Bitcoin Forum

So I logged in today to discover my email had been changed and a slew of messages and posts made on Wednesday the 10th (two days ago) had been posted in my name.  It doesn't appear anyone was scammed using my name...though apparently I now have 15 or so ignores...which I didn't have Tuesday.  Just a friendly heads up...use escrow for trades and verify it is in fact the person you are attempting to speak to.  It sounds like this guy was trying to buy forum accounts...which is odd since he obviously hacked mine indicating he really doesn't need it.  Anyhow, password 2.0 should keep them at bay till Moore's law is again proven right...then I'll have to upgrade again.

That's about as clear and understandable as all the posts you've committed lately.  :)

Yep...pretty easy to discern my posts from the impostor...but still don't like anyone soiling my name.

Is your password shorter than 20 characters? Does it have both letters and numbers, uppercase and lower case? Was it randomly generated or is it something you made up?

Ah, so that's why you've been acting so trollish. :)

Are you absolutely certain you weren't just really high and made those posts yourself?

My new password is much stronger.  Though I am curious if he found away around that, as he didn't bother changing the password, so it wasn't very hard getting it back.  He did change my email though...which sucks because I just placed a Lealana order.  I was afraid he'd tried to change my address on the order to his, since he clearly knew I had ordered them according to one of the posts.  Very unsettling to log in and see a bunch of people suddenly mad at you for something some prick did in your name.  

Whatever...I am connectable back to the real me, and the real me did not log in on the tenth...the servers have records of whoever did.

Definitely wishing I could apply two-form factor authentication to my profile for the future.

How much stronger? Length? Character set? Numbers? Letters? Upper Case? Lower Case? Randomly generated or the name of your dog?

Actually it's simply dog.  Thought I'd trick him by going the opposite route.

dog actually wouldn't be a bad password - nobody will try it as it's less than 6 characters.

A dictionary would

Dictionary attacks don't try 3 letter passwords when the "min password" is 6. Security by obscurity (not defending it).

Someone will brute force it, and it will start with 1 character.

I used to have a hotmail account. It had a 4 character password. "xcvb" or some keyboard pattern. Then microsoft decided to change the minimum to 6... I never changed it (grandfathered).

But ... ...

Dude, cut it. Sick of reading of your alleged account loss to an hacker. No, I don't believe you.

Believe what you will.  I have done nothing but try to better the community until the day this asshole decided to piss on a bunch of threads in my name.  Perhaps you established better passwords and have never had to experience this, but it is quite possibly one of the most unsettling feelings I've ever had, to log in and see someone else had stolen my identity for a day.  I don't even really understand his (I assume it was a dude) intent, because there was nothing really gained from the hack from what I can tell, just making me look bad, which if that was his mission, he was apparently successful at, as is evidenced by comments like yours Psy.

I honestly didn't think a very secure password was necessary...thinking, it's just a silly forum account...who cares.  Clearly I do now.

Even now, with this thread...I am attempting to better the community because if you had a weak password, and thought as I thought, my advice is to upgrade it so you don't have to experience this kind of annoyance.  I wish people were just better all around and this was wholly unnecessary.

hennessyhemp, maybe it's better you change the password now to 50 characters. then make a new one. forget the old one. start a new life, so to speak.

I don't know that I would remember a 50 character password.  I am much more interested in adding two form authentication.  Perhaps making a signature that is traceable only to me like John K does with his escrows would be helpful, seems like that would be much more difficult to fake. 

He seemed interested in talking to you a lot though Dabs according to the post history...perhaps you know him elsewhere.

I wonder if he was clever enough to have masked his IP, or if the servers would have that on file.  I don't know enough technical shit to know how to look that up...but it would have obviously been a different IP on the 10th than any of the days I logged in.

Start a new life...definitely my intention with bitcoin and crypto...hoping to make enough to start a real life hemp farm...legally.  May also try to grow some medicinal/recreational female varieties.  8)

I can vouch for Hennessy, his account was hacked.

Thanks Joint!  This whole ordeal has me seriously wondering how the majority of America runs around with a card attached to a 4 character pin.  50 characters?  The majority of Americans would wind up on an endless tech support call attempting to get a password reset...probably while speaking to an Indian fellow/gal.

Or if ATM's are secure because of password lockout after multiple attempts...perhaps forum accounts could have something similar?  If it locked up after a couple attempts, wouldn't that stop this guy in his tracks?  I highly doubt he guessed my password, pretty sure it would have had to have been some sort of password list or program that tries thousands of passwords. 

Can that be prevented?  Two form authy or multiple attempt lockout seem like two very viable options for curbing this kind of activity.

Then again, I have no idea how this happened, so it's all speculation...anyone else ever have this happen to them?