Bitcoin Forum

As a dice site owner (SAFEDICE.COM (http://SAFEDICE.COM)), recently I noticed on my log that there were many failed sign in attempts ( thousand of them ). Those failed attempts were using a username that does not exists on our database. However, there were also many correct attempts, probably around 20% of them.

This is not a brute force attack, since each trial use a different combination of username and password. Not to mention that brute force attack will be rejected by our server. the attacker seems to have a list of username and password, this make it difficult for me to differentiate between an attack and normal login. I have a strong suspicion that the list was acquired from another bitcoin site.

To all of you concerned with the safety of your account, whether its on SafeDice or another site, please always use 2FA and different password for each site.

I have just created a tool for SafeDice users to check if there was suspicious login attempt on their account. You can type /amisafe in the chat room, the server will reply you with the result. For those of you just want to check your username, you can just sign up and check immediately.

Again I strongly encourage everyone in bitcoin community to use 2FA whenever possible, and if there is any other bitcoin site owner has information about this please share this information.

Thanks for letting us know. You could always be silent about this issue and avoid potential PR problems.

If SafeDice wasn't compromised by any form of attack, then do you have any suspicion or theory which other casino/dice service was breached?
Was there any reports from users who complained that their online balance was stolen recently or they noted other suspicious activity?

Any further information re the source of these failed login attempts? Perhaps an email confirmation before withdrawal will help? or maybe withdrawal only allowed for logins using ip addresses from the same country/region?

You can use ip to verify if those accounts were opened from the ip user most often use to sign in. Otherwise send a confirmation msg to the user's email so that they can open the account from the link sent to their email or lock that account and post a notification on your site that any user who's account locked can contact you or support to get them unlock with some details like email or btc address he oftenly withdraws to.

Hey newbie account from hacker,

99% of the accounts which have been hacked have used :

- a fake bot : "Bitsler bot 2017" or "Primedice bot 2017"or other bots DO NOT DO IT.

 or
 
-  Put their nickname/username in tis fake link giveaway https://freebitslerbtc.000webhostapp.com/index.html. DO NOT DO IT.

The link's owner (you I think so) tried to extort money from us. I told him that I wanted to know the "issue" first then I will give him a bounty bug and if the 200 accounts that he had the details came from a bot/fake link I won't give anything. He didn't give us anything.

By the way, we have more than 1,500,000 accounts on Bitsler.

Cheers,


EDIT : These username/password combinations are not leaked, they are stolen. Only a player knows the password of his/her account and no one else(including staff because all passwords are encrypted), unless if these scam scripts/sites that steal a players information are being used, then the list will keep on growing

Bitsler will be releasing a planned update soon that will add more security futures and options for players to better protect themselves, but in the end it is up to the user to secure his/her account with the tools provided. It is advised that all players update their passwords, use 2FA if able, and not use random scripts from strangers or websites guaranteeing "100% winning results" because they are lies used to attract people that are new to gambling.

I don't store plain text password, and the encryption that I use is invulnerable to rainbow attack. My theory is that the breached service ( it doesn't have to be dice / casino site ) is not a new service, it has more than 10k active bitcoin users. One of the potentially breached account was from an old user of Safedice that I know, this is the reason of my concern.

So far I don't think there was any report linked to this case. I think most of the breached account that does not use 2FA has very low balance.



I considered this one, but I prefer our users to be anonymous. I have disabled withdrawal for suspicious account.


I don't want to accuse anyone , I'll leave any judgement to the community

Dear Bitsler admin,

Why you keep lying to your clients? 200 accounts, really?

I send you another 3k accounts :)

Link: https://pastebin.com/UqeswH7N

If anyone is interested, i'm willing to sell 35k user accounts for bitsler website.

Pm if you are interested in buying.

~

i really appreciate with that tool,but maybe for more better and safe.
i think you should be added email section for safe in future :) just advice.
because ur site name is safedice,right? :)
gracias

That would also be nice and i think that makes it more safer than ever. As for me I am currently using different types of passwords from my accounts and sometimes when it has 2FA I am using it for security purposes. Sometimes i always forgot my passwords but luckily i have back-up email address where i can request for a new one which is a password that i can remember easily, as what they have suggested its also good to have or to add email because maybe one day it can be use.

Could very well be from the Bitcointalk leak

Could be, but it is less likely to be.

Bitcointalk breach was quite long time ago, if I remember well it was in May 2015. Why someone would be waiting so long to use this database just now?
And it is safe to assume that every active Bitcointalk user changed password since that time.

That certainly is a possibility.Considering bitsler uses shill accounts to upvote their polls and often requests newbie  shill accounts to praise their website to get the traffic,it's pretty much possible for them to do whatever it takes to let their competition down.
@safedice,how your tool works ? How does it cross verify if the accounts are actually hacked ?

Is that the maintenance you're currently performing?

This is the planned maintenance yes.

I don't know whether these accounts belong to bitsler or not because only admin can confirm or account owners of these accounts can confirm. But the site has given to secure your account with 2fa function then users should use it to protect their account. If any of these security breaches happen still your account will be safe. Always be safe in online.

Anyway bitsler admin already updating site and our accounts we will be more safer now onwards.

Thank you for providing us this very vital news/information regarding the malicious attempt to your site. It is always good when an owner of a dice site (or any other bitcoin-related site) comes to public to provide very important information about its user's safety regarding its account. This just proves that these owners are very serious regarding their website's security and take responsibility to whatever happens in their site and their userbase.

Also, it will be good if the admin comes to know these kinds of things then should immediately ask their users to change passwords to protect their accounts. Whether accounts are hacked or not all accounts will be safe after they change a password. The site looks like still under maintenance.

What is the use of these accounts,you might have created all these accounts using a bot  :P and if there were real accounts we could have seen more complaints from people that they lost funds and so on,since we have not heard from anyone,it is all just dump accounts,you can just shovel it in the dumpster. :P

why you only sell 35k account ?  :-\

yeah i saw few some people with new acc wanna do fake claim about mistake deposit,wd,etc.

'maybe' i know who he's and try make fake claim because he know,no email needed when we register,anyone can make fake claim about mistake site.
that's dangerous for site also all member

probably bitsler will force users to change password on next login, but still that's a huge leak.  :o

Oh my, this is big! This could potentially be a big issue in the future and will become headlines for sure! If even only 5% of those logins goes in any site that holds any bitcoins, be it gambling sites, online wallets, etc., the hackers will likely be able to steal large amounts of bitcoins for sure. This should be publicly announced in the forum!

since i was one more way hacked by Robertt here, i have decided to change the password to a very long one, and in which the combination is far harder than cracking the bitcoin private key. with this measure, i recently changed most of my important accounts' passwords.

none in his right mind uses two same passwords on two different sites
I don't think it is a legit Bitsler database dump anyways,but even if it is ,the hackers will try to login to every gambling or exchange site
they find and then will try to sell the useless database
but this could be big if you neglect security measures and have one password for every site you use or keep coins online when you have finished trading or gambling

If the hacker is smart enough he will always wait for sometime to cool down the matter and then only will proceed to sell the account and that is what he is doing now.

It's not possible to use different passwords for all different websites for some people. (unless they use a password manager)
They would end up forgetting the majority of them.

A better solution would be to use unique passwords on important websites, such as email - social media etc. And the same password or a few passwords on less important ones.
Of course, 2FA is a necessity at this point.

The best way to avoid big losses users shouldn't use the same set of user id and passwords to all gambling sites and other places as well. If one can't remember so many things then at lease shouldn't use same user ids everywhere. At least now immediately start changing all your account passwords.

it is not only possible-it is imperative that one uses only unique passwords
password managers are free and can be installed in one click
well,there is a risk of the password managers themselves getting hacked,but this is a whole different level of threat
also if the user:login in plain raw text I don't think its Bitslers or any other gambling site's database-they store paswords in salted hashes
(at least they should do) and it is pretty useless to steal those as they can't be deciphered easily

Yeah, everyone should be careful, better to change your password periodically and use long combination password.
We know this is big problem from a gambling site and they need to upgrade their security systems, but how could the thief try to login into another site, hope get some dumb people who use same account name and password in every site. We've learned the lesson here, thanks for safedice for sharing information :)

although i am gradually scrambling my password in where i have an account there, all the username in the various sites of me are identical for the prevention of false impersonation. :P

as a first line of defense its high time we make an effort to protect our funds and accounts by preventing this from happening using
the above suggestions as it would really go a long way.


It would also help if gambling sites that can be accessed through bots make it mandatory to prompt users to change passwords after
a certain number of days by email verification to protect their users accounts!

Everything is rigged! I am thinking only about security! I have 2fa on every website I'm using!

Still,  I started a few days ago a topic that localbitcoins and my bitfinex account were broken! Luckily I had time to buy a new laptop (please don't ask bullshits, i have a shop over my house) and to transfer all my funds to a bitcoind.

We all must figure out what the fuck is happening.

That is why most sites would put some disclaimers saying " do not use the same password from other sites". Its obvious that plenty would assume, claim or impersonate you most likely if you are already in high position or what other matters. Some hackers would just like to take revenge and try to bring you down to scratches while some of it will just play some pranks on you depending on his mental reasoning.

Lol if he didn't tell you then the whole name safe dice would kind of mean nothing now wouldn't it? It sounds like someone has hacked another gambling website and these are people that are using the same username and password combinations. It could even just be another casino that didn't want to make it look like they were ripping off their own clients so they went to another casino to do it. Either way I'd like to know if there is any evidence as to who is behind these attacks at this point?

Bitsler was hacked, and the vulnerability is not fixed yet. Big amount of accounts are being compromised.

Also, the admin lied on the amount of the accounts leaked, he said that only 200 acounts were compromised when there are leaks with over 20k accounts. Also, there are one leak with over 3k accounts in this thread. (https://pastebin.com/UqeswH7N)

Would you trust in this admin? It's your choice.

~

WTF HERE IS MY ACCOUNT...

But what if you use the 2fa ?!!! 

Omg I know it safedice is a really bad example of dice site,it have poor promotions,very low faucet and it is easy to hack this site pfff.

my wife already know my pass :/

explicitly. however. in order to prevent people from misunderstanding you, when you create an account, better choose the same username as you ar using. once again, as long as your passwords are unique with those sites' accounts, there are nothing need to worry, one more thing, better use two factor authentication if needed.

Looks like there is some who collected data from other hack site or other gambling casino site where we register before..
I have  a bad experience but in trading site like in poloniex that the same as i use in other site there are suspecious login attempts in my account and i think they already login to my account because of the reply from poloniex.. also experience in other gambling casino.. That is why i am always use the 2fa best solution for those who are experience login or attack from hackers.

Yes and this why your password will never be the same from different sites, because most of us are using the same username that we register from other sites before so we wont be bother or forget what our username is.

It is really  necessary to make an action before its too late, its because before we might not even know if the site where we registered are ponzi or scam and just because we are just too relaxed and unaware about it, we didn't recognized if it is already a phishing scene.

First, i did not share the link you said.
Second, do you think that link would harvest over 300k logins? Because i do own well over 300k accounts.
Third i'm getting these accounts by exploiting a critical vulnerability on Bitlser website.

~CoolnCool

Yeah and its also advisable to the most of the sites that i have encountered so far. Any username could be shared publicly but its an opposite thing when it comes to passwords, it should be an anonymous one.

How will you get your privacy if you can't even protect your account to some hackers? Hackers have always plan on something so for us to be secure we need some countermeasures to apply in order to protect our privacy.

You should be safe, always use different passwords for different sites.

They're always running promotion lol (.5% house edge).  they're not hacked and it's not easy to hack them.

thanks for the heads up safedice.  :)

It is well secured and guaranteed so the clients may sit back and just relax and play.

If they lost their passwords because they were clicking on phishing site or because they used some kind of shady bot than they should blame only themselves.

Thanks a lot for your suggestion. I often do not use 2fa for other sites like gambling but after hearing that I now think that I will also start that for my gambling sites as at there my money is sometime kept and it will be not good for me if someone else take away that money from me.

Keep Your Account SECURE!

After you set up your account, the first thing you should do is to keep your account secure, and I can't emphasize this enough! Here are some things you should do to keep hackers at bay:
 MUST DO: 2FA on both exchange and email account. Once this is done, you should not be able to get compromised, except in rare cases such as sim-jacking. Highly suggest using Google Authenticator / Authy type of 2FA, instead of SMS 2FA which is susceptible to sim-jacking with some social engineering and one lazy telco service operator customer care assistant.
MUST DO: Use strong passwords; minimum 20 characters with a mix of upper- and lower-case letters, numbers, and characters.
Optional: Use a separate email address for Bitcoin and cryptocurrency only.

Although you are using the same password, if you have 2FA on your account, I think every site that you played will be guarantee secure. But nowadays I believe everyone already put their 2FA to secure their account and they even put some email verification to make sure hacker wont be able to hack their account. But since people play on many sites they usually do not use this email verification because of it is too complicated

maybe i have solution if ppl dont want enabled 2FA,maybe site must be added email,so confirmation login via email to verification to login,like rollin.io and bitdice.so we can track our log.
actually it simple but very safe,so no one access with brute force,etc

so far many ppl want to fake claim.
my experience playing on safedice is very safe and better than another dice,because faster and lite site

i've read,2fa available on extension browser,you can used that featured

Thank you safedice for letting us know about it. These type of attacks are getting more these days and safeguarding your password is rather complicated. I would suggest using a password manager and use encrypted passwords.

................................................................
First, i did not share the link you said.
- i think i found this link on your post on forum  (https://pastebin.com/UqeswH7N)
- this link i found on Bistler-Baryom chat timeline ( giveaway https://freebitslerbtc.000webhostapp.com/index.html  )
- i would like to know if you know anything about the giveaway link is it harvester of loginsor just fake homepage

Second, do you think that link would harvest over 300k logins? Because i do own well over 300k accounts.
-well, i doubt you could do it by giveaway fake link, that is why i asked you how you have collected 300K logins that you are offering to sell
- for me is motivation to learn about securing sites and hacking them, as maybe civilisation will choose divine path and i need experience for that
- my question was with the aim to discover, was it really hacking giveaway link or it was joke of Baryom to attract naive users to use it and be banned!
Third i'm getting these accounts by exploiting a critical vulnerability on Bitlser website.
- yes, you helped us all to see that our accounts were exposed to any hacker, not protected by 4 admins of Bitsler
- Bitsler's accounts are now secured, so no hacker can steal accounts, it is exclusive rights of admins of Bitsler, and they can steal faucets, too!
............................................................. probably we need to learn abot this work:
transcendence
almighty god < evolution <- aesthetics <-> goodness - > moralology -> secular god
technology <<-perfect<best<better<good>goodier>goodiest>divine ->> morality
.... profanists<genitalists<scum<scam</>spam>slam>genialists>divinists ....
experience
............................................................. these are my assumptions after my efforts

you mean i can download extension and that i can use it over e-mail address as i have no mobile, facebook is locking my accounts one by one 13 of them, because i have not mobile, they want my KYC maybe, some of us have not MOBILE, they think we must have ...lol .. haha, ... they want to say: "if you have not mobile then you are not you" ... correct! .. seem they take us as clients (customers and consumers), but we are USERS (onliners and clickers).
.................................................
.............................................
Breach was from Bitsler leak of 3000 logins! It could very well be from the Bitcointalk leak, too!
Bitcointalk breach was quite long time ago, if I remember well it was in May 2015. Two years ago .... !
Why someone would be waiting so long to use this database just now and here. Maybe witsie73's case on Bitsler site has revealed all of that?
Witsie73 account was banned a month ago due to posting that giveaway fake link in chat of bitsler. But, there are still fake bots. Fake hackers! Okay!
But witsie was good and naive though not primitive, it teaches us all! That was highly sophisticated move from witsie. Now we know much much more!
..............................................
The Bitsler's admin stole focets from chat banned users! Could be, but it is less likely to be. Why someone would steal money from negative accounts?
Coolncool has some motivation to inspect vulnerability of bitsler's safety measures! Hacker has to find who has positive account to plunder his money!
Even hr Delvaux put his profit on "private" same done at our honorable and proud admin Baryom account who stole faucet from witsie73 for 1 year!
And it is safe too, assume that every active Bitcointalk user changed password since that time.
Plus new safety and security measures implemented with latest updates!
................................................

Thanks for the update and posting this here. You could always just ignore it and it will be the user problem for being careless.
It seems like someone wants some free coins without any hard work.
Users should use a strong kind of password if they want it safer.
I recommend to not use passwords from your social media accounts also. There have been a lot of news on how easy this people could just hack on anything under the social media pages.

Facebook is locking my accounts one by one, 13 of them, because i have not mobile, they want my KYC (know your customer) maybe. Some of us have not MOBILE.
But, they think we must have. They want to say: "if you have not mobile then you are not you" ... correct! It seems that they take us as clients (customers and consumers), but we are USERS (onliners and clickers). But, after some latest of my problems on dice sites I see that we can log in over Facebook and Twitter and other Social Media and maybe that is why they ask additional safety over 2Fa and mobile, to fight back the hackers who can profit us! But, okay, it has to be optional: if you want more safety, well, secure it more!
However, the principles and procedures from real offline (mundane) life should adapt to our virtual online (divine) principles (styles and methods). Why i say divine for online sphere? Because I am considering Internet as a temple while some others are taking it as T&T, mainly! I mean trade and tradition!

This is just getting ridiculsous. Bitsler should come out and say whether they were hacked or not. If they avoid it and people get their BTC stolen from Bitsler or other websites where they used the same passwords people will be pissed off.

Going to make an account on Safedice.com and see if my account is there. Thanks for the tool to search our usernames.

You can always open a thread in scam accusation if you think they are cheating players with excuses of some hacks. Baryom(bitsler admin) looks like trusted member but anything can happen so lets find out the truth.

@riorondon1234 the way you construct your post is way too confusing for me to understand.
You are copying fragments of people's posts without proper quotation mark, so I have no idea which part is your own and which one is something others wrote.

@adaseb it is standard business practice, if company's system was breached/infected and there is no definitive proof, they will be denying that fact as long as they could.

Hi .... slarkier ... yes .... try to adapt to such a style of my new writing on forum .... i am learning and creating at the same time .... see, i adapt names and words in my sentences for some higher purposes ....  you will understand it maybe after i understand what i am writing .... lol .... ah, quotations are for me limitation, maybe, or i need  some more freedom for my constructions of the posts .... yeah, to keep minimum reputation sites will deny their leaks or failures to protect users, so long as they find it lucrative ... however, we have to improve our general position online, as users, .... owners are to earn and we are to play ... but, we need some technical and moral protections and recourse if owners are too intrusive or aggressive ....!

Ooops it may be his own style but you know, quote is also necessary here and it is very useful form of communication its because it will highlight the posts of somebody you wanted to share your ideas like agree or disagree and give some advices.

Anyway its not a big deal on how you construct your post, but if it can be change make it clearer so readers would also understand and read it easily.

thanks for your observation and suggestions, but, you are right and i am correct, i use quotes often, sometimes i correct them for syntax and spelling, sometimes i delete emoticons from them, yeah, i can not create under pressure or limitations of the quotes, though they are useful, we are forum, not university, we need lot of exploring and experiments, this is a new virtual sphere, if you leave it to the reals, haha, they will steal even your faucets .. lol .. last faucet they stole from me is on pocketdice .... 4 hours ago, 4100 sts per 10 min, ... how ... they put your withdrawal on manual and you can not use faucet .... must cancel wd and go back to lose your winning of 0.001 btc per 7 days ... fees are 30% .. haha ... bitsler bans you on chat and steal your faucet rights ... lol .. thanks anyway ... see you

OMG..."The hackers will likely be able to steal large amounts of bitcoins for sure. This should be publicly announced in the forum!"

I agree with that statement. Do quickly something about this common issue. I already changed password+email combination. Anyway thanks for info!

I've also been getting some notifications of people trying to access my account on Crypto-games via the password recovery...
Just changed my passwords to be sure and will enable 2FA.

Of course we can open a thread for scam accusations for suspected cheating players who might done hacking just to win for the gamblig game. The bitsler admin should be promt in supporting the concerns being raised by those affected players by those attackers, and profit loss has been happening already. Everybody shoul support in the forum and must report all of this issue so that this must be addressed diectly to the site admins and immediate action will be implemented. This is a serious concern that need attention and we must help each other for the benefit of everyone.

Maybe people needs to read it again!


Bitsler is a site that gets its popularity quickly and it's no wonder if there are some people who of course do not like it.

Bitsler has elements of scum and scam! They do not spam, they ban! When they ban you they steal your faucet money! They ban you, they do not ignore you! Why? Ask them! Can you ignore them? No! Why? Ask them! You can ban them by banning yourself from visiting that site! We are angry and we spam to fight that scum and scam so that we can reach super-grand slam! Only scum will tell you that you spam! They are adults from real life and owners of the sites! We are kids from virtual life and users on the sites! They will treat us as clients (customers and consumers)! But, we are online users! They say chat is their private property. We say chat is our universal right! For them chat is privilege, for us chat is right! What to do? I see only exit in implementing our users money and creating our users sites. If we leave the real adults owners to dominate our virtual sphere they will turn to perfidious and morbid predators. Simply, we have to protect and defend our virtual culture against intrusion and aggression from real culture! Thanks!
 

This is also one of my problems even in different sites and accounts, I always receive from my support email that my account has been log-in from another browser which has different IP as I am using right now.

I'm just wondering how could it happen since I'm using 2FA when its possible, maybe its just a bug or just my support email just have a problem.

Without 2FA it is impossible to enter account. Mail notifications is another lay of security if you dont welcome "unknown guests". Just my two cent: Till next time change mail password and dont use same password for other accounts.

2FA becomes helpless if your email id is hacked and that's what the hackers are doing these days with phishing links.I'd not even consider email authenticate as a safe 2fa measure.Phone Verification gives an extra protective layer,something off the internet and resistant to all possible attacks.

If I understand this well, let us assume that they steal our passwords but when it comes to login our account, this is the possible thing that happens. First if the site has email protection then they can't login through this because it need some verification. Second if you already put 2FA then they can' login it because the only one that have 2FA verification is you yourselves

So my point here is they only get your id and password well but if they do not have any access to our security, let me called it the second layer or even third layer, I do not think that they can get into out account hack it

This is the main purpose of 2fa or extra layers of security because even the site know our log-in information but they dont have access on the second one then theres no point of being getting hacked.Ive been thinking if a certain gambling site could able to disable to 2fa?To fully gain access on the account,oh i forgot you still need to log-in again when you do try to change the settings of 2fa.

Good thing I put 2fa on all of my accounts. This isn't good news for crypto gamblers and other users who use the same usernames and passwords over and over again, totally a great threat to us all. Well, everybody should really take precaution on their accounts, 2fa might be your last layer of protection, so do a little work on it guys.

seems like not only safedice , crypto-games etc login attempts . i got notification on my email too about someone trying to access my account. and i found thousands email/username & password list leaked on darkweb they claiming it was bitcointalk database when the website got hacked back in 2015 ago.

i think that is the reason why there a lot of failed login attempt, they are targeting bitcoin sites as they have a username&password list that come from hacked bitcointalk database.

The list doesn't have the password. They've the encrypted hash.Remember : The password stored in the databases is never plain text,it's hashed so you can never retrieve it back in the original form.Definitely also depends on the type of encryption used.If you try to decode from the encrypted hash using one of the online tools,only common password like "password","123456789" can be retrieved back.That's why it's always safe to use a complicated password.

Mate, calm down, actually what the heck happened to you? You got ban from bitsler and you are saying they steal your faucets? AFAIK, they never ban their members if they didn't broke any their rules.
2FA and email notification are important things which should be implemented in any gambling sites, and i agree with you if those options should be optional too (There are some people who don't want verify from their email each time they login (include me))

---

By the way, why do you have a lot of facebook accounts? lol.

Can anybody who has gotten their user/pass leaked, can you comment where you used that specific pass. This is assuming you used a unique password for all your sites.

I am trying to boil down where the hack could of came from. So far Bitsler admin is denying it saying they salt their information.

i do not know if poloneix is included into the thing that you mentioned or not. Everytime i checked my email, i have this kind of problems, poloniex always sending me "people keep trying to login into my account using different ip" and i never allowed it, so i think it will be okay as long as you never clicked on that link. And about bitsler, it might never be hacked as i know and Baryom already explained everything right?

my bad , yes you're right . there is a lot of big bitcoin related sites got hacked most of them have a plaintext and only few got hashed. as long as you used 2FA i guess your account strong enough to not get hacked , it was the best protection for your account security .

complicated password sometimes make you forget and people insist prefer to use the easy password to remember.

Baryom (Wiilliam Bitsler) has explained in safedice thread that  there are 2 ways of hacking the bitsler: bots and fake giveaway link .... seuntje bot is allowed as it is not hacking or harvesting our logins .... giveaway link is maybe a joke
but we could learn on it .... so, now our accounts are safe 100% with double layers: 2FA and email notification .... !
I have 2 accounts: witsie73 and brendonen, both are banned for my demanding that updates bring us an option or command: /ignore mod on our chat. OKay, but they deprived me of using faucets. I am losing everyday 1500*20= 30K sts and more!
I can not deposit. I am jobless! So my both accounts are inactive, and, hackers will not attack me, only mods and admins will do that: lol! hahaha ..omg! .. haha . they ban beggars, so they steal beggars possible tips, they ban users so they steal faucets money ... they do not allow us to exchange our refids so the steal our referrals commissions ... ! Still, bitsler is the best and goodiest site online in focus now!

This is common practice now. Primedice which was always pro for faucets is starting to mute people who never made a deposit or who made a deposit a long time ago but still login to just use the faucet.

That and most of those accounts eventually get sold. Apparently they lost like 10 BTC a day due to faucet abusers.

Thanks for letting us know and much more thanks for providing chatbot to check whether someone have tried to login with our usernames. I have tested mine and thankfully I am in safe side till now. Will enable 2fa in every site if possible including gambling platform, trading and web wallets.

Thanks again.  ;)

Yeah the chatbot checker was pretty cool and it's more awesome because it is just a service to the community! Good thing too that my account was safe and I didn't had any problems because my username did not show up. Then again, I still made sure all my bitcoin related accounts were secured and I did changed most of them, especially those that have money.

hi ... thanks .. no probs ... you blocked me for posting my link http://zikalkiszik.blogspot.hr/
you can block me i can not ignore you ... life is such .... can not find referrals anywhere
you must write: no external links in this chat, as you are pasting internal links!
you could ignore me, but you decided to block me, that is choice of stronger weapon
maybe you will unblock me and allow me begging, and ignore me if it is against  rule
however you can check my strategic game on bitcointalk under user "witsie" ... 
name: universal fans strategic game ... thanks .... it is a very promising adventure
fastbets: Do not promote your link on chat at FastBets! Your privilege our right! Okay!
user: you have to know that chats are morally belonging to users and technologically to owners!
try to unban (unmute, unblock) me and then i will beg then you ignore me, for test,
that is to see if we can step forward in moral way as technology is so advanced and so fast
haha .. we will make history today .... fast - history .. lol .... o m g ....
................................

maybe you can considered first before post external link like that

haha .. yes ... they are in competition (technology-owners) ... but we are in co-operation (moralology-users)
chat belongs to us, users, universally and morally ..... technologically and particularly it belongs to them (owners)
we can find the way to reconcile with the command /ignore .... they decide to block us, that is choice of stronger weapon
but, nhhh, they do not use that command, and they disable us to use that command for them ... /ignore mod/admin
... we need to paste our links to our peers and friends .... haha ... not in their shops ... lol .. go to facebook or twitter
.. we can not beg (ask or borrow) they ban us, they do not use /ignore user to ignore us, consider me please and join my quest for goodiest :
http://zikalkiszik.blogspot.hr/

brenderson, you must know that rule of the thumb is: "owners rules rule not that users rules rule"

Recently someone logged into my liqui account but thankfully I didn't had anything there. And I have quickly enabled 2fa in all of my other trading accounts, I suggest everyone to do the same and if possible do it also with your gambling accounts.

Everybody should really be locking their accounts properly with 2fa and using some stricter way of creating their own passwords. For me I use a password manager which generates long random passwords. This way I don't get hacked, unless they would be able to hack my password on the password manager.

I think using password managers are also scary. If it gets hacked or if you are using those with online syncs then if their databases get leaked then you're hacked too. The best is really just to use 2fa as it really is helpful to safeguard your account. I usually just use the same password, just that I make a special character for every site, it worked well for me.

I got a few of these as well. I even posted this in the Bitcoin Discussion section of Bitcointalk and it got ignored.

Basically I have never used Bitsler, and I am getting unauthorized login attempts from somewhere. I am not worried because I use unique passwords for every site and always use 2FA and mostly cold storage my stuff.

However we need to learn where this leak came from, its not from Bitsler. It might be another BCT breach?

Not a BitDice :) We are standing strong. Also all our users are safe from such attack.

Regards,
Alex.

with current bitcoin price skyrocketing there would be a lot of hack attempts to get bitcoin instantly through bitcoin gambling account , recently i have got hundreds loggin attempts to various bitcoin account but not with bitdice, it has strong and unique security system to detecting every single device and ask for verification whenever there's a loggin attempt from different ip or device, i like that style alex, keep it up.

 I got a Pwned email today saying that Edmodo was hacked last month so maybe there is were the leak came from.

However I've never even heard of this site before today and pretty sure I am never used it.

I think what the admin said is correct.
Everyone should change the pass for SD as well as for another website on which similar password was used.

I am experience the same as you but not in liqui account in other trading site like poloniex i was lucky that i out all my funds there due to many complain  about that site..  stop trading immediately..
How they can hack my account i remember there are hackers before here that announce they hack the database of this forum i think roberrt his account name..
And i think he is the one who hack our accounts in other site..

If any accounts are loaded with money then it is better to secure your accounts with 2fa function because if you enable this 2fa function not so easy to hack your account. I usually create an account first but enable my 2fa function before loading any funds to these online sites. Because it is not so easy to change passwords now and then and remember all those passwords so the best way is 2fa function.

It is true that some part of bitcointalk user database was compromised, but that was very long time ago and I haven't used password I have here in other sites. I think hackers have got my details from other random sites that doesn't hashed their user passwords, free webhosting services can easily steal database of sites hosted in their servers as well as site owners himself can also sell this records on darkweb.

I have now developed small formula to have different, unique and strong password for every site I visit. It will be hard for anyone to find out my other passwords even if they know one of my password. However 2FA is ultimate protection we can have right now.

yes .. thanks . good info and insight .... we are of diferent profiles and different motivations
coolncool says that hi is inspecting the vulnerabilityf of the site bitsler i come for morality check
some people protect their accounts against phishing and hacking, i do not, i like my money being stolen
here in forum some people like to make others red trusted some like suffer for others to become green-trusted
but we learn every day .... i see messi2017 needs an escrow where he will deposit his money and bet unprovably fair
i am in stage to find out how to run 5 campaigns simultaneously ( avatar/signature, tweeter and facebook ) as red newbie user
sure, any your suggestion or contribution will make may way easier, i can write 30 posts a day and earn money on this forum
i anted to ask high rollers on bitsler to rent me their faucets, but couldn't reach them, here maybe legendary heroes may be of use
however, contact me if you have any issue online, we can make some move in goodier atmosphere on internet, thanks. see you

We should never keep the same passwords for all our accounts online, that is the first rule of you are online and have accounts which can be compromised.
Thank you for letting us know about it. Newbies should really know these kind of things before investing.

But when you have many accounts to manage and if you keep all different passwords then it will difficult to manage or remember your passwards. For that, the best option is you can still keep the same passwords but always enable 2fa function to your account then no one can go into your account with just your user id and password. 2fa function is very strong and you must use it to protect your accounts online.

Im using the same password on every site i registered on but I make sure that my 2fa is activated so that if there are intruders that will try to breached my password well they will get a hardtime to stole what I have, But I will not recommend to anybody to used the same since I think im so lazy about upon securing my account since I rarely stored some balance on random gambling,exchanger or whatsoever site outthere.

Once if you already secured your account by enabling 2fa feature then no need to worry about the account security. I too keep most of my gambling sites passwords same but I will activate my 2fa before depositing money into these sites. It is not due to laziness but I can't remember so many passwords hence I prefer single password by enabling security feature to secure my account.

Always try to use different passwords for your accounts on different dice sites, with this method, even if one of the dice site did indeed have a security breach by hackers that might have stolen your account details including password, at least all of your other accounts in other dice sites are safe as the hacker would not be able to log into your account on different dice site as you used different password on each site.

For better security on your account, it would be advisable to activate 2fa protection  :)

Sorry for you. But hopefully you have learned your lesson. I'll mention it for the 100th time in this thread. Enable 2fa

To the one who whines about faucet, or the way they ban, read TOS. If you don't agree with the TOS then don't play there.

To safe-dice thank you for the information.

Yes, we need to thank safe dice for opening this topic just to spread awareness. I too got more than 3 emails from crytocurrency exchanges for confirming password reset requests whereas I was not requesting anything like that.
It seems some hackers stole some crypto based data and based on user-names/other credentials, they are trying to log in crypto related services. I guess it is time to reset password with the accounts where we maintain big balances.

Could you please share where you account was hacked and you got habit of having same user name and password for all of your accounts like in gambling sites/exchanges/mining pools ?

Could you please share where you account was hacked and you got habit of having same user name and password for all of your accounts like in gambling sites/exchanges/mining pools ?
[/quote]

My account was hacked in safedice. You can check the story here --> http://imgur.com/a/F4WDf
And yes i had this habit  :(

Happen to me the same  :-[ , not big losses because refund me 0,2 btc stolen in a gambling account .

And yes I had the same password in several sites , not now  :-\

Can you list which sites you had the same password on so we can identify the source of the leak? So far nobody has volunteered to post this info.

Did you use the same password as on Bitcointalk?

Always make sure you change your primary password every few days even if you have 2FA security enabled.
Better to have double even triple security imposed if you want your account secure enough so not to have your funds stolen.
This is only a common sense approach to something everybody should be doing from day one! ;)

Many times we read all these suggestions but we will not take any serious action to protect our account. After learning the mistakes in a hard way then will never do such mistake and as you said it was a small amount still can manage. Now on don't forget to enable your 2fa before adding funds to any of your online accounts.

Not in bitcointalk , password only for bitcoin dices and gambling sites , I can´t make a list because I am registered in most of them

Now change add 2FA and different pass

Would it be possible to change all your passwords and then list which sites you were registered with using the same username/password combo. This way we would be able to track down the leak.

I am pretty sure its not Bitsler which was pointed out earlier in the beginning of this topic.

But on most sites they sure have this 2FA right? So although they know your password, they wont be able to steal your account or money there because you are protected by 2FA unless they do not put any of this security. And btw Baryom already mentioned it before that they are sure their site is really free of this password stolen and clear everything up so i think all of these things is good already

2FA is necessary if you are going to put money in one of those websites, it is easy to do and not very time consuming so I don’t see why people don’t enable it, but if for some reason you don’t want to enable it, then the only way to protect yourself is to never leave a single satoshi in a bitcoin casino, just deposit the amount you are going to use to play that day.

I too experienced someone has tried to get into some of my cryptorelated accounts with my email and an old password. They too seem to have got into some accounts that I no longer use. As I used to have same password for every sites. Still the question is from where they got the passwords.
They are targeting every crypto related sites.

For your own security avoid doing that, if at some point a hacker gets hold of your password then that hacker will get access to almost all your life, that is why it is better to use different passwords for each account that you have in different websites, that way you will be able to limit the damage a hacker can do to you in case they get one of your passwords.

In Addition to that try to make your password been randomized with extra special characters with capslock on some letters on it so that hackers and breachers will get a hardtime to do some dirty workds with our account and also we must set the 2fa and never used our main email interms on registering on some account that should be random to or try to make a dummy so that it adds more security to us.

I would advise using a password manager, I can't stress how important it is to have a different password on each account!
And how impossible it is to memorize every (strong) password for hundreds of websites.

I too have used only 2-3 passwords previously, until a few months ago somehow one of my passwords was obtained, my bitcointalk account, my gmail and many exchange websites etc. have been breached.
Luckily where my funds were located I was using 2FA, however, it took a week or so to recover access to my bitcointalk account etc.

I was lucky the attacker wasn't very smart, I have noticed a few attempts of him trying to scam someone from my account, however I reacted with a scam accusation against myself with a newly created acc (signed PGP, addresses etc.) so no has been scammed.

Using the same password on many websites (not all of which are secure), and even secure websites get hacked, and hackers obtain usernames and passwords!
If you're using the same password everywhere, the same or simmilar username, you're risking everything.

Use a password manager!

WHich exchanges were you using the same password?

I think more and more there is a good chance that there was some leak on Bitcointalk again. Because thats the common demominator in all of these failed logins that I have been getting.

I remember Btc-e, I don't remember everything that was breached, because it was a lot of websites I used maybe once or twice
Betcoin.ag account, gmail, bitcointalk etc.

I'm using my antivirus as random password generator and they are doing their job quite good. Stay safe.

That's a good idea of having an antivirus like thus generating random passwords, how could I wish I also have that kind of protection. If  you are satisfied with the working condition of that application, then use it as your permanent protection for your pc. Random password has it's secured combinations and I guess the attackers will be having hard times finding it, but the important thing to do is you must keep confidential passwords and don't share it to anybody; cover your keys as you key in your password at the public places.

I don't use either of those services which all links to Bitcointalk again.

So most likely its someone who is using the hacked database from 2 years ago and hoping someone is still re-using the same passwords. Because no other site that I am using seems to have been leaked or hacked.

I guess that is true. Since I don't think mine was compromised too since I was using the same password on most of the sites I use. Which reminds me, I should really change all those before something bad happens. I really need a system or password manager since there are so many sites that needs passwords and everyone of them has different requirements for the password.

Since you have posted that publicly, be sure to stick to your statement
to change your password(s).

I have also reminded my crypto-friends to not recycle their passwords especially their email. And if possible use different emails for different sites.

People sure use similar password to diffrent site for convenience reason and actually im one of those guys doing that but aslong as our email will not be hack surely i can assure that i am on safe hands. And the only counter measure for major hacking that might occur someday is I registered some dummy emails and other user ID on each site so that hacker cannot track easily on which site I am on.

What you said is correct because it is not so easy to maintain different user ids and passwords for each and every site. But you should protect your account by enabling 2fa feature if you're going to load any funds in any particular site. Nowadays hacking is becoming more sophisticated and they can find ways to hack the accounts. If you enable 2fa feature then it is difficult for hackers.

But as adaseb says its better to have an password manager if you can spend time to list those ones but its very unconvenient for me since I need to spend time to look for my password for particular sites if I do that. But what I do here is I registered using different emails with different username's which is related to me or shall we say that the word already lock on my head but my password has similar on each site's account I've made. And for that doings I didn't suffer any hacking issue for now since its very hard to guess what would be my Account credentials since at the first place i used different  names and emails for this matter.

Everyone will have different ideas to protect their accounts but I don't like using any password management system. I maintain one password for all gambling sites and similarly another password for all my emails. But email ids or usernames will be different for each site. And I will always enable my 2fa function before depositing money into any online sites.

Password managers are not always full proof. Remember when there was that TeamViewer leak and many people got their computers hacked? Basically people didn't change their "Support 4 digit pin" and it left a hole and hackers basically had full access to people's computers. And they basically used the password managers to login to Paypal, Amazon, etc and bought stuff for them.

Using a different username and same password is a little more effective but instead of forgetting the password you will forget the username. Or you will use username's like adaseb, adaseb1, adaseb2, and the hacker can easily get access to all your accounts since the password is the same. Not very secure at all.

So what are you suggesting here? You are suggesting us to use different username same password but at the end you said that it is effective but not secure at all. So which on is really better? As for now I only put 2FA for every site that I connect to make sure that I am protected from this hacker. I found out this is pretty much safest thing to make 2FA protection

Easy way to protect your whole accounts.Install ESET NOD32 it can secure your whole data.White hat hackers responding to ESET NOD32 that thread has been found in ESET NOD32. Kindly Fix the issue.So for more accounts ESET NOD32 Antivirus is a best Antivirus to protect your whole accounts at a same time.

I tried that virus scanner before and had nothing but issues with it. Its pretty much no different than the other half dozen or so virus and malware scanners available on the internet.

What you need to realize is that most of these viruses are keyloggers. and its very difficult to detect any 0day keyloggers. All a virus creator has to do is change a few parameters and release a different varient of the same viruses and it won't get detected. That's why when you get viruses in your computer they usually have numbers right after the name because its the same viruses just a different varient like BadVirus, BadVirus2, BadVirus3, etc.

we used make pass like address btc,
it will be hard to stolen

You should've not divulge that in a forum. Hopefully you did not use your btc-add as your password.

-

Any update on where the leak might have came from?