee in question..
Officially, Jagex has confirmed that someone with moderator privileges has taken gold directly from player accounts, and that person has subsequently been dismissed from the company. The 45 billion gold reported missing alone could be worth tens of thousands of dollars among third-party resellers.
With some form of legal investigation underway, we’re unlikely to hear any additional official information for quite some time. In the meantime, the members of the community are left to sort out info for themselves, and many of those responses are collected in this ResetEra thread.
Jagex concludes its official statement by saying “We pride ourselves on the passion and integrity of the JMods that work for Jagex and we hold them to the highest standards. However, we are not afraid to take tough action and make difficult decisions if someone cannot meet those standards. We will dust ourselves off, and move on. Old School is at its biggest and strongest since launch, but we still have much to do, not least a mobile launch which each day gets closer.”