|
Title: Protecting Your Account Post by: LFC_Bitcoin on August 03, 2020, 08:11:04 PM Please, I can’t stress this enough, please make sure the email address set to your account is private.
You may have seen what happened to BitcoinGirl.Club here - https://bitcointalk.org/index.php?topic=5266437.0 This is what I am understanding. Yesterday evening after the poker game, I was doing my usual work. At some point, I was going to check my sportsbet T-shirt update. I was looking for the email sportsbet sent so that I get the link to fill up the form. I saw three emails. One already read. The two new with the update of they are running out of the t-shirts. So I opened one of the email, checked the link and it was taking too long time to load the page. When it was annoyingly late, I closed the tab but my system seemed unexpectedly slow. It happens sometimes and I usually force close the system and restart. I did the same and then started my usual work. When I wanted to login in few of my accounts it always asked me for passwords. Nothing flagged me though. I did not had any 2nd thought. When it was late I gone to bed. Today morning when I wanted to login to bitcointalk discovered everything. Before everything else I knew I had to reset my device which I did. Now I do not have access of the email. All the accounts, exchanges, business, social media, gambling sites everything that had the email are fucked up. I am contacting each of the sites to help me changing the email addresses. I am going through a lot now. In some accounts I have money locked. This will not be a very easy ride for me. Everything fucked!!! I do not deserve it. Thanks whoever you are. I believe the hacker discovered his email address simply by clicking on his profile & discovering the email there & the rest is history. If you haven’t already then follow these steps to make your email address hidden - - Click Profile at the top of your browser - Under Modify Profile on the left click Account Related Settings - Make sure the circled box is ticked (example email address is not mine) https://i.ibb.co/Kr8Mp7W/1-AA2-E5-A0-1-F33-4-C6-C-B732-78-FBB5-D81158.jpg Safe surfing & fuck hackers! Title: Re: Protecting Your Account Post by: Twentyonepaylots on August 03, 2020, 08:29:15 PM Please, I can’t stress this enough, please make sure the email address set to your account is private. Oh man that was really a fucked up situation, imagine getting out of bed in the morning just to know that everything you own is gone tf. I would probably cry like a baby if that happens to me mygoodness.You may have seen what happened to BitcoinGirl.Club here - https://bitcointalk.org/index.php?topic=5266437.0 This is what I am understanding. Yesterday evening after the poker game, I was doing my usual work. At some point, I was going to check my sportsbet T-shirt update. I was looking for the email sportsbet sent so that I get the link to fill up the form. I saw three emails. One already read. The two new with the update of they are running out of the t-shirts. So I opened one of the email, checked the link and it was taking too long time to load the page. When it was annoyingly late, I closed the tab but my system seemed unexpectedly slow. It happens sometimes and I usually force close the system and restart. I did the same and then started my usual work. When I wanted to login in few of my accounts it always asked me for passwords. Nothing flagged me though. I did not had any 2nd thought. When it was late I gone to bed. Today morning when I wanted to login to bitcointalk discovered everything. Before everything else I knew I had to reset my device which I did. Now I do not have access of the email. All the accounts, exchanges, business, social media, gambling sites everything that had the email are fucked up. I am contacting each of the sites to help me changing the email addresses. I am going through a lot now. In some accounts I have money locked. This will not be a very easy ride for me. Everything fucked!!! I do not deserve it. Thanks whoever you are. I believe the hacker discovered his email address simply by clicking on his profile & discovering the email there & the rest is history. If you haven’t already then follow these steps to make your email address hidden - - Click Profile at the top of your browser - Under Modify Profile on the left click Account Related Settings - Make sure the circled box is ticked (example email address is not mine) https://i.ibb.co/Kr8Mp7W/1-AA2-E5-A0-1-F33-4-C6-C-B732-78-FBB5-D81158.jpg Safe surfing & fuck hackers! This is why I'm using some alternative email addresses and I got a copy of them in an offline excel sheet, just making sure that no one else can touch it, I recommend doing this especially if you have many accounts on different website and platforms. Follow the steps on how to hide you email address in the forum, everyone is a target Title: Re: Protecting Your Account Post by: dkbit98 on August 03, 2020, 09:21:12 PM Unfortunate to see this happening.
I had some fools tried to hack my profile several times, and I made a topic for one of them: How Scammer tried to Hack my Bitcointalk and how to Protect yourself? (https://bitcointalk.org/index.php?topic=5173531) It is also good to learn more about phishing and pass few tests: [LEARN] Phishing Quizzes - Beginners & Experts (https://bitcointalk.org/index.php?topic=5178375) I would suggest anyone to avoid clicking any links in PM or in emails and double check senders address. Stay safe! Title: Re: Protecting Your Account Post by: Zicadis on August 03, 2020, 10:37:43 PM I've personally set a fake email for my account, that way even if they do discover it, it can't be used to reset my password.
If you use this method, just make sure the domain can't be bought, since that way they could just create the email and reset it that way. Something like randomemail@J.X2 would work. Basically anything that the system recognizes as a valid email domain, but isn't actually possible to buy (e.g. no such subdomain exists). Be careful using this method though. If someone gains access to your password you're completely f*cked. Title: Re: Protecting Your Account Post by: LTU_btc on August 03, 2020, 10:42:14 PM I had my email address shown public on my profile. It's not my main email, I don't use it for exchanges and other important things. But probably it's not smart to show it in public, so I just hide it after I read this post. It's not just about security - email shown in public means that will get lot of spam.
Hate to see what happened to Pamoldar. I just hope that hacker wasn't able to touch his funds on exchanges or other significant damage. Title: Re: Protecting Your Account Post by: PrimeNumber7 on August 03, 2020, 10:55:08 PM I believe the hacker discovered his email address simply by clicking on his profile & discovering the email there & the rest is history. Either the setting was changed since then, their email leaked from one of many database leaks of bitcoin related services, or someone knew their email address some other way. Title: Re: Protecting Your Account Post by: sheenshane on August 03, 2020, 10:58:07 PM This is the best recommendation, hiding your email address for your account protection.
I saw BitcoinGirl.Club has a thread on gambling if I'm not mistaken that was related to T-shirt design. Probably Pam has the practice to have a notification in every thread he has and I think the notification was directly sent to your email address which that option I dont like. Why not use a telegram bot notification instead, and TryNinja was made it(the @BTTSuperNotifier_bot (https://bitcointalk.org/index.php?topic=5248878.0) ) and has a feature to notify us through telegram. I think that is safe than clicking notification through your email address used. Extra careful upon handling our accounts, treat this as one of your valuable stuff if you value your account. So far, I never change password and I never visit my email address. Title: Re: Protecting Your Account Post by: Harlot on August 03, 2020, 11:44:25 PM It was long time since I checked the hide email option but isn't this checked already as a default option when your profile is visited? If it's not then I think it is a goode idea to have hide the email option checked as default so things like this won't happen more often. It seems likein BitcoinGirl.club's case the email he was using was also their business and at the same time the email of his Bitcointalk account. So maybe for people who wanted to be contacted for marketplace purposes I think it's a good idea to use a different email not connected to any accounts so you lessen the risk of this happening.
Title: Re: Protecting Your Account Post by: The Sceptical Chymist on August 03, 2020, 11:47:59 PM Extra careful upon handling our accounts, treat this as one of your valuable stuff if you value your account. So far, I never change password and I never visit my email address. Agree with the bolded part above 100%, and that sucks nuts that BitcoinGirl.Club got hacked like that.I would probably cry like a baby if that happens to me mygoodness. I probably would as well, and it would drive me insane trying to undo whatever damage had been caused by the hack, plus I'd probably be paranoid as hell for an indeterminate amount of time. I've had my e-mail address in my BCT profile hidden for as long as I can remember, but I changed my e-mail address to a throwaway one just now. OP, I appreciate you creating this thread. Even though I was apparently safe, it's a good thing to let the community know about things like this that they might not even think twice about, especially newbies who might not be aware of how many hackers and scammers there are in the cracks and under the floorboards of the forum. Title: Re: Protecting Your Account Post by: Lafu on August 04, 2020, 01:15:00 AM Please, I can’t stress this enough, please make sure the email address set to your account is private. Yeah should be a must for every User and i have done that since i am here at the first day !Sad to hear and readed a bit of the Account that got hacked. You can also check if your email was on a data breach here : https://haveibeenpwned.com/ (https://haveibeenpwned.com/) Safe surfing & fuck hackers! I agree with you on that fully Title: Re: Protecting Your Account Post by: mikeywith on August 04, 2020, 01:27:34 AM Quote I believe the hacker discovered his email address simply by clicking on his profile & discovering the email there & the rest is history. But what does this have to do with their email getting hacked? While it's wise not to reveal your email when not needed - revealing your Email address isn't a direct threat to its security. Email addresses should be hidden for privacy rather than security, Email addresses are not meant to stay private or secretly buried in your back yard, they are a just like your public key in bitcoin, your duty is PROTECT the private key/ password. Every day a few websites get hacked and hackers obtain all sort of email addresses from their databases, the chances that at least 1 hacker knows your Email address are pretty HIGH, so hiding them doesn't do much if they are not secured enough, honestly, with today's security's feature it's freaking hard to gain access to an Email address which is "mildly" secured if you use 1- A strong password 2- Multi-factor authentication 3- Different emails for different purposes Also DO NOT 1- Use a similar email password to sing-up to any forum/website. 2- Don't use unkown email provider. Title: Re: Protecting Your Account Post by: xhomerx10 on August 04, 2020, 01:42:28 AM Quote I believe the hacker discovered his email address simply by clicking on his profile & discovering the email there & the rest is history. But what does this have to do with their email getting hacked? While it's wise not to reveal your email when not needed - revealing your Email address isn't a direct threat to its security. Email addresses should be hidden for privacy rather than security, Email addresses are not meant to stay private or secretly buried in your back yard, they are a just like your public key in bitcoin, your duty is PROTECT the private key/ password. Every day a few websites get hacked and hackers obtain all sort of email addresses from their databases, the chances that at least 1 hacker knows your Email address are pretty HIGH, so hiding them doesn't do much if they are not secured enough, honestly, with today's security's feature it's freaking hard to gain access to an Email address which is "mildly" secured if you use 1- A strong password 2- Multi-factor authentication 3- Different emails for different purposes Also DO NOT 1- Use a similar email password to sing-up to any forum/website. 2- Don't use unkown email provider. I think it is a direct thread in that it enables spear phishing (https://usa.kaspersky.com/resource-center/definitions/spear-phishing). People can read your posts and use that information to tailor an e-mail to you personally. If it looks familiar enough and your guard is down, you'll end up being pwned. People can use PMs to contact you here and if you really want to, you can give individuals your e-mail address as required. Title: Re: Protecting Your Account Post by: krishnaverma on August 04, 2020, 04:27:06 AM You have posted a nice suggestion for members. Those who have not done this till now should use this option but there can be workarounds to find the email even if someone hides it now.
One case I can think of is that someone is interested in hacking the profile of a particular username, he will look for all details using archive.org. Even him someone hides his details now, if he used to show email earlier, it might be revealed using that tool. There are other ways to know the email as well. One of the ways, I think I even reported to theymos few months back. Title: Re: Protecting Your Account Post by: libert19 on August 04, 2020, 05:06:32 AM Although, hidden email address helps to certain extent. The security to your email itself matters more. 2fa, strong password and try not to link mobile number to it. Sim jacking is very real.
Title: Re: Protecting Your Account Post by: OcTradism on August 04, 2020, 10:52:17 AM People usually do not pay attention on security and privacy before their account is hacked or lost. Forum account: security, privacy, and recovery (https://bitcointalk.org/index.php?topic=5261696.0). This hack is a good lesson to attract more members to read my thread.
As far as I know, default after account creation, email is hidden. It is only be activated to show if member decide to show it. Anyhow, if people did it in the past, now they can check and hide it again. It is never too late to do so. Also, can check [Guide] How to know if your email address was part of any data breach. (https://bitcointalk.org/index.php?topic=5201569.0) I see some people who are company owner or community manager publicly shows email address. They likely beware of risks and having a strong password is one of good thing. If not, check that thread [GUIDE] How to Create a Strong/Secure Password (https://bitcointalk.org/index.php?topic=5132378.0) Title: Re: Protecting Your Account Post by: fillippone on August 04, 2020, 02:17:46 PM Very nice reminder.
Security practices are always welcome, even if they look basic like this one, they might be useful for someone else: staying safe is difficult, but mainly it's a matter only to marginally increment your level of security, so that a sloppy attacker gets blocked before passing to his next customer. <...> 2- Multi-factor authentication Regarding 2FA it's always a two edged sword giving a false sense of security: there is no security advantage setting up a 2FA on your mobile while you access your website with the very same mobile. 2FA should be enabled, for critical services, on a different mobile or computer the one you are using to access such service. Regarding a true horror story: Privacy at risk using mobile phones. Not only Bitcoin-related. (https://bitcointalk.org/index.php?topic=5184282) Title: Re: Protecting Your Account Post by: LTU_btc on August 04, 2020, 09:03:31 PM I just want to add my 2
Hacker was able to reach not only Bitcointalk account, but also my email too. Back then I didn't care about security much. I used average short passwords just because it's more convenient. 2FA? Why, who needs it. I just was sure that it won't happen too me because I'm not dumb and I don't visit phishing websites or click unknown links in email. But then I learned from my mistake. So, better safe than sorry. Though, even with all precautions, there is no guarantee that someone will not hack you, what story with Twitter shows. Title: Re: Protecting Your Account Post by: LFC_Bitcoin on August 05, 2020, 09:41:11 AM I just want to add my 2 Hacker was able to reach not only Bitcointalk account, but also my email too. Back then I didn't care about security much. I used average short passwords just because it's more convenient. 2FA? Why, who needs it. I just was sure that it won't happen too me because I'm not dumb and I don't visit phishing websites or click unknown links in email. But then I learned from my mistake. So, better safe than sorry. Though, even with all precautions, there is no guarantee that someone will not hack you, what story with Twitter shows. Happy to see you learned from your mistake. Did you suffer from it financially, did they get any money off you? I’ve never been hacked but I’ve been the victim of credit card fraud 3 times now. Luckily my banks fraud department stopped 2 of them but had to wait a while to be reimbursed on one of them. Title: Re: Protecting Your Account Post by: LTU_btc on August 05, 2020, 10:41:46 AM Happy to see you learned from your mistake. Did you suffer from it financially, did they get any money off you? I’ve never been hacked but I’ve been the victim of credit card fraud 3 times now. Luckily my banks fraud department stopped 2 of them but had to wait a while to be reimbursed on one of them. Fortunately, hacker wasn't able to take my money. He managed to login to one of my exchange account and tried to withdraw money. But there was SMS verification for withdrawals enabled, so it protected me from bigger problems. I still don't know how exactly he managed to hack me, where was my main mistake. But I really learned from it. Now I use strong and different passwords everywhere, have 2FA enabled and taking other precautions.Title: Re: Protecting Your Account Post by: LFC_Bitcoin on August 05, 2020, 10:59:20 AM Happy to see you learned from your mistake. Did you suffer from it financially, did they get any money off you? I’ve never been hacked but I’ve been the victim of credit card fraud 3 times now. Luckily my banks fraud department stopped 2 of them but had to wait a while to be reimbursed on one of them. Fortunately, hacker wasn't able to take my money. He managed to login to one of my exchange account and tried to withdraw money. But there was SMS verification for withdrawals enabled, so it protected me from bigger problems. I still don't know how exactly he managed to hack me, where was my main mistake. But I really learned from it. Now I use strong and different passwords everywhere, have 2FA enabled and taking other precautions.Yeah, I use nonsense passwords, I figure it’d be pretty fucking tough to get me. I use an email used for nothing else too. Title: Re: Protecting Your Account Post by: lovesmayfamilis on August 05, 2020, 12:19:19 PM It is always very difficult to admit that you could have avoided theft if you had been vigilant in advance. But it happens, you only have to learn from your mistakes.
I don’t want to be boring saying it that it could be done this way, or so. But in this case, it is really a mistake to have mail that does multiple tasks. That is, it has to do with finance and the forum. Regarding 2FA it's always a two edged sword giving a false sense of security: there is no security advantage setting up a 2FA on your mobile while you access your website with the very same mobile. 2FA should be enabled, for critical services, on a different mobile or computer the one you are using to access such service. Now the question. If I have a very good password in my mail that is difficult to crack, and I have 2FA, if I log in from another IP, I receive SMS notifications, isn't that enough? And also the mail that is tied to the forum is not used anywhere else. Title: Re: Protecting Your Account Post by: Twentyonepaylots on August 05, 2020, 07:16:52 PM Now the question. If I have a very good password in my mail that is difficult to crack, and I have 2FA, if I log in from another IP, I receive SMS notifications, isn't that enough? And also the mail that is tied to the forum is not used anywhere else. Yeah I guess having 2FA is enough for more of a security to your email, even me I use this, it sends me a notification every time I'm logging in, trying to change my password, detect unknown devices and has my 8 number code offline security. I guess this is enough for protecting your email. The email I used to this forum is protected also, it has a different sim card in my drawer for 2FA :DTitle: Re: Protecting Your Account Post by: ChiBitCTy on August 05, 2020, 09:21:35 PM Thanks for the security reminder! (Just an FYI to everyone who may not be aware, also take away any cell phone numbers you may have listed on your email accounts. This is what gives hackers the ability to sim-swap).
Title: Re: Protecting Your Account Post by: Latviand on August 06, 2020, 04:50:25 AM I've personally set a fake email for my account, that way even if they do discover it, it can't be used to reset my password. If you use this method, just make sure the domain can't be bought, since that way they could just create the email and reset it that way. This is the thing that I'm talking about, using fake email address so whenever the hackers tried to steal my email, they will become fooled by this. We all know that privacy and security is the number one thing to protect and strengthen when we use a platform such as like this forum. You are responsible with your own account so it depends on you on how will you make your security strong enough to defend yourself from those hacks and scams that may attack you out of nowhere. Just work on how you will safely access the forum without fear of losing your account, be confident and protect your account at all times. Title: Re: Protecting Your Account Post by: jademaxsuy on August 07, 2020, 03:51:17 AM I had not been protecting my account ever since and they can hack this account anytime. I have no worries about it for I can still make a new one here. Anyway, I can get merit if I wanted to even just for member in rank. But, I am not that confident though to reach that rank but still it could be attainable. But I am not after for the rank, the best thing to be here in the forum is to learn from others and reading news about bitcoin. There are other users posting on successful story about bitcoin and there so much we can learn about them. Promoting projects is not really a priority but it can be like an incentives of course for letting the project pays you.
Title: Re: Protecting Your Account Post by: samputin on August 07, 2020, 07:41:02 AM After reading the op, I immediately checked whether my email address here is hidden as stated. Good thing it is 'cause it's been a long time since I checked if my email is seen in public or not. It's not the email I use for important things, though, but I prefer for it to stay hidden just to be sure. I have multiple email accounts; one email for work; another for things involving money; and another for other purposes.
Gosh. Hackers are really everywhere. Let's always stay safe, everyone. Title: Re: Protecting Your Account Post by: lovesmayfamilis on August 07, 2020, 08:22:31 AM I had not been protecting my account ever since and they can hack this account anytime. I have no worries about it for I can still make a new one here. Anyway, I can get merit if I wanted to even just for member in rank. But, I am not that confident though to reach that rank but still it could be attainable. But I am not after for the rank, the best thing to be here in the forum is to learn from others and reading news about bitcoin. There are other users posting on successful story about bitcoin and there so much we can learn about them. Promoting projects is not really a priority but it can be like an incentives of course for letting the project pays you. You are brave enough, and yes, your email is visible to all users. It is possible that you can easily create a second and third account, earn merit. But you do not take into account a certain point. Each of us here on the forum values our reputation. If your account is hacked, then many fraudulent activities can occur on your behalf (for example, a recent story with Twitter) Agree, it's easier to tick a box and hide your email than to regret and prove something afterward. Title: Re: Protecting Your Account Post by: minairia3 on August 07, 2020, 11:14:23 AM I had not been protecting my account ever since and they can hack this account anytime. I have no worries about it for I can still make a new one here. Anyway, I can get merit if I wanted to even just for member in rank. e for letting the project pays you. The OP is not concern only on the account here in forum but also the security of every users by not showing off important details on the profile section that comprises of personal email, birthdate, social account displayed in the profile section. Like there is a guy who posted last few weeks almost all his personal identity so everyone warned him about his data.If you dont care about your account then thats not a good atittude. Since you made an account here, you must have a sense of responsibility to protect it even you dont like. Title: Re: Protecting Your Account Post by: FIFA worldcup on August 07, 2020, 04:38:08 PM After reading the op, I immediately checked whether my email address here is hidden as stated. Good thing it is 'cause it's been a long time since I checked if my email is seen in public or not. It's not the email I use for important things, though, but I prefer for it to stay hidden just to be sure. I have multiple email accounts; one email for work; another for things involving money; and another for other purposes. Gosh. Hackers are really everywhere. Let's always stay safe, everyone. Hackers are always there to exploit any loop holes or any negligence from us. Hiding the email will certainly prevent the hackers from accessing the account in one way. Also it has been emphasized many time to use 2fa in email and do not disclose your email address on which you have important banking or exchanges account. Title: Re: Protecting Your Account Post by: casperBGD on August 08, 2020, 09:08:22 PM thanks for sharing this, i have checked in my profile, and it was already checked, probably that is a default setting, nevertheless one should check because it is rather important to stay safe online
|
