Bitcoin Forum

Gmail just told me unusual activity and text me. I had changed my password.
Salt cracked?

there are hacked passwords floating around... change anything that you have the same as that password. facebook/bank/porn site/ etc

I use a completely different pass on my gmail, but I got the unusual activity too  :-\

I got it too just now..it wasn't even the same pass as my Mt.Gox though. Maybe it thinks the email from Mt.Gox is suspicious?

WARNING, IF THEY TOLD YOU IN EMAIL, THE EMAIL IS FAKE, DO NOT CLICK ON LINKS!

This is just a phishing attempt using your email address.

YOU CAN'T TRUST WHO IT SAYS IT IS SENT FROM

EDIT

This is legit, I wonder what they are detecting.

Same thing here.
However, I extracted just my user info from the db and I'm running john the ripper on it.
It hasn't cracked it so my guess is someone is just going directly after the email accounts.

I'd say it people trying the passwords from the CSV and not being successful but it still looks suspicious to Gmail.

There is no salt with the passwords. Seriously, I rented an Amazon high CPU instance and went crackin' away.

These people deserved their accounts to be hacked, seriously.

Its not in links, its after you directly log in to the site.

No it's not an email the gmail logs out and you get a seperate page then they have to text you and verify you. Pitty Mt wasn't this good

I got a notification of that as well.  >:(

gmail may have got wind of the list and tried to protect users on it ?. bit like what facebook did when lulzsec dumped that porn site database

Lol  :)
You should do that on your GPU farm ;)

I just posted about this, previously. It happened to my hotmail account once I signed up again for Mt Gox to post something to their massage page. It seems to have happened at the exact same time.

I got this also, my andriod phone had a warning on it that it failed to sync with Gmail.  So I logged in on a browser and lo and behold i had unusual activiy.

So not only has MtGox stolen 47.22 from me on a dwolla transfer on 6/5, they have negligently stored my personal details in an obviously insecure database.

Thank you Mt.Gox.  Never doing business with you again.

+1

The suspicious activity list doesn't show any logins from others so people must be trying (and failing) to access my account.

My gmail address was in the leak as well.  I use unique passwords for all accounts, luckily.

I got this message too when trying to log on gmail, but im not receiving any code by the telephone i provided so i just cant access my gmail right now.

My pass was very different from the one i used in MtGox so what could be causing this? Just are some people trying to access my account?

This happened to me too. Maybe Google has seen the compromised email list, and just as a security precaution is making everyone on the list change their password? (My password on Gmail was completely different than on Mt Gox; both were randomly generated.)

But mine was a paypal notice and it was a phishing scam, not from paypal.

They claimed there was unusual activity on my account, but the return address was a spam mail addy.

Same here.  Good luck cracking my password.

I'll give you a headstart.

Listed salt $1$ZBJdbkqZ$
Listed hash MD/Ln/Ro/cOFIPpWYMHpA.

My password starts with a letter, ends with a number, has a symbol, and more than 15 characters.

If you crack it and post it here I'll send you the remainder of my mtgox funds ($500)

got the same. thought i wasnt using the same passwords across sites, i changed them all anyway. just to be safe

Had received the code and my gmail account is fine.

It can be gmail security for this leak event or just suspicious acticity on the web trying to access my account.

1. Where'd you download/get this info?

2. Assuming I know my password is one of two things can I figure out what it is using this?

Not sure why but my IP was banned yesterday so I logged in from a different location (worked fine) and changed my password. I'm not sure if my old password or new one is in the data that was stolen. Either one is ~18 characters. Am I pretty safe either way or is it true that these aren't as well salted as mtgox claims?

I told Mike about this thread, but he hasn't responded yet.

Anyway, our resident Google employee is currently locking every account on the MtGox list.

<TD> yep, sorry folks
<TD> there's no way to know which passwords will get reversed and found to be shared over the next 24 hours or so
<TD> this is a standard procedure when faced with password leaks

I just had this happen to my account too..  frozen out of Gmail when trying to login. I had to verify my identity via a SMS.

Google froze my Gmail account until I revalidated it by SMS. I guess someone is trying the cracked MtGox passwords against the corresponding Gmail accounts. Luckily my passwords are both very strong, and are different.

The fact that gmail, of all places, responded within an hour of mt gox, just goes to show how awesome they are on security.

Hi guys,

The reason your Google accounts have been required to change the password is that you appeared in a list of public MtGox accounts. We do understand that you may not have been sharing your passwords, unfortunately as they were leaked in hashed form it is hard to know which ones will be found to be sharing passwords and which won't - this will be found out by brute forcers over the next 24-48 hours.

Again, apologies for the inconvenience, we know that choosing new passwords is a pain. Requiring password rotations is not a decision we take lightly. However this is standard procedure for credentials leaks. It is to avoid accounts showing up in the black market for hacked passwords, as Gmail account access can be used to obtain access at other sites (PayPal, Facebook, etc).

thanks,

Mike
Google abuse/anti-hijack team

My respect for Google has only increased due to this quick response. Thank you!

Thank you Google for your diligence.

Yea same happened with my secondary gmail account. Mt Gox is in the shit now. I'm lucky I haven't done any business with them so I haven't lost anything other than trust in their systems.

Situations like this are why I'm glad all of my passwords are different and random.

All passwords should be different and random. Use something like keepass to keep track of your passwords.

The reason you get the g-mail warning "Unusual acitivity detected" or something similar is because your e-mail is on the list on leaked e-mails from the mtGox db compromise. So If you have used the same password for mtGox and gmail for instance, this is used to protect the users so that in the event someone bruteforces the password hash in that leaked list, they will not have access to your gmail-account. Of course if you used the same password for both mtgox.com and gmail, you should stop doing something like that in the future.

The source of confusion is that google has only given a generic message, and not a specific one, perhaps this is just their policy, I don't know, but I think it would be better to give a more detailed explanation to keep people from getting worried.

Most likely your gmail account is not compromised at all.

I just got this notification, too, so I guess someone must be going through all the accounts that got leaked.  :-\  Had to do a phone verification, and I also got notification from eBay, to boot!  Luckily, I use different passwords.

I think I am done with MtGox.

I'm in the CSV file and my email account now appears to be suspended.  For privacy reasons, I don't want to name the email provider, but I will say that it is a smaller one that most have probably never heard of.  I'm guessing that someone is trying to brute-force their way in - the email provider noticed it and suspended my account for now.  But strangely, I can still log into my provider's website - just can't receive mail.

Still waiting on mine.  I changed all passwords as a precaution just because.  Its a shame that the email address is out there though.  I'm looking forward to cheap viagra and other dick enhancement offers. 

I want to point out that my email account is NOT gmail yet was suspended shortly after the CSV file was published.  So, that couldn't be due to the Google employee's help.  Someone must be trying to brute-force their way into my account.

Preemptive actions before things really get out of hand. Now that is a sound business practice right here.  

Just verified mine too...

I will never use mtgox again, any website that doesn't protect my email adress can go fuck itself.

Thanks!

It would be nice to get a better message than "unusual activity", though, seeing as how, in this instance, there was (presumably) no actual activity on the account that led to the lock. Maybe something like "A password for an account at <site> associated with this e-mail address has been leaked. Your Google password has been invalidated to protect your account" or some such.

I got it too, and I use a completely different (and stronger) password for Gmail than my password from MtGox. Gmail's logs show no access from unusual IPs, so I assume somebody was just trying to use my MtGox password on Gmail.

I thought someone was just entering random stuff into my Gmail, because both my Mtgox and Gmail are pretty strong. Guess not apparently.

Yeah, it's a bit misleading to say there had been suspicious activity with the accounts, since they have simply shown up on the list, and no log-in attempts may have been made what so ever.

Although It's much appreciated that google cares for the safety of their users so much. We need it, and you need it too.

Thanks Mike! Really appreciate it. Maybe Google could set up a BitCoin exchange?

MagicalTux: You are an idiot son. You've gone from respected by the community to despised just because you're too stupid, or too lazy to secure your website. I sincerely hope Mt. Gox doesn't come back from this. It was so stupid to have so much trade centralised in a website that used to be for trading pieces of card to be used in a children's game.

Go back to trading Magic the Gathering Cards, you fucking amateur.

Yes, we should have a message for when password leaks occur specifically. I will add this to our todo list.

Siiigh.  That gmail address of mine was one I use for 'serious' stuff having to do with money and registration on sites I actually care about (as opposed to all the freebie service ones, where I don't give a rat's behind if someone hijacks).  It was not widely available in the spammer circles.

Now it's out there for spammers and scammers to do their thing to.

Luckily I don't re-use usernames, never mind passwords, so other email and other services shouldn't be horribly impacted.

Thanks mtgox!  Seriously.  And if you couldn't fix your code after all the reports of being compromised there's 0 chance you'll fix it in the future.  Buhbye.

You should stop using every website then.
The fact that nearly every website uses an email address username/password combination for authentication and the fact that nearly 3/4ths of all people use the same password for everything means that all it takes is for one website to get hacked and people have a way in to almost every other site you are part of.

No security is 100%, but the number of hacks that have happened in recent months is incredible.
We need to rethink the whole way we do authentication on the internet.

Funny thing is.. I was in the middle of writing an article on this topic when I got the news.

Just wanted to say: my account on this site got hacked, my Steam account got hacked (with over $500+ worth of games on it), and who knows what else got hacked.

Suffice to say I'm fucking pissed.

I use gmail for some things, but luckily not for this.  If I did, I'd be super pissed at Google right now.  I use different passwords at different sites, so there'd be zero chance of a hacker getting into my gmail account because of knowing a hash of my mtgox password.  The inconvenience and condescending nature of involuntarily locking my account when I am fully aware it won't be compromised is monumental.  Plus, it's freakin' creepy.  Every day I like gmail less and less.

How is google supposed to know if you use the same password or not?  If they didn't lock it and you got hacked, you'd be complaining that they didn't lock it when they know your email address had been listed with other details that could lead to your account being compromised.

IMO google locking the accounts is a good thing.  You can't have icing on both sides of your cake.

HAHA such a load of cocktardism, they effectively did a huge favour/service for everyone but you would find some sort of problem with it and badmouth the shit out of them.

Or maybe google have just been on the fucking ball on this.  I use a different password on google. I've just been made to change it though. Now I'm gonna have to change the password on a lot of other sites too.  Fucking great work guys.

Get fucked mtgox, this is massively damaging to bitcoin and frankly, inexcusable incompetence.  

I find it to be quite interesting that government run gmail was so quick to react to this situation

same shit.
but what interesting, not only mtgox account-related e-mail was compromised, but e-mail, related to THIS forum, was too.
in result of e-mail-related leakage, some people, make some phonecalls[in Russian lang], in terms, related to e-mail[pretend to b careful/cunning ?].for anyone related to law Russian enforcement, can provide phone numbers.

I feel completely different. Forcing a password change only takes a few seconds. Just because YOU didnt use the same password elsewhere means that you are only one of the 25% who do that.. 75% of people share the same password everywhere.
This means that if google knows there is a big password breech by NOT forcing a password change they are knowingly letting people have their accounts compromised and could probably even get set up for a nasty lawsuit.

 No more MtGOX for 3 weeks :). Hope that TH will stand this mass migration wave (two hours ago it was hot as hell and as fast as snail because of overload).
 BTW, I didn't receive any messages or notifications from Google as far as my account was compromised as well. Am I doing something wrong  :P? So, probably Gmail is smart enough to mention that I've changed my password just after seen strange activities on Mtgox recently (ten minutes before the final crush)...  

I appreciate that Google is being proactive on this.

One question, though...I noticed it because my phone couldn't connect to e-mail.  When I logged in from the web site, it told me about the "suspicious activity" and had me change my password.  Had I not noticed and done this, and had someone hacked my password (not possible, since I didn't use the same password for MtGox as I did on Gmail, both were independently generated random strings), wouldn't they have just gotten to pick my "new" Gmail password when they logged in with the old one?

I can't log back into my account after changing my password.  :-\  Thanks for Google recognizing that my account may be breached (I'm pretty sure it is, I'm having trouble logging into Facebook). Sent a "stolen account" inquiry, hopefully I'll get my account back. Oddly enough, due to cookies I can still sign into YouTube.  ;D


EDIT: And after all this time I work out that the password leaked is the one that I made using KeePass, not my "ehh put in a password" password. Yay! I think.

Well you're probably right that 75% or more of people reuse passwords across sites.  However, I resent suffering just because a bunch of people have the same locks on their house, car, and work, and hung their keys up on the outside of their cubicle.  I guess gmail is just for people who need the hand holding since they are too lazy to use basic security.   

I would just like to say thanks to Mike and the google people for doing this. I didn't have the same password for google, so I was fine but I am glad you had the sense to take the necessary steps to mitigate the danger of a wider breach.

edit: oh and super pissed with mtgox right now. what kind of a dog and pony show are they running over there?

Mike Hearn, the google fraud engineer who develops BitcoinJ, got the list and forced a password reset for all gmail accounts in that list.

someone on reddit posted a photo of the hashed passwords, with the clear text password next to it.  the clear text is only the first two characters then blurred out.

I don't think that's true.  I've just tried logging into dooglus@gmail.com which was on the list, and it's working as usual.  I've not changed the password or been told about 'unusual activity'.  I didn't use the MtGox password anywhere else though, so I'm not worried.

I got my account deactivated today too. I never signed up for MtGox though, I wonder if they were just locking down all e-mails associated with Bitcoin.

It's true. Read the whole thread.

I mean it's not true that he forced a password reset for all gmail accounts on that list, because my gmail account is on that list, and no password reset was forced on my account.

It's basic logic.  Re-reading the whole thread won't change anything.

Your awesome thanx for the notice.  I pretty pissed my email was in there but i was using a strong password.
I only registered to MTGOX on Tuesday and my password was iamdana1qaz0p;/ so I think I'm safe.