Bitcoin Forum

https://www.hackread.com/hacked-bitcointalk-forum-database-on-dark-web/
should i be worried about it and change my password or thats just some kind of a bs?

It's real, the database was hacked last year... If you haven't changed your password since then, it might be wise to do so now.
I find it a little weird you didn't know about this, it was the hot topic for weeks when it happened

AFAIK, this is untrue...
A quote from the link you posted (sorry for the caps, but the poster of the article apparently used caps to post this):


and a second quote from the article:

wait so the people who created accounts this year are actually safe?

There is already a thread (https://bitcointalk.org/index.php?topic=1609055.0) about this. The conclusion of that thread was, they are most likely selling the database from former hacks. The forum administrator confirmed that the most recent attack only led to a shutdown of the site, and not data theft. Still, I would change my password every now and then, for security's sake.

Yes, and the people who created it before last year is safe too, if they changed their password when they were told to do it. The password encryption being used is strong enough to withstand most attacks, if you use strong passwords. Just change your password regularly, and make it even more difficult for people to hack it. ^smile^

They should be, since no data leak was reported for over a year.

this is indeed a good idear, be carefull tough: some users have the tendancy to look at the security log for password changes, and accuse people of using a bought account when they try to do business using an account that had a recently changed password... It's sad but true

Even if it's true or not, it's not wrong if you will modify your password after reading that article.

And besides if you really care to your forum account, you will do regular changes of your password at regular periods.

Even though this hack event was a year old, it came into different hacker related site after someone tried to sell those data in darknet recently.
I have read somewhere SHA-256 encrypted password are hard to decrypt isn't it? However using strong password like combination of words and number with special character is wise decision with ocassional change of password and using different password for different sites.

Well Bitcoin uses SHA256 so it should be pretty safe. Any 10 character password with special characters and upper and lower case is already strong enough to not be able to get brute forced in a lifetime afaik.

As long as you changed your password & the email linked to your bitcointalk.org user account since the hack then this is a non issue & you have nothing to worry about.

Old news. It happened a while ago. You don't have anything to worry about if you changed your password. If not, you better do it now than not to be sorry later.

Yeah, they can just compare the hashes of the passwords to a known database and if the sha256 hash matches one in the database, the hackers knows the password as well.

You are quite safe if you use non dictionary, non common, non previously used passwords with such encryption in place, as it is almost impossible that it will appear in any rainbow table of any kind.

In the meta section this was brought up after the DDOS attack. They mentioned that was from an attack last year, but I still feel that it's a good idea to change passwords just in case. After all, it's better to be safe than sorry, right?

Regardless if theres a threat of hack or non at all, we should be proactive in changing our passwords from time to time, it would not take too much time if you would do that every month, that means only 12 passwords in a year that you can prepare prior to changing of password day.

Wait, let me change my password. Oh, I just did, now I think I’m safe.

I’m not sure if this is genuine information or not but one should take extreme precaution. I was lazy about my online security but I did security audit of my online identity and found that my 70% online accounts was extremely vulnerable.

Thankfully I have a security schedule now and I change my password during a particular frequency and also enabled 2 factor authentication wherever possible.

It's impossible to bruteforce a decent sha256 password so that is not a real concern, just don't use the same password anywhere else.

That's the way, using strong passwords and changing the password with or without any hack periodically...

Why bitcointalk don't use a 2FA? It would be nice for security

Because it is forum based on old software in times when no one even heard about 2FA?
And new forum software which will probably use 2FA functionality is in development for couple years already.
So there is very little reason to waste time and effort to update current version of Forum with new features.

I have also seen they publish the DB for sale on alphabey for a cheap price.

If anyone wants extra security for their account they can post their Bitcoin address in the thread linked to here.

https://bitcointalk.org/index.php?topic=996318.0

Someone else quotes your address in that thread, then if your account gets hacked the hacker can't delete that quoted address. You can use it to get your account back by signing a Bitcoin message and sending it to Theymos. He will give you back your account if you can sign a message proving the account is yours.

You are right , some members do not care about this point , even they use the same password to register in other sites , then they ask why my account has been hacked ?
I think we must use a unique e-mail and password for such important forum .

Yes, I saw that, $10 per account. I've heard the administrators here have already bought the database to see which accounts were compromised, and worked to resolve the issue accordingly. So really, it's only put up there to scam users of their hard earned Bitcoin, stay away from that listing.

 :o Whoa! Didn't see that coming. I guess i should change my password too for safety purpose as i have not changed it from sometime now.

I never heard that thing last year.. that the database was hack.. but i think they already fix the issue. .and i hope it will not happen..
My password still not change until its 1 year old.. but i think should i change it right now before it will happen.. everything online is possible so better to change our account password.

yeah they sell it for a cheap price but all the information is encrypted so i doubt that we have something to worry about right now

Is this news an attempt to popularize the coins with anonymity and untraceable features like XMR, ZCASH, SDC and NAV?   ;D
I haven't yet changed my password. i always forget my password that's why i always click the remember me button. but how true is it that the database was leaked a couple of days ago?  

edited: i find it important so i changed my password :)

I just changed mine.  Not taking any chances around this place--you see all the hackers and the scammers around, and you know it isn't a good neighborhood.  Mr. Rogers is hanging from a light pole with racist grafitti written in red ink across his chest. 

I have not yet visited the dark markets, and probably won't.  How much are accounts going for?  I don't quite understand how all of that works.

Okay, the encrypted form is can reducing the panic situation is happening at this time, but yesterday bitcoin talk is attacked by DDoS and hacker is wanna be infiltrated in them again for stolen the database but that is failing.

please don't create panic by saying something you don't have any information about.

DDoS is not a hack and it has nothing to do with the leak, it is a type of attack (denial of service) which will make the website not accessible because it is flooding the bandwidth and taking up all the resources.

educate yourself before saying random stuff: https://en.wikipedia.org/wiki/Denial-of-service_attack

To be honest people who think that DDoS'ing is a form of hacking piss me off a lot. There is a huge difference between a DDoS (something literally anyone can do with basically no effort) and legit hacking which is far more involved and actually something that is pretty neat. DDoS script kiddies just piss me off for the most part.

Aside from that though, a DDoS on the site means nothing, and the database it basically pretty tight so there isn't a lot that can be done right now unless they're decrypting all of it as we speak, and that should be (relatively) thwarted by changing your password.

If you are really worried about this then perhaps you should change it every month.

Well I kind of do that every month with my e-mails so that it will be safe and I kind of got used to it also.
Specially when you are using computers in different areas. Base on their comments this happened a year ago so no need to dig a buried article.

2FA is unnecessary to a forum, we use 2FA on cash or crypto coin related accounts, such as trading site accounts, dark market place site accounts.

If the database of bitcointalk is leaked, 2FA wouldn't work because our passwords are compromised. Hackers can try your passwords on other bitcoin sites, try to steal our money. They know analyze the passwords using social engineering knowledge.

i think you are right because when i tried to acess the bitcoin froum site in my mobile browser then it was sometime opening and some time server error time out showing .
i think the admin of this forum were busy in the work of fixing the problem of data hack or other think si that it was happened tp acess this forum . it was all about 2-3hours ago

2FA would work even if your password is compromised. Even if the hacker has your password they would be stopped by needing your SIM card to get past the 2FA layer of security. That's why the sequence is username/email, password, 2FA and not username/email, 2FA, password.

2FA blocks a ton of things, and as long as your company doesn;t give out a copy of your SIM card to anyone who calls them asking for it, you should be fine for the most part.

Has bitcointalk admin confirmed this? They should remind us to modify the password if the database.

There was a DDos attack against the forum today, so bitcointalk was offline for maybe half an hour.

Why the hackers hate us so much? :(

I will have to change my password.

Yeah, the DDOS attack was caused by this very thread, hackers EGO got offended about the fact that someone said, "they can not sale it, it is useless since the DB is encrypted". script kids. 

BTW they won't stop until Friday.

Thanks for your link sir, really helpful for me, but I brought by the situation like the another people's said. and appearing some topic is discussing the leaked of bitcoin database yesterday.

Same, i was trying to access this forum but  it could took longer times to load and it shows error and i saw this thread knowing that is been DDos  ans saying that our   account details have been compromised and  been sold to dark net which is  somehow  quite disturbing for me.

man,i guess if you can't access the forum or it's showing error "nginx" or the site just become too slow it's because of the forum just got too many traffic or i say it too crowded,and it's just a common thing on the popular site having this kind of problem

i don't know what that nginx is but it is probably some teouble with the database and the fact that it can't be accessed sometimes. and it can have many different types of problems from a server crash to overload and even DDoS which is happening in the last two days according to Theymos here:
https://bitcointalk.org/index.php?topic=1609071.msg16159103#msg16159103
although i don't know why OP has brought this old news about the database hack up, it is so old!

Hmmm... if this was true the admins woud put some notification about it and warn usres to change the password. At least I think they would. If this really happened and no one hasn't told us anything that is a huge problem. If it's a joke, it's not funny one.

well if theymos just stated that there's DDOS,so nothing to be worried about,it's just remind me few months ago that there's warning to changing password due to database leaked,so i conclude that the problem that occur to this forum for few days just a common problem so i think it'll be alright

The last time I checked, it was $10 per account, and the listing said they were compromised accounts. They had 300k+ sales which is on the really high end (In contrast, a tab of really potent acid would have 2-3k sales which is also high)

$10 for a hacked account :O

i bet 90% of those accounts are either dead accounts like a newbie who created a throwaway account to ask a question here with a 123 password or if it is not they have already changed their password.

and just to be safer you can change it now too, and set a strong long password with enough random characters.

ahahah, I never thought that someone could take account in this forum. Because I see that bitcointalk has a very good performance and reliable. It was proven with the update and also never complaints against bitcointalk about the site down or in ddos or hacking exposed. So it is just a person's luck in guessing passwords