Bitcoin Forum

Apparently a couple weeks ago some sites started noticing unusual activity where there have been many sign-in attempts made with thousands of usernames.

At first Safedice caught this and cautioned everyone. Safedice assumed Bitsler was the leaked site.

However I am getting alerts of unauthorized login attempts with my username with various sites, and I have never been a member of Bitsler which means the leak is coming from somewhere else.

Anyone know of any Bitcoin related site that was hacked recently?

I know Bitcointalk was hacked about 2 years ago but most likely its something new since those passwords were all most likely changed by now.

For the time being, MAKE SURE TO USE 2FA

And in case it's not obvious, don't use the same password anywhere.

if you are not very good at remembering passwords then do something like

EaSyPassWord00/00/00website
(00/00/00=your date of birth or other meaningful thing you can remember that wont change in your life)
(website=the website your logging into)
and then hash it and use the hash as your password.

that way its always unique and has better entropy than
EaSyPassWord
or
EaSyPassWord00/00/00
or
EaSyPassWord00/00/00website




you will find that you can remember things better but have it

---

secondly websites need to start only storing passwords as their own salted hash.. not clear text. thats like ultimate noob error if sites are only storing passwords as cleartext

I have been getting these a lot lately. Got one on my bank account today. And it is only going to get worse. Audit passwords and email addresses every 30 days.

I heard this issue from some of the peers in the trading platform as some are getting password reset request in their mail ID which means someone is trying hard to do something and i started hearing about this a couple of days back and i am not too sure what is happening right now,always enable 2fa if you want your accounts to be safe.

Good password guidelines:
----------------------------------------

• Never use same username:password combination for multiple sites.

• Always use strong, random, composed by common characters passwords. Good examples of passwords are:

• SLKrAz2d5zp9LM4bAF9D5NiqsefwncDz letters + numbers, 32 characters minimum
• ]0=`Dn'r}WsGG(p7cs8CnW`a> letters + numbers + special chars, 25 characters minimum, use this one with caution, some sites improperly retrieve your password data and it end being different on their database then you cannot login back in some of them
• very food develop quartz joke boil desk side dusk oak kid under butterfly arm door beloved 16 or more random words password, easier to remember but longer to type

• Use a password manager software, like KeePassX. And a password generator, I have been using this: https://github.com/7ng3dk/passgen
• Connect through internet by using a firewalled router, do not connect directly or through unknown networks.
• Do not use Windows based operating systems. Do not type your passwords in public devices, nor print them using a printer.

I had no problems so far by following those rules. Then I believe they are safe to follow.[/list]

I think you did not get this, couple of weeks ago, there was this report that Cloud Flare was compromised and many sites actually advised their members to change their password and introduce  further security measures. That leakage must be the source of the rampant hacking lately. 

https://www.wordfence.com/blog/2017/02/cloudflare-data-leak/

the problem is using the same Email address in many different places. i have seen so many people join a lot of these random website's newsletters with the same email, so it is obvious they are going to "sell" their list of emails! and then you get attempts like this and it is mostly a try to find someone who was dumb enough to use a password like "123" :)

i don't think it is cloudflare thing though, because it wasn't really serious and from what i have read it was just a tiny possibility to affect a tiny portion of sites.

p.s. i have not received any of these warnings about login attempts yet!

I am yet to receive any of these email notifications. Then again, I don't live in the US and hackers probably target those in 1st world countries first if they have the chance to sort out.


I am one of those guilty with using an email for registering to multiple service and sites. I just don't have the memory to remember a lot of passwords. I've had several emails in the past but end up forgetting the passwords as well as the security answer. I currently have two and this probably would be the most I can handle.

I've learned and don't subscribe to newsletters anymore. They just make a mess of my inbox and as you said, they might sell their mailing list.

There are alerts from crypto magazines about possible more hackers activity on coming Monday onward as weekends are off to most of business world wide. I am afraid we may face/hear some more miserable hacking activities in coming days as they are on intensive hunting. As bitcoin is reaching huge value, we need to be more conscious to stay secured.

Day before yesterday, I got email alert from liqui.io exchange for trying to reset password but actually I was sleeping at those times.

last week or so i have veen getting emails saying to many log in attempts ata couple casinos seams one the casinos has been leaking or hacked emails