Bitcoin Forum

I received this in the mail today:
This mail was sent because the 'forgot password' function has been applied to your account. To set a new password click the following link:
And the IP comes out as New Zealand.
So, should I change my password or what?

Whether someone trolling or you exposed your email somewhere. Another possibility is that the link you received is forwarding you to a phishing site.
Change your password if you want in your profile here.

You don't need anything other than the username to request a new password for an account. This means that I can use 'forgot password' function for any account in the forum without needing to provide any special information (not even the account email).

So changing your password shouldn't be necessary.

I got the same e-mail about two days ago, but I wasn't sure exactly what it was referring to--either a new feature notification or that someone had actually tried to crack my password using the "forgot password" option.  Now I'm assuming that the e-mail I got means the latter.  Interesting. 

Gee, why would anyone want to hack me? :-*

Well you know, who doesn't want to broke your pharmacy :P
http://i.dailymail.co.uk/i/pix/2016/01/22/02/3072327B00000578-0-image-a-45_1453431225401.jpg

---

/srs : I fail to understand why retrieving your password by entering your username is enabled. Email is sufficient and more secure.

What if you can't remember the email address you used?

Though I agree this process could be improved, because even still the user will have to check every email acccount for the email.

For example a better process would be, user enters their username, website shows the user the first few characters of the email and domain ( such as una******@gma**.com) and asks them to enter the full email before sending the reset email. Whether the email is correct or not, you display the same message such as "If that is the correct email address a reset email will be sent to it". Though the problem here is you risk exposing the users email address (such as in my example the you could easily guess the email is unabomber@gmail.com) however it is the process that most of the big websites are using right now and seems like a fairly good balance between security and usability.

The worst addicts are the ones who have the keys to those kinds of safes already.  LOL.  Nevertheless, I'm not worried about some pharmaceuticals getting yoinked from me.  Scammers could probably pull off some serious shenanigans if they were able to access my account--and then I'm sure no one would believe me when I said I got hacked, because I'm so cynical about those claims.  Could be an ugly situation for me.

Not saying my password is uncrackable, but it's fairly strong and I'm confident I'm not going to get hacked.  And I don't respond to phishing things or download weird programs.  I'd advise everyone to adhere to those things as well.  I think that's how a lot of people get hacked.

It can be someone play for fun, also. They know will need the link that sent to email to change an account password, but they haven't access to user email that they tried to reset, then what they expect, right?

---

And also, don't use the same password for the different account, moreover same as email password. Because sometimes, people have a secure password (let's say alphanumeric) and using it for a few accounts including email. Imagine when one of that account is on weak sites. Bang....!!!  :'(

This is just my suggestion though, but could theymos make the forgot password more secure by requiring users to provide other information first besides username? That way, situations like what OP experienced will be lessened. Also I think the forum users would be safer if the forum will have a 2fa authentication feature where users can opt to use it to make accounts less prone to hacking.

I would change my password if I were you, but definitely not from the link provided by the anonymous person, change it directly from the forum. And like others have said, hide your email. And besides, it's not every link you see on the forum that you should click on. Some users are only here to monitor many user's activities and hack accounts since the new system makes it hard for them to rank up. 

Seems, it has been long time since you're not change the password, it would be better by this case you will change it .
Go to Your Forum Profile > Account Related Settings > Choose password

Maybe someone jealous with your account jeez :D

Yeah, I think people just use the forgot password option and it sends you an email. Normally, you do not have to do a thing I believe, but it makes you uneasy.

I think someone tried to play with your account so i think you dont have to change your password but if you think that you have used this password somewhere else then better to change the password this is for your safety as if you have used the same email some where else so they tried to open your account.

Now you have your excuse to change password.

#Votedigaran.

In my opinion, this is not something big to worry about. One can easily find emails used for registering on this forum even if you have not shared it in public. There are tools for this which can automatically check thousands of emails. One can easily send the password reset also as it just requires them to enter the email.


If you see someone doing this repetitively, you may consider changing the email. This way he will not be able to annoy you by sending same password reset link on the mail again and again.

Just separate next your password in an email address and those accounts that you log in. For example account here in bitcointalk forum you should not be having the same password. Or click any website that asking information or maybe those airdrops they might have the possibility of a scam purposed by entering a phishing site.
You have a right to change your password as long as that you notified here to change your password for a valid reason.

yes, you need to change your password now, before anyone else uses your account, it would be nice if the email we entered in bitcointalk is valid because if someone else wants to try to log in to your account, there will be a notification because the password was entered incorrectly.

Never use links in a warning email.Go to the website yourself.

OP's email must be valid, cause OP gets some notification (password reset link from this forum) that someone was trying to resetting OP's account password.

Nahh..I think OP didn't need to change the password as well, everyone here also can do it to your account nor everyone account with just use our username.

I hope the new bitcointalk will come out soon and hope this issue will be fixed there. It is very frustating if you got your account hacked, especially in this merit system and the process to get back the account is not that easy and fast.

AFAIK , this forum's password ever got leak so admin told to change the password.
So after the incident, is it necessary to keep changing password periodically ?

I think, too often changing password also fishy. Use a strong password (alphanumeric - didn't relate to you) it's enough. Don't ever use the same password for every account. If possible, don't ever tried to register at "unknown" sites.

@ridertiger : I think it is time to lock this topic, you got the answer and it is up to you to decide what to do.

Good idea! I will go ahead and lock it.