|
Title: CEX.IO user just got hacked. User loses $7000 USD Post by: Mentaso on December 09, 2013, 07:52:19 PM Just when we get emails from CEX.IO that they have great security, this dude gets his account hacked and all his GHS gets converted to Bitcoin and withdrawn.
Title: Re: CEX.IO just got hacked. User loses $7000 USD Post by: grue on December 09, 2013, 07:54:32 PM Quote The account holder had a randomly generated password which would have been difficult to Brute Force, so there is a very good possibility that the hacker has access to the database. With all due credit, CEX.IO does have 2 stage authentication which the user could not access as he did not have a smart phone to perform the security. So far, no comment fro CEX.IO or his computer was keylogged, which is far more likely because there's no large number of hack incidents.Title: Re: CEX.IO just got hacked. User loses $7000 USD Post by: DeathAndTaxes on December 09, 2013, 07:56:31 PM So no 2FA and limited to a single account and your conclusion is it must be someone with access to the database? Unless CEX is utterly incompetent passwords are stored hashed so a long random password would be beyond brute force even if the password table was leaked.
It is far more likely the attacker stole the password from the users computer (keylogger) but then again who needs facts. Note I have been highly critical of CEX and the insane prices for hashpower but a spade is a spade and your article is weak. Title: Re: CEX.IO just got hacked. User loses $7000 USD Post by: rayfloyd on December 09, 2013, 08:01:11 PM Very misleading title, FUD.
"Streets of the wolrd unsecure, someone got hit today!" Title: Re: CEX.IO just got hacked. User loses $7000 USD Post by: crazy_rabbit on December 09, 2013, 08:25:29 PM Could a mod please change the title to "Maleware/user error leads to theft. Again."
Title: Re: CEX.IO just got hacked. User loses $7000 USD Post by: Mentaso on December 09, 2013, 08:34:19 PM I dont think malware of keylogger could have accessed a password management tool... Is that possible?
His security setup 1. Password management software randomly generated a 10 plus digit password, using numbers, letters, Caps, no Caps, special characters 2. At no time was the password every keyed in. This eliminates the "key-logger" issue 3. The password was never used elsewhere and was unique to this one account. Title: Re: CEX.IO user just got hacked. User loses $7000 USD Post by: tysat on December 09, 2013, 08:34:41 PM Updated title and moving to the correct section!
Title: Re: CEX.IO user just got hacked. User loses $7000 USD Post by: Micky25 on December 09, 2013, 08:45:10 PM so without a smartphone you can't use 2FA? Ohkay, wonder how it works for me all the time.
No offense, but the whole story sounds like complete BS to me. Title: Re: CEX.IO user just got hacked. User loses $7000 USD Post by: escrow.ms on December 09, 2013, 08:48:45 PM I dont think malware of keylogger could have accessed a password management tool... Is that possible? His security setup 1. Password management software randomly generated a 10 plus digit password, using numbers, letters, Caps, no Caps, special characters 2. At no time was the password every keyed in. This eliminates the "key-logger" issue 3. The password was never used elsewhere and was unique to this one account. Formgrabber 1 : Security 0 :) Title: Re: CEX.IO user just got hacked. User loses $7000 USD Post by: cnblue on December 10, 2013, 04:35:22 AM if that person really got hacked where is the detail of the information? screenshot ?
and detail about him contacting support? and what the support did about it? i think this is a bogus story. i wonder how "DeathAndTaxes" know that person didnt had 2FA on. maybe he did, maybe he didnt. he havnt hearing anything other than he lost his money. again this rumor on reddit was just trying to attract traffic. my 2 cents. i know people who have over 100BTC on Cex.io for months on trading. my first incident i had with CEX.io was my withdraw problem. i try to withdraw. its say i didnt had enough fund to withdraw when i did. i contact support and they fixed it within 24hrs. my second incident when i successful withdraw fund, i waited 24hrs and the funds wasn't transfered yet. it say it was transfer from my history but i never got it. i contact support they took care of it within 12hrs. :) so far only good experience from cex.io Title: Re: CEX.IO user just got hacked. User loses $7000 USD Post by: daudi123miner on April 04, 2014, 06:12:38 PM I am a new miner.
I Have a Question. what does it mean when you keep getting message from the [CEX.IO] stating "Successful authorization" with a time stamp like - 2014-04-04 17:37 (GMT) and your IP address? should I be worried? |