|
Title: Forum database compromised? Post by: kano on October 04, 2016, 08:43:09 AM I take it that in one of the recent forum ddos's the database was hacked?
I have an email address that is only here on the forum and no where else. Yesterday I received spam to that email address, and the spam was bitcoin related. My email is (and always has been) hidden. Thus the only reason this would happen would be one of: 1) Someone guessed my forum email address (unlikely) 2) the forum database was compromised. Most of the spam email header: Code: Return-Path: <nzcaurwhl@inc-hack.su> Title: Re: Forum database compromised? Post by: SaltySpitoon on October 04, 2016, 09:00:25 AM To my knowledge, the recent DDOS attacks were just annoying. I haven't heard anything from Theymos about a security breach or potential security breach. If one had happened, or even if there was the slightest suspicion that someone could have gained access to any forum private information, Theymos would have warned everyone and asked that they changed their account details.
Title: Re: Forum database compromised? Post by: altcoinhosting on October 04, 2016, 09:04:11 AM A DDOS has nothing to do with potential security breaches... The "hackers" just send so many requests a service stops responding... Hence the name "Distributed Denial Of Service" ;)
Stealing database information is something completely different, and since Theymos only reported a DDOS, i don't think there should be a problem. The database was leaked over a year ago tough... Do you still have the same email on file as you did a year ago? If this is the case, they just might be started sending spam emails to the database they got back then (but this is old news). Title: Re: Forum database compromised? Post by: A! on October 04, 2016, 09:13:31 AM When you started using your email? It is a general knowledge that the forum database was compromised a couple of times in the past.
Title: Re: Forum database compromised? Post by: BitHodler on October 04, 2016, 10:29:09 AM If they got your email due to to database being hacked, then they most likely would mass send their spam to extend their possible reach.
So far I have not received any email spam since the very beginning of me joining here. What also happens is that spam mail bots simply send out made up emails to people in the hope they guess them right. For example, they send emails to fatjoe1@outlook.cok fatjoe2@outlook.com and the list goes on. All in the hope that one or more of these mails are guessed correctly. Title: Re: Forum database compromised? Post by: kano on October 04, 2016, 10:36:11 AM If they got your email due to to database being hacked, then they most likely would mass send their spam to extend their possible reach. Nah, I run my own email servers - definitely not found by guessing - I'd see the other attempts.So far I have not received any email spam since the very beginning of me joining here. What also happens is that spam mail bots simply send out made up emails to people in the hope they guess them right. For example, they send emails to fatjoe1@outlook.cok fatjoe2@outlook.com and the list goes on. All in the hope that one or more of these mails are guessed correctly. However, it is the same email I've had here for 5 years, but the first time I've had spam sent to it. But yes my comment about DDoS was of course implying that it wasn't :) Ah well, I have about 700 email addresses for this reason, time to close this one and create another new one ... ... and I've again received that spam twice more in the last couple of hours :P Title: Re: Forum database compromised? Post by: DarkStar_ on October 04, 2016, 01:54:02 PM Nah, I run my own email servers - definitely not found by guessing - I'd see the other attempts. If you have had the email on your bitcointalk profile (even hidden counts), than it was probably in the forum data breach from 2015. I don't think it was very easily obtainable/required a payment to get it until recently, since I've noticed that sites like leakedsource have added the database. I suggest searching your email up in https://www.leakedsource.com/ and see if it is from that leak.However, it is the same email I've had here for 5 years, but the first time I've had spam sent to it. Title: Re: Forum database compromised? Post by: deisik on October 04, 2016, 03:26:08 PM If they got your email due to to database being hacked, then they most likely would mass send their spam to extend their possible reach. Nah, I run my own email servers - definitely not found by guessing - I'd see the other attempts.So far I have not received any email spam since the very beginning of me joining here. What also happens is that spam mail bots simply send out made up emails to people in the hope they guess them right. For example, they send emails to fatjoe1@outlook.cok fatjoe2@outlook.com and the list goes on. All in the hope that one or more of these mails are guessed correctly. However, it is the same email I've had here for 5 years, but the first time I've had spam sent to it If you run your own mail servers, could one of them get compromised somehow giving out your email addresses? Also, are you absolutely sure that you didn't share this email somewhere yourself? I've seen a lot of cases when people did something and then honestly claimed that they didn't do that only to get greatly surprised to find out later that it was actually them... How old are you? Just kidding, lol Title: Re: Forum database compromised? Post by: kano on October 05, 2016, 03:28:54 AM If they got your email due to to database being hacked, then they most likely would mass send their spam to extend their possible reach. Nah, I run my own email servers - definitely not found by guessing - I'd see the other attempts.So far I have not received any email spam since the very beginning of me joining here. What also happens is that spam mail bots simply send out made up emails to people in the hope they guess them right. For example, they send emails to fatjoe1@outlook.cok fatjoe2@outlook.com and the list goes on. All in the hope that one or more of these mails are guessed correctly. However, it is the same email I've had here for 5 years, but the first time I've had spam sent to it If you run your own mail servers, could one of them get compromised somehow giving out your email addresses? Also, are you absolutely sure that you didn't share this email somewhere yourself? I've seen a lot of cases when people did something and then honestly claimed that they didn't do that only to get greatly surprised to find out later that it was actually them... How old are you? Just kidding, lol I did once have a computer at home running linux, compromised once ... back around 1998. Lulz I guess you mistakenly give your email address out :P As I said above, I have over 700 (with many domains I own), coz each one only gets given to one place. Helps with spam a lot - easy to delete one email address without affecting anything else - and know who was compromised. I had 3 addresses on adobe and yep those 3 got spam soon after adobe was compromised a while back. I had one on the bfl web site that got spam, though they probably sold the email list :P Probably had half a dozen places in the last 5 years where the sites have either been compromised or given out their address list ... But fortunately in each case I simply have to delete the address with zero care. I keep a few very old addresses that get spam, for filter training - they get something of the order of 500 spam messages each day. Title: Re: Forum database compromised? Post by: Zosuda on October 05, 2016, 07:18:28 AM ddos attack and they stole accounts thats impossible right?
Title: Re: Forum database compromised? Post by: vino.gcs on October 05, 2016, 07:36:11 AM D-DOS has nothing to do with database compromise. D-DOS is just trick of newbies to try to overflow the server's bandwidth. It's not even level 1 security breach.
Title: Re: Forum database compromised? Post by: justspare on October 05, 2016, 10:08:31 AM To my knowledge, the recent DDOS attacks were just annoying. I haven't heard anything from Theymos about a security breach or potential security breach. If one had happened, or even if there was the slightest suspicion that someone could have gained access to any forum private information, Theymos would have warned everyone and asked that they changed their account details. So it's just people trying to be idiots and annoy the people on this forum. If there was no security threat then I don't even know why we are talking about it.Title: Re: Forum database compromised? Post by: ryanc on October 05, 2016, 02:18:23 PM I am also seeing this. I use a unique email address that is a long string of random alphanumeric characters - too many to guess. It was added to my bitcoin talk account February 2013.
One from "BitCoin-Carrding" admin@ink-hack.su, and just now 'Eden Smizaski invited you to view the file "WorldPay_Trade_Report_-_ September 2016.zip" on Dropbox.' which is a zipfile full of nasty obfuscated javascript. Title: Re: Forum database compromised? Post by: maurits150 on October 05, 2016, 02:26:52 PM I am also seeing this. I use a unique email address that is a long string of random alphanumeric characters - too many to guess. It was added to my bitcoin talk account February 2013. One from "BitCoin-Carrding" admin@ink-hack.su, and just now 'Eden Smizaski invited you to view the file "WorldPay_Trade_Report_-_ September 2016.zip" on Dropbox.' which is a zipfile full of nasty obfuscated javascript. Can confirm, got the same email to a 100% unique email address. I can guarantee you that this email was not used anywhere else. Database was definitely compromised. (probably the 2015 hack) and finally spreading now. https://maurits.tv/data/img/October%202016/2016-10-05_16-24-56_Gca8ETgZXI.png Title: Re: Forum database compromised? Post by: Atomicat on October 05, 2016, 02:47:04 PM It is always a good practice to change your password if you believe that the forum database was compromised.
IIRC, Theymos is using doublesha256 to store the password in the database so if your password is pretty decent it would be a long time before its compromised. Title: Re: Forum database compromised? Post by: ryanc on October 05, 2016, 03:08:21 PM IIRC, Theymos is using doublesha256 to store the password in the database so if your password is pretty decent it would be a long time before its compromised. That would be *very* weak as a password hashing algorithm, and I doubt this is true. Simple Machines Forum seems to use salted sha1 as the default. Edit: On LeakedSource, it says very old passwords were hashed with md5 and newer ones were hashed with sha256crypt (which is salted and slow). Title: Re: Forum database compromised? Post by: Atomicat on October 05, 2016, 03:22:09 PM IIRC, Theymos is using doublesha256 to store the password in the database so if your password is pretty decent it would be a long time before its compromised. That would be *very* weak as a password hashing algorithm, and I doubt this is true. Simple Machines Forum seems to use salted sha1 as the default. Edit: On LeakedSource, it says very old passwords were hashed with md5 and newer ones were hashed with sha256crypt (which is salted and slow). Its highly probable that Theymos reset the passwords of accounts without salt too or accounts using the old hashing algorithm. Title: Re: Forum database compromised? Post by: SaltySpitoon on October 05, 2016, 03:39:48 PM This is all in relation to the 2015 database leak, there hasn't been any compromise lately:
Quote from: theymos Passwords are hashed with 7500 rounds of sha256crypt and a unique salt per password (roughly equivalent to bcrypt with work=12.8). This is very strong. But nothing's going to stop extremely weak passwords from being broken. Theymos has mentioned the possibility that other Bitcoin related sites and services may have had their databases leaked as well, and those with the same emails and passwords as here would have been compromised. As he said above, the passwords are encrypted pretty well. Title: Re: Forum database compromised? Post by: Decoded on October 06, 2016, 04:11:42 AM IIRC, Theymos is using doublesha256 to store the password in the database so if your password is pretty decent it would be a long time before its compromised. That would be *very* weak as a password hashing algorithm, and I doubt this is true. Simple Machines Forum seems to use salted sha1 as the default. Edit: On LeakedSource, it says very old passwords were hashed with md5 and newer ones were hashed with sha256crypt (which is salted and slow). I remember Theymos saying somewhere that he heavily invested (40 bitcoin) in setting up extremely strong password hashing. Passwords defenitely not stored in plaintext, then :) Title: Re: Forum database compromised? Post by: ryanc on October 06, 2016, 02:08:00 PM Overnight, I got the same email to both my butterfly labs email address and bitcointalk address.
Title: Re: Forum database compromised? Post by: Windpower on October 07, 2016, 04:46:33 AM IIRC, Theymos is using doublesha256 to store the password in the database so if your password is pretty decent it would be a long time before its compromised. That would be *very* weak as a password hashing algorithm, and I doubt this is true. Simple Machines Forum seems to use salted sha1 as the default. Edit: On LeakedSource, it says very old passwords were hashed with md5 and newer ones were hashed with sha256crypt (which is salted and slow). I remember Theymos saying somewhere that he heavily invested (40 bitcoin) in setting up extremely strong password hashing. Passwords defenitely not stored in plaintext, then :) Title: Re: Forum database compromised? Post by: altcoinhosting on October 07, 2016, 05:29:47 AM Well thank god for that. The email that I use for this forum is my main email and I would really hate if that started to get a load of spam messages from advertising companies. The passwords went trough a strong hashing algorithm, the emails are probably stored in plain text... I've never seen anybody encrypt emails for things like a forum.... So, expect some spam in your main mailbox :( Title: Re: Forum database compromised? Post by: Gleb Gamow on October 07, 2016, 07:37:27 AM Nah, I run my own email servers - definitely not found by guessing - I'd see the other attempts. If you have had the email on your bitcointalk profile (even hidden counts), than it was probably in the forum data breach from 2015. I don't think it was very easily obtainable/required a payment to get it until recently, since I've noticed that sites like leakedsource have added the database. I suggest searching your email up in https://www.leakedsource.com/ and see if it is from that leak.However, it is the same email I've had here for 5 years, but the first time I've had spam sent to it. Sans looking, for I'm ready to hit the hay, I think I have a copy of that dump. Title: Re: Forum database compromised? Post by: crptoarch on October 10, 2016, 01:50:07 AM Sans looking, for I'm ready to hit the hay, I think I have a copy of that dump. Yes nothing says scammer and liar like keeping a copy of a dumped hacked database. Oh wait yes something else does say scamming liar like that, and it is, https://bitcointalk.org/index.php?topic=1012713.msg11266264#msg11266264 The true Gleb for all to see. Title: Re: Forum database compromised? Post by: epitome on October 10, 2016, 08:02:04 AM i did not receive any spam in the mail i registered here,when was the forum compromised ,do we all need to change the password now.
Title: Re: Forum database compromised? Post by: minifrij on October 10, 2016, 09:20:27 AM i did not receive any spam in the mail i registered here,when was the forum compromised ,do we all need to change the password now. Unless you have another account, you signed up over a year after the database was leaked. Therefore, your email won't have been in the leak.In regards to changing your password, you should change your password regularly anyway. If you haven't changed it in a while, you can do it now. Title: Re: Forum database compromised? Post by: btvGainer on October 10, 2016, 09:46:39 PM To my knowledge, the recent DDOS attacks were just annoying. I haven't heard anything from Theymos about a security breach or potential security breach. If one had happened, or even if there was the slightest suspicion that someone could have gained access to any forum private information, Theymos would have warned everyone and asked that they changed their account details. Totally agree with you.If there eas any kind of data stealing,Theymos would be the first person to know about that and he would have warned us.Moreover if hackers had info about our accounts,they would have sold most of high rank accountsTitle: Re: Forum database compromised? Post by: botija on October 11, 2016, 06:39:51 AM That's exactly where I'm getting my spam email, "Bitcoin Market." It really sucked seeing that my email was now getting spam. So I'm guessing it was from that compromise. Were the emails encrypted?
Title: Re: Forum database compromised? Post by: minifrij on October 11, 2016, 08:10:56 AM Where the emails encrypted? I don't believe so. In the email concerning the hack theymos said that our Email addresses were "likely leaked". I assume that this means they were stored in plain text.Title: Re: Forum database compromised? Post by: botija on October 11, 2016, 08:26:19 AM Where the emails encrypted? I don't believe so. In the email concerning the hack theymos said that our Email addresses were "likely leaked". I assume that this means they were stored in plain text.I'm so embarrassed that I wrote "where." So basically someone paid 1 BTC to spam us. That's so freaking lame. Someone made a 1 BTC profit at the expense of us. Title: Re: Forum database compromised? Post by: nagnagnag on October 11, 2016, 10:37:15 AM can confirm that my unique email-address which I have on this site is getting spam too. So something has been leaked from this site.
Title: Re: Forum database compromised? Post by: Xiangsai on October 11, 2016, 12:28:01 PM Hi there,
i also get Spam since last week, my adress too was only known to this board. interesting is that i got spam on that adress last week for the first time. i would recommend to send another roundmail since the phished adresses now are beeing spammed. Greetings Title: Re: Forum database compromised? Post by: botija on October 12, 2016, 12:49:23 AM can confirm that my unique email-address which I have on this site is getting spam too. So something has been leaked from this site. I found it odd that you were getting these spams, since you're showing 1 activity point. Then I checked your profile and it shows that it was created in 2013. So you created a profile over 3 years ago and this is your 1st post? :o Title: Re: Forum database compromised? Post by: Atomicat on October 12, 2016, 04:35:02 AM can confirm that my unique email-address which I have on this site is getting spam too. So something has been leaked from this site. I found it odd that you were getting these spams, since you're showing 1 activity point. Then I checked your profile and it shows that it was created in 2013. So you created a profile over 3 years ago and this is your 1st post? :o Title: Re: Forum database compromised? Post by: botija on October 22, 2016, 02:58:57 AM can confirm that my unique email-address which I have on this site is getting spam too. So something has been leaked from this site. I found it odd that you were getting these spams, since you're showing 1 activity point. Then I checked your profile and it shows that it was created in 2013. So you created a profile over 3 years ago and this is your 1st post? :o I know this was 10 days ago, but it really is weird. I wonder what's the story behind it. Title: Re: Forum database compromised? Post by: notlist3d on October 22, 2016, 03:49:16 PM Nah, I run my own email servers - definitely not found by guessing - I'd see the other attempts. If you have had the email on your bitcointalk profile (even hidden counts), than it was probably in the forum data breach from 2015. I don't think it was very easily obtainable/required a payment to get it until recently, since I've noticed that sites like leakedsource have added the database. I suggest searching your email up in https://www.leakedsource.com/ and see if it is from that leak.However, it is the same email I've had here for 5 years, but the first time I've had spam sent to it. I think this is likely the source if he had it so long. As I don't know if we really know what they did with the DB at this point. I remember them logging into inactive accounts like Mt. Gox and such trolling. At the time I was curious how much info they got and mentioned something about them being a scypt kiddie or something in META and asked to impress me and give my IP. They were able to do it at the time.... So I don't know what all data got out but know my IP at the time was part of it. I hope no new hacks like that one have happened. |
