Title: Potential Gambling Site Leak Post by: dogedice.me on October 19, 2018, 05:24:28 PM BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful.
We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community. As always, BitDice protects your account by verifying unknown logins to help secure your account. Title: Re: Potential Gambling Site Leak Post by: Mirae on October 19, 2018, 05:26:57 PM thats bad to hear
maybe implement a 2fa system ? Title: Re: Potential Gambling Site Leak Post by: BoXXoB on October 19, 2018, 05:28:11 PM thats bad to hear maybe implement a 2fa system ? We have 2FA and email confirmation on login. Issue wasn't on our end. Title: Re: Potential Gambling Site Leak Post by: actmyname on October 19, 2018, 05:28:18 PM thats bad to hear Did you happen to read the post?maybe implement a 2fa system ? As always, BitDice protects your account by verifying unknown logins to help secure your account. Title: Re: Potential Gambling Site Leak Post by: Mirae on October 19, 2018, 05:35:57 PM thats bad to hear Did you happen to read the post?maybe implement a 2fa system ? As always, BitDice protects your account by verifying unknown logins to help secure your account. Title: Re: Potential Gambling Site Leak Post by: annuts on October 19, 2018, 05:41:30 PM They're probably using the various leaks publicly available.
Check to see if you're affected here: https://haveibeenpwned.com/ Title: Re: Potential Gambling Site Leak Post by: dantee1 on October 20, 2018, 09:16:08 AM This is scary. In this industry, some wicked operators are actively trying to undermine other operators business interests. That's not a healthy way to compete.
Spend that useful time to build your customer base, improve in your customer support, make your payouts more efficient, etc. Rather than focusing on undermining other people's business Title: Re: Potential Gambling Site Leak Post by: s0lidus on October 20, 2018, 09:58:58 AM ~..snip..~ i was talking in general (all gambling websites) All known gambling websites have 2FA option afaik, but A LOT of users are either lazy or simply too stupid to enable extra security on their accounts. And many of them use same passwords for all their online profiles. ALWAYS enable 2FA on accounts where money is stored/involved. @OP: Thanks for notifying the community. Title: Re: Potential Gambling Site Leak Post by: BTCevo on October 20, 2018, 12:23:04 PM thats bad to hear Did you happen to read the post?maybe implement a 2fa system ? As always, BitDice protects your account by verifying unknown logins to help secure your account. But most of the gambling site now are using 2FA, there is no any single site that do not have 2FA protection. If that site exist, I do not think anyone are bothering to play on their site,because 2FA is the best protection for the current time. If it happens your account get be hacked when you already put the 2FA then there must be something wrong with the account because I have this problem before and the result I got hacked some amount on that site Title: Re: Potential Gambling Site Leak Post by: babo on October 20, 2018, 12:36:01 PM thats bad to hear maybe implement a 2fa system ? 2fa, for example fido network, is really easy to implement Is ten rows of code Or can implement another poor method, like time based confirmation Title: Re: Potential Gambling Site Leak Post by: Patatas on October 20, 2018, 12:41:44 PM BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful. You might as well want to figure out where these email addresses are coming from and inform their respective website owners? Ofcourse it's hard to figure that out but putting it online maybe help service see if majority of them are used in their databases.We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community. As always, BitDice protects your account by verifying unknown logins to help secure your account. thats bad to hear As usual, merit beggars being blind as fuck.maybe implement a 2fa system ? thats bad to hear Did you happen to read the post?maybe implement a 2fa system ? As always, BitDice protects your account by verifying unknown logins to help secure your account. Title: Re: Potential Gambling Site Leak Post by: carlfebz2 on October 20, 2018, 01:03:20 PM thats bad to hear Did you happen to read the post?maybe implement a 2fa system ? As always, BitDice protects your account by verifying unknown logins to help secure your account. Back into topic, this is why I don't really use up my main email when using up any websites neither gambling sites or other ones because leakage can happen and also using up different and strong passwords is recommended.We wont able to find out on where those leaks came from. Title: Re: Potential Gambling Site Leak Post by: veleten on October 20, 2018, 02:20:33 PM BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful. We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community. As always, BitDice protects your account by verifying unknown logins to help secure your account. this has been happening for quite some time my email that is used for registration at some secondary exchanges and casinos has been receiving dozens of failed authorization attempts reports seems like one of the sites has leaked its database or I managed to register at a semi-rogue exchange/casino specifically designed to get cryptousers e-mails and then attempting to bruteforce accounts Title: Re: Potential Gambling Site Leak Post by: crairezx20 on October 20, 2018, 02:22:32 PM It's a bad sign they must be aware of this leak.
He's merit begging, you might as well leave him a negative. Check his merit history. Still lucky that his still having no -VE yet its obvious on that merit abuse. Checking Dice-bet giving out merits?Back into topic, this is why I don't really use up my main email when using up any websites neither gambling sites or other ones because leakage can happen and also using up different and strong passwords is recommended.We wont able to find out on where those leaks came from. Title: Re: Potential Gambling Site Leak Post by: carlfebz2 on October 20, 2018, 02:39:30 PM It's a bad sign they must be aware of this leak. Shouldnt we put that 2fa thing to be a standard security of our accounts? Its easy as 1,2,3 to set it up but people do still fail and they would only realize when its too late.He's merit begging, you might as well leave him a negative. Check his merit history. Still lucky that his still having no -VE yet its obvious on that merit abuse. Checking Dice-bet giving out merits?Back into topic, this is why I don't really use up my main email when using up any websites neither gambling sites or other ones because leakage can happen and also using up different and strong passwords is recommended.We wont able to find out on where those leaks came from. Title: Re: Potential Gambling Site Leak Post by: shield132 on October 21, 2018, 09:28:02 AM BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful. Will publishing be a right idea? What about to warn users with leaked emails on your website? Because they may try to spam emails and you may know social engineering still works, especially in older people.We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community. As always, BitDice protects your account by verifying unknown logins to help secure your account. I think leak comes from famous bitcoin gambling websites, if you contact some of them and randomly send 10 email or even list, we may possibly know who has problems because not only your but other users will be in trouble too. Title: Re: Potential Gambling Site Leak Post by: beerlover on October 22, 2018, 07:56:42 AM Considering gambling casinos are also sort of work like wallets (people deposit their money there and sometimes they withdraw but there are times when a gambler just keeps his money in the casino instead of withdrawing all the time) this is actually worse than it looks like. Yeah, someone taking control of your casino account doesn't seem THAT bad when you consider whats the worst thing they can do deposit and gamble ?
But, don't forget they will have your wallet and if you have money in it than they can withdraw it plus they will have your email address and the password for that and if you have password same with any other place they could potentially try that email/password combo in any website, they could literally write a code that says try this email/password combo in all of these websites and let me know if any of them gets inside and it would take 10 seconds to check hundreds of websites. It is really dangerous and has insane potentially horrible stories. Be really careful about this. Title: Re: Potential Gambling Site Leak Post by: Juggy777 on October 22, 2018, 11:29:10 AM BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful. We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community. As always, BitDice protects your account by verifying unknown logins to help secure your account. This is sad news and what makes it worst the site has not come clean to it's users which puts their users to more risk. I'll agree with the advice one should use distinct passwords, as we have seen in the past they get one password and they can hurt you a lot financially. It's important to note sites using http or not using ssl is a must avoid these days, also using your password on a public or free wifi is a very bad idea. Title: Re: Potential Gambling Site Leak Post by: eternalgloom on October 22, 2018, 11:47:33 AM People should really be using a decent password manager that creates random strong passwords.
Different ones for every site you use. Also, don't just blindly trust 2FA, because there are definitely ways around that (depending on what kind of 2FA the website uses) I can definitely recommend Keepass, which is an awesome open-source password manager. https://keepass.info/ 2FA with a mobile phone number is insecure and you don't know what they use your phone number for. Just look at what Facebook did with phone numbers it collected for their 2FA, sold them to advertisers... (source (https://techcrunch.com/2018/09/27/yes-facebook-is-using-your-2fa-phone-number-to-target-you-with-ads/)) This article is pretty interesting, it lists all the pros and cons of different 2FA methods: https://www.makeuseof.com/tag/pros-cons-2fa-types-methods/ Title: Re: Potential Gambling Site Leak Post by: BTCevo on October 23, 2018, 03:00:48 PM People should really be using a decent password manager that creates random strong passwords. Different ones for every site you use. Also, don't just blindly trust 2FA, because there are definitely ways around that (depending on what kind of 2FA the website uses) I can definitely recommend Keepass, which is an awesome open-source password manager. https://keepass.info/ 2FA with a mobile phone number is insecure and you don't know what they use your phone number for. Just look at what Facebook did with phone numbers it collected for their 2FA, sold them to advertisers... (source (https://techcrunch.com/2018/09/27/yes-facebook-is-using-your-2fa-phone-number-to-target-you-with-ads/)) This article is pretty interesting, it lists all the pros and cons of different 2FA methods: https://www.makeuseof.com/tag/pros-cons-2fa-types-methods/ Strong password and 2FA of course needed to make your account secure. But to think that by putting 2FA will make your account insecure, how this thing is possible? Many people already know 2FA and have beend used it for so long and it never has any issue with it and by using keepass it will only give us and extra security towards our account so it is depends on players as well whether they are going to use it or not since not everyone are familiar with coding thing Title: Re: Potential Gambling Site Leak Post by: crairezx20 on October 23, 2018, 04:31:02 PM People should really be using a decent password manager that creates random strong passwords. Different ones for every site you use. Also, don't just blindly trust 2FA, because there are definitely ways around that (depending on what kind of 2FA the website uses) I can definitely recommend Keepass, which is an awesome open-source password manager. https://keepass.info/ 2FA with a mobile phone number is insecure and you don't know what they use your phone number for. Just look at what Facebook did with phone numbers it collected for their 2FA, sold them to advertisers... (source (https://techcrunch.com/2018/09/27/yes-facebook-is-using-your-2fa-phone-number-to-target-you-with-ads/)) This article is pretty interesting, it lists all the pros and cons of different 2FA methods: https://www.makeuseof.com/tag/pros-cons-2fa-types-methods/ Strong password and 2FA of course needed to make your account secure. But to think that by putting 2FA will make your account insecure, how this thing is possible? Many people already know 2FA and have beend used it for so long and it never has any issue with it and by using keepass it will only give us and extra security towards our account so it is depends on players as well whether they are going to use it or not since not everyone are familiar with coding thing Using any 3rd party software your account can be compromised so I suggest to better memorize the password and use google 2fa is enough to keep your account safe. Title: Re: Potential Gambling Site Leak Post by: veleten on October 26, 2018, 11:41:54 AM People should really be using a decent password manager that creates random strong passwords. Different ones for every site you use. Also, don't just blindly trust 2FA, because there are definitely ways around that (depending on what kind of 2FA the website uses) I can definitely recommend Keepass, which is an awesome open-source password manager. https://keepass.info/ 2FA with a mobile phone number is insecure and you don't know what they use your phone number for. Just look at what Facebook did with phone numbers it collected for their 2FA, sold them to advertisers... (source (https://techcrunch.com/2018/09/27/yes-facebook-is-using-your-2fa-phone-number-to-target-you-with-ads/)) This article is pretty interesting, it lists all the pros and cons of different 2FA methods: https://www.makeuseof.com/tag/pros-cons-2fa-types-methods/ Strong password and 2FA of course needed to make your account secure. But to think that by putting 2FA will make your account insecure, how this thing is possible? Many people already know 2FA and have beend used it for so long and it never has any issue with it and by using keepass it will only give us and extra security towards our account so it is depends on players as well whether they are going to use it or not since not everyone are familiar with coding thing Using any 3rd party software your account can be compromised so I suggest to better memorize the password and use google 2fa is enough to keep your account safe. literally every piece of equipment can be compromised keepass is a nice little tool to keep your passwords, also lastpass falls into this category it is way better than storing your passwords on a piece of paper or, god forbid, in a text file spreadsheet passwords sounds like a joke, you think that Google documents are safer than keepass? in any case , 2fa is a must for sites you store money at , gambling sites or exchanges or wallets otherwise using a password manager is fine in most cases, try it - you will like it :) Title: Re: Potential Gambling Site Leak Post by: BTCevo on October 27, 2018, 12:41:24 PM People should really be using a decent password manager that creates random strong passwords. Different ones for every site you use. Also, don't just blindly trust 2FA, because there are definitely ways around that (depending on what kind of 2FA the website uses) I can definitely recommend Keepass, which is an awesome open-source password manager. https://keepass.info/ 2FA with a mobile phone number is insecure and you don't know what they use your phone number for. Just look at what Facebook did with phone numbers it collected for their 2FA, sold them to advertisers... (source (https://techcrunch.com/2018/09/27/yes-facebook-is-using-your-2fa-phone-number-to-target-you-with-ads/)) This article is pretty interesting, it lists all the pros and cons of different 2FA methods: https://www.makeuseof.com/tag/pros-cons-2fa-types-methods/ Strong password and 2FA of course needed to make your account secure. But to think that by putting 2FA will make your account insecure, how this thing is possible? Many people already know 2FA and have beend used it for so long and it never has any issue with it and by using keepass it will only give us and extra security towards our account so it is depends on players as well whether they are going to use it or not since not everyone are familiar with coding thing Using any 3rd party software your account can be compromised so I suggest to better memorize the password and use google 2fa is enough to keep your account safe. Manage all out passwords sounds really good, and it is good for better coding user as well but in the mean time, there are still mant of users that do not understand how to code or familiar with an open source things so I could say, it is better to use 2FA, besides it is not that hard to understand and use either. Scan and done, as simple as that so you do not really need to manage your password that hard |