Jagex moderator fired for stealing 45 billion coins from Old School Runescape player (Updated)

Audio player loading…

Update: Jagex has issued a statement saying that no credit card or banking information was lost as a result of the breach.

"Further to yesterday’s announcement, we can confirm that none of our players’ bank or card details were compromised," it said. "We work with an industry-respected, fully compliant third-party payment processor, to purposefully avoid staff having access to players’ full bank or card details. This also applies when players choose to save their details at payment stage for any future purchases. Jagex undergoes regular, third-party testing to ensure we maintain the highest security standards."

Original story:

A couple of months ago, an Old School Runescape player who goes by mazrim_lol on Reddit claimed that a "serious data breach" had caused him to lose 45 billion coins on his main account. His claims were dismissed by a number of other players, several of whom suggested that it was his own fault for not having the account properly secured, or that he might be lying about it completely. But it came to light today that he wasn't lying, and that he was correct about the data breach, which was actually an inside job at Jagex. 

"We confirm that a Member of The Old School Team was dismissed from employment at Jagex following gross misuse of moderator privileges," Jagex said in an announcement posted today. "During our rigorous routine system checks, irregular activity was identified on small number of accounts, including the movement of wealth and items back into the live game." 

"Following our investigation, we were able to resolve the issue before any significant impact was made to the wider game, or economy. We have also taken steps to return items and GP to any affected accounts. Whilst we generally do not return items or gold, we feel that given this unusual situation, we wanted to ensure no players lost out to the rogue actions of a member of staff." 

Jagex added that it's "working with the police" regarding the incident—45 billion coins has considerable real-world value—but said it could not provide further details. However, according to this Resetera thread the employee in question is Jed Sanderson, aka Mod Jed, who may actually have stolen in excess of 100 billion coins in total, worth over $100,000 on gold-selling markets. He's also allegedly involved with the Reign of Terror clan, which has been accused of using DDoS attacks to impede opponents in tournaments, including a $20,000 tournament that took place in September of last year. Jagex said at the time that its investigation had found no evidence of wrongdoing by Sanderson, but in the wake of all this I expect that it will be taking another look.

In a follow-up post, Mazrim_lol shared an image of a message he received from Jagex Player Support, informing him that, because of the "rare circumstances" of the case, it has decided to restore his lost wealth. "We take matters like this very serious and, as such, we would like to assure you that we have taken steps to make sure that an incident like this will not happen again," Jagex wrote.   

Happily, Mazrim_lol is taking his vindication graciously: "All the redditors who spent ages telling me I was just lax with security can suck a fat one," he wrote. 

Andy Chalk

Andy has been gaming on PCs from the very beginning, starting as a youngster with text adventures and primitive action games on a cassette-based TRS80. From there he graduated to the glory days of Sierra Online adventures and Microprose sims, ran a local BBS, learned how to build PCs, and developed a longstanding love of RPGs, immersive sims, and shooters. He began writing videogame news in 2007 for The Escapist and somehow managed to avoid getting fired until 2014, when he joined the storied ranks of PC Gamer. He covers all aspects of the industry, from new game announcements and patch notes to legal disputes, Twitch beefs, esports, and Henry Cavill. Lots of Henry Cavill.