Title: I forget, was there an email db leak for this forum? Post by: TheButterZone on September 03, 2023, 09:35:08 AM I just got a phishing spam, and as I was viewing the source prior to reporting it to ISPs, I saw a bunch of instances of "bitcointalk" before the @ sign in the To: email addresses. Ended up finding 7 by text search. So it seems these people were using site-specific email addresses; would be weird if they added "bitcointalk" for any other website...
Oop, yes there was https://haveibeenpwned.com/PwnedWebsites#BitcoinTalk & I checked all of them, they all matched as pwned from 2015. Nevermind... Title: Re: I forget, was there an email db leak for this forum? Post by: PrimeNumber7 on September 03, 2023, 10:34:13 AM Yes, one of the prior hacks of the forum leaked the members table, which includes the email address associated with each forum account at the time
Title: Re: I forget, was there an email db leak for this forum? Post by: hosseinimr93 on September 03, 2023, 11:19:18 AM There was an attack in 2011 in which the hacker gained administrative access to the forum. For more information about that attack, visit the topic created by theymos.
Info about the recent attack (https://bitcointalk.org/index.php?topic=42572.0) There was also another attack which happened in 2013 and the attacker may have gained access to email addresses. About the recent attack (https://bitcointalk.org/index.php?topic=306878) Title: Re: I forget, was there an email db leak for this forum? Post by: DYING_S0UL on September 03, 2023, 11:22:52 AM It was mainly because of the attack of 2011 & 2013 where Bitcointalk data got leaked.
Title: Re: I forget, was there an email db leak for this forum? Post by: Mr.right85 on September 03, 2023, 11:54:23 AM There was an attack in 2011 in which the hacker gained administrative access to the forum. For more information about that attack, visit the topic created by theymos. Having to be reminded of these series of attacks haven’t taken place in about 3 occasions based on discoveries on this thread, it leads me to believe the forum isn’t completely safe as I would have liked to believe. Could that be the case?Info about the recent attack (https://bitcointalk.org/index.php?topic=42572.0) There was also another attack which happened in 2013 and the attacker may have gained access to email addresses. About the recent attack (https://bitcointalk.org/index.php?topic=306878) What were the possible entry point for these hackers and What was put in place to prevent future occurrences? Seems probable accounts remains accounts within the 2011/2015 time frame for now. Even then, Bitcointalk haven’t gotten more recognition or interest in the minds of most, how about now! Title: Re: I forget, was there an email db leak for this forum? Post by: LoyceV on September 03, 2023, 02:01:30 PM it leads me to believe the forum isn’t completely safe as I would have liked to believe. Could that be the case? Nothing is completely safe. I guess you needed the wake-up call.Title: Re: I forget, was there an email db leak for this forum? Post by: dzungmobile on September 03, 2023, 02:06:08 PM It was mainly because of the attack of 2011 & 2013 where Bitcointalk data got leaked. The forum was hacked three times, not two times, in 2011, 2013 and 2015.Details in Bitcointalk history of hacks and vandalism (https://bitcointalk.org/index.php?topic=4405796.0) Title: Re: I forget, was there an email db leak for this forum? Post by: elevates on September 03, 2023, 02:29:30 PM I was so surprised to read that user email address got compromised back in those days. In the time of AI and what not, does anyone think that the forum should think about forum version upgrade. I am not a software engineer but I can relate to issues that can come up in the future. For example there is a dedicated thread to detect AI written content. Whereas the mods are still trying to understand such a contents uniquess. In the end it would be a simple to compile a reason.
Title: Re: I forget, was there an email db leak for this forum? Post by: PX-Z on September 03, 2023, 03:57:51 PM So it means you didn't change your email since 2015? Even after the hack? Theymos made a reminder to change account's password coz users might received future spam phishing mails.
As such, you should change your password here and anywhere else you used that same password. You should disable your secret question and assume that the attacker now knows your answer to your secret question. You should prepare to receive phishing emails at your forum email address. Title: Re: I forget, was there an email db leak for this forum? Post by: Nwada001 on September 03, 2023, 08:00:32 PM Some questions are really relevant to a few people like me who are not that old of a member and have not come across some threads that have detailed information regarding some things in the forum past the security bridge, as this has added to the little knowledge I have. Even if I have come across some of the forum details threads, I have not really read this email leakage part.
Leak or no leak I just prepare myself to receive emails from any scammer, provided that I have registered the email someplace. That's why it's good to register some things with just a specific email so that when you get some kind of mail, you know it's spam without even opening it, as you were not even expecting them in the first place. Title: Re: I forget, was there an email db leak for this forum? Post by: franky1 on September 03, 2023, 09:51:41 PM im not worried about the leak. funnily enough i use many email addresses . and the ones for here doesnt get much spam
yet another i used for a popular exchange gets like 12 spam emails a day.. and its a regulated exchange with all the certification of top security... .. the problem is you are more likely to get scam and spam mail from services that sell your data.. not hacked services the main reason is, if companies are paying for data, they will want ROI on their investments so are more likely to try selling you things you never asked for a few tricks to learn have several email addresses. mainly used for specific services only. that way you can narrow down the possible sources of who gave out your email. if the spam gets too much, because its not affiliated with other services. you can easily change email with that one service and just abandon that email address Title: Re: I forget, was there an email db leak for this forum? Post by: libert19 on September 04, 2023, 03:36:18 AM My email was leaked in 2015 bitcointalk hack (previous account), and countless other platforms even then I don't receive much spam. I personally don't think having spam mails is a big deal, spam mails in most cases are obvious, and they giveaway so with their titles, you don't even have to open them.
Title: Re: I forget, was there an email db leak for this forum? Post by: Lucius on September 04, 2023, 01:12:49 PM The forum was hacked three times, not two times, in 2011, 2013 and 2015. Details in Bitcointalk history of hacks and vandalism (https://bitcointalk.org/index.php?topic=4405796.0) I also thought that it was hacked only twice, because this is the first time I found out that the first hacking happened back in 2011, and it seems to me that maybe the biggest damage was done then, if we take into account that no one noticed the hack even 6 days, and that the hacker took over the Satoshi account. Fortunately, it was still the early days of the forum, because if something like that were to happen today, it would create a real circus. The attacker first paid for a donator account so he could change his displayed username. The displayed username field is not escaped properly, so he was able to inject SQL from there. He took over Satoshi's account, and from Satoshi's administrative interface he was able to inject arbitrary PHP code by modifying the style template. Title: Re: I forget, was there an email db leak for this forum? Post by: joker_josue on September 04, 2023, 06:51:45 PM My email was leaked in 2015 bitcointalk hack (previous account), and countless other platforms even then I don't receive much spam. I personally don't think having spam mails is a big deal, spam mails in most cases are obvious, and they giveaway so with their titles, you don't even have to open them. Totally agree. And I don't remember receiving spam that has any reference to the forum. What could have happened is that the email entered some database, and they received spam - which I don't even see - about some other subject. Personally, I am extremely selective about opening an email, even more so when clicking on a link. Title: Re: I forget, was there an email db leak for this forum? Post by: digaran on September 06, 2023, 04:35:40 AM IMO, the only reason for all the hacks were to obtain information about satoshi and a few others directly in contact with him.
Title: Re: I forget, was there an email db leak for this forum? Post by: robelneo on September 06, 2023, 05:24:27 AM Having to be reminded of these series of attacks haven’t taken place in about 3 occasions based on discoveries on this thread, it leads me to believe the forum isn’t completely safe as I would have liked to believe. Could that be the case? Quote What were the possible entry point for these hackers and There is no one process, it could be social engineering, software exploitation, or brute force attack, in the case of SMF there is modification software to enhance security, and since the version is one of the oldest versions they can modify the source to enhance security.What was put in place to prevent future occurrences? Title: Re: I forget, was there an email db leak for this forum? Post by: scorrem on September 06, 2023, 09:09:15 AM This hack must be responsible for lot of hacked high rank accounts which were meant to be sold. But merit system broke the heart of these hackers and sellers.
Title: Re: I forget, was there an email db leak for this forum? Post by: libert19 on September 09, 2023, 11:57:28 AM This hack must be responsible for lot of hacked high rank accounts which were meant to be sold. But merit system broke the heart of these hackers and sellers. How? People got merit airdropped according to their rank when merit system was implemented. Title: Re: I forget, was there an email db leak for this forum? Post by: Zenp on September 09, 2023, 12:34:50 PM I was reminded of a phishing attempt warning email I received on June 2, 2016 as my email was registered with bitcointalk in 2015.
This attempt might've been from the email db leak from 2011 or 2013 that others have mentioned. I can say this because I didn't actually receive the phishing attempt email, but only a warning of it from Kraken: https://i.ibb.co/mTDSC2z/Kraken.png (https://ibb.co/H4FXDbg) Here is the link to the reddit post: https://www.reddit.com/r/Bitcoin/comments/4m3op0/psa_phishing_attempts_reported_today_kraken_re/ Some users on the reddit post also mentioned that they did not receive the phishing attempt email. My guess is because they registered between 2013 and 2016, and their data was not leaked, and as such did not receive the phishing attempt. |