Bitcoin Forum

Hi!

I'm not 100% sure of this yet, but it seems as if all the content of bitcointalk.org and btc-e.com would have been leaked to the net.

If this is true, lots of information (including the usernames, e-mail addresses and private forum messages) is now freely available.

A great part of the data will be in plain text - very easy for anyone with basic IT skills to sort out and make searches to.

Many will have trouble if the news is true.

Here's an email I just received, and having worked with IT security for quite some time, I'd say this is probably real.

They could of course be just trying to rip people off without actually having anything to sell.

I would not count on that, though - it's password changing time.

- Jyri
--
Altcoin.Center

================================================================================
Return-Path: <import@natcom-eg.com>

X-Original-To: xxxxx@xxxxxxxx.xxx

Delivered-To: xxxxx@xxxxxxxx.xxx

Received: from mail.xxxxxxxx.xxx (localhost.localdomain [127.0.0.1])

        by mail.xxxxxxxx.xxx (Postfix) with ESMTP id 6364B4075036

        for <xxxxx@xxxxxxxx.xxx>; Tue, 28 Oct 2014 21:53:14 +0200 (EET)

Received-SPF: none (natcom-eg.com: No applicable sender policy available) receiver=mail.xxxxxxxx.xxx; identity=mailfrom; envelope-from="import@natcom-eg.com"; helo=smtp105.iad3a.emailsrvr.com; client-ip=173.203.187.105

Received: from smtp105.iad3a.emailsrvr.com (smtp105.iad3a.emailsrvr.com [173.203.187.105])

        by mail.xxxxxxxx.xxx (Postfix) with ESMTPS id 1D1DF4075034

        for <xxxxx@xxxxxxxx.xxx>; Tue, 28 Oct 2014 21:53:11 +0200 (EET)

Received: from localhost (localhost.localdomain [127.0.0.1])

        by smtp6.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id D31A6180252;

        Tue, 28 Oct 2014 15:53:09 -0400 (EDT)

Received: by smtp6.relay.iad3a.emailsrvr.com (Authenticated sender: operation-AT-happylineagency.com) with ESMTPA id D0080180292;

        Tue, 28 Oct 2014 15:53:08 -0400 (EDT)

X-Sender-Id: operation@happylineagency.com

Received: from User ([UNAVAILABLE]. [89.223.47.197])

        by 0.0.0.0:587 (trex/5.3.2);

        Tue, 28 Oct 2014 19:53:09 GMT

Reply-To: import@natcom-eg.com

From: Bitcoins For Biz 2014<import@natcom-eg.com>

To: xxxxx@xxxxxxxx.xxx

Subject: Bitcointalk.org database.txt BTC-E Bitcoin dump.sql 64.9 MB Size WE SELL FULL DATABASE DUMP OF Bitcointalk.org + BTC-E.COM 2014                                             PVFHCBKQJS

Date: Tue, 28 Oct 2014 22:53:10 +0300

MIME-Version: 1.0

Content-Type: text/plain;

        charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 1

X-MSMail-Priority: High

X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200


WE SELL FULL DATABASE DUMP.SQL OF Bitcointalk.org + BTC-E.COM

HERE IS LIST OF WHAT WE HAVE FOR YOU.

Maybe You Ask For Why You Must Buy Dump.sql include Mails And Details Personale Users?
YOU ASK FOR WHAT?

1. Affiliate/invites
Casino/Poker/Forex Etc...

2. You Get Mails Very Big Size To Your Bussines Promotions RESULTABLE leads Target 100% Bitcoins Mails in Sql

3. You Be Make Nice Profit % Yes

you be earn multi profits
this very quality material for stable more biz to you


OVER 4+ GB OF DATA TOTAL: EMAILS, PASSWORDS, PINS, ETC FOR ALL USERS.
FULL .SQL FILE DUMP FORMAT
LEAKED BTC-E SOURCE CODE     
FULL DATABASE SQL DUMP

Bitcoins>Payment>Email->TxT/SQL/Zip

if you interest buy material in my shop

i calculate for you specific price
who interest make payment and buy for me I AM SURE 100%
THIS IN PRACTIC MY SKILL AND PROOFS IF YOU DREAM ABOUT THIS I OWNER THIS IN THIS MOMENT YES

OTHER BITCOIN EXCHANGE
 
BTC-E.COM
FULL DATABASE DUMP. EMAILS, PASSWORDS, USERS (850.000+) - 16-10-2014 *FRESH*
FULL .SQL FILE DUMP FORMAT
 
WE HACKED BTC-E; AND ASWELL WITH TRADINGS.

 
Bitcoin Address : 1shopAH6JmxABLCbbG4wNAUZVh3ZjtGfF

you interest?
Ok if you make payment i contact you and be help you
i sent back to you memo my jabber/icq details to chat individual to you if you be my client make copy sql to you

IF I SAY I MAKE
THIS MY PRINCIPIAL POSITION
I RUSSIAN
I POSITIVE IF YOU BE MY CLIENT

----------------------------------
" BTC-E.COM"
Prices (Bitcoin):
 
0.3 BTC - FULL USERDUMP ON BTC-E.COM (850.000+ USERLIST)
- Full dump on Emails, PINS, Usernames and best of all Passwords.
 
Price BTC - FULLY FUNCTIONALLY BTC-E.COM SOURCECODE + BTC-E DUMP (USERS,PASSWORDS,EMAILS,PINS)
----------------------------------
" BitcoinTalk.org "
Prices (Bitcoin):
 
0.15 BTC - FULL USERDUMP ON BitcoinTalk.org  (374602 Members+ USERLIST)
- Full dump.sql on Emails, Usernames and best of all Passwords.
 
Price BTC - BitcoinTalk.org  SOURCECODE
- If you want to buy full source code. Price is 0.15 BTC.

After You Make Payment, send us an e-mail or your Jabber to removed@Safe-mail.net with what you want and what file download locations and instructions.
When you make the payment, remember to send us an e-mail to removed@Safe-mail.net
 with the amount sent and the wallet address in which you want to receive link to download dump.sql

After you Make Payment You Get My Help 100%
Save Details Transaction And Sent Me For This Specific Mail removed@Safe-mail.net

N1 Pay [Save Your Details Transaction] Example Test i want to buy full source code. Price is 0.15 BTC.
N2 Contact Me removed@Safe-mail.net

TEAM SQL INJECTION DUMP MEGAPACK

This is a chance for you!

You Get Download Link Zip! Dump.Sql Yes

PAYMENT wallet address is BTC: 1shopAH6JmxABLCbbG4wNAUZVh3ZjtGfF

  -----------------------------to get hold of the database--------------------------------
    ----------Send 0.15 BTC to address 1shopAH6JmxABLCbbG4wNAUZVh3ZjtGfF ---------------------
    ------------------------In the description leave your mail------------------------------
    ----------------------------------------------------------------------------------------
    ----------------------------------------------------------------------------------------
    -----------------database each bitcointalk.org and btc-e.com contains 67% of decrypted passwords---------------------------
    bitcointalk, bitcoin, talk, database,mails, passwords,dumpfullforum.sql data, base,decrypted,download

Prices
1. Bitcointalk.org Price include users mails and details FullForumBackupDump.sql = 0.15 BTC

2. BTC-E.com Price BTC 0.3 Bitcoin

Easy instruction
if you business man [interest bitcoins mails and personal details for your biz or casino or affiliate]
i am give you ofer
i rus
own this sql dumps in practic

LISEN ME IN THIS MOMENT IF YOU WONT BIZ TO ME

Send [Transaction txid] txid number your individual payment details copy to this specific operator to removed@Safe-mail.net to get download link .txt after you pay.

you be make monetisation in practic

After you make payment! i am be stimul help you!
Save Transaction Details txid and value BTC
IMPORTANT: Only when you make the payment, send us an e-mail to removed@Safe-mail.net with your bitcoin wallet adress and the amount you transfered. As soon as the money arrives to our wallet we will give you order! All other emails will be ignored.

Bitcoins>Payment>Email->TxT/SQL/Zip

Send 0.15 BTC to address 1shopAH6JmxABLCbbG4wNAUZVh3ZjtGfF
 
MIRFGWJCVTKFRBHKULBTLZFJZISQOJVTLUBMED
================================================================================

Seems quite fake, just like dozens of others I've seen. This one didn't even provide a (fake) example of "stolen" data.

That is 100% fake if the got they database for both sites they would not be sending emails to random people trying to sell for that low of a amount considering the BTC-e accounts would have funds in some of them and they woulld just take them rather then selling the database.

For someone stating that has worked with IT security for some time I would expect them to realize that this looks fake, instead of considering the opposite.

This must be why there are so many forum threads about how to stay anon on this site in particular. Have these scams ever worked?

If they had all the email addresses from bitcointalk, why didn't they send that message to all of them?

I use my real email here and I didn't get such a message.   :-\

So you're saying there's only one opinion about issues like this one?

And that you know, which opinion is right, right?

May I ask, is your estimate based on actual experience or just guesswork?

Not attempting to be rude - just asking.

-j.

Well, based on the cases I've seen, it's not usually considered necessary for crackers to give that kind of proof - unless they publish all the data openly, in which case their point is not trying to make money but a statement of some kind.

To my senses the message does not seem fake. I did give that option considerable amount of time too.

Perhaps I'm wrong, which is not a problem for me. Have had to learn that skill since I do indeed make mistakes too.

-j.

I received the message to twice, sent to the same two addresses I use with my two accounts at bitcointalk.org.

-j.

EDIT: It would take a little while to send the message to all the users. That's not a "proof" of any kind but would explain why you may not received your copy yet. Please let me know if you do get one.

They don't have to post all the data, just a snippet like several usernames and their passwords, anything pretty much. Also, think about it, anyone could write up an email like this, hell, I could if I wanted (not that I do). It's really easy with some basic technical knowledge to write up some fake email claiming to have hacked a site and ask money for it.

What he probably meant to say is that he doubts your experience in IT security due to the fact that you believe a baseless email with no proof. Sadly, I have to agree.

It seems you haven't set your email as hidden so anyone can see it (including me, any forum user, random internet user), so do email sweepers.

I'm not a random person but a bitcointalk.org user.

I have two accounts registered and received two e-mails.

Considering

- how much time it would take to go through all the accounts at BTC-e

- how likely it is that heist of that type would be noticed very soon

and

- how much doing something like that would raise the chances of being caught,

I too might well go for selling the database with a cheap price to a maximum number of people.

I'm still not sure whether or not the message is fake or not, though.

-j.

I'll quote it, because you seem to have missed it:

First of all this is definitely fake. The price is way too low for the "complete dump" of these sites. Way more than 0.3 can be made from using even one users account. On the other side, maybe he doesn't want to be the one responsible for hacking, so he is selling this to someone and its untraceable.

Someone may have created a script to scrape all users from here:

https://bitcointalk.org/index.php?action=mlist

And harvest all the public email addresses (yours is set public).

I suspect it's a phish.

Yes, I did get the point of why it would make sense to publish at least something to prove the claims made.

What I'm saying is that doing so is not a de facto standard of the hacking industry, and that the lack of it does not exactly prove anything either.

It is of course very easy to just send an e-mail like that, hoping that at least someone would pay the price.

And still, that possibility does not mean that the message in question would be fake.


Your analysis matches with my guesswork as well.

However, I'd like to point out that I'm not "believing" anything, which can be clearly seen in my original post. I'm making the educated guess, based on the 15+ experience I have from the field, that the message is more probably real than fake. Even this estimate does not mean I would just blindly digest my initial analysis and start considering it a proven fact. It's an estimate, made by someone with experience, and questioned by someone of whose expertise in this area I'm not yet aware of.

You don't have to be sad for what your estimate of me or my experience is.

If I were you, I think I'd still change my password - can't loose much doing that anyways.

-j.

Yes, a harvesting script is one possibility.

And the message can be a fish.

Selling the data in a more underground manner may have already happened. ;)

It will be interesting to see how this turns out.

A rhetoric question: Should I not have made this post about the message, or should I simply have posted it out without giving any opinions of my own?

It may not be immediately obvious, but I did in fact think several times, whether or not I make this post - first of all because the message may not be real, and secondly because it's a certain way to start a flood of negative comments, which don't exactly bother me but it's still tiresome going through them, possibly ending up in an endless loop of trying to answer questions that are not even meant to be answerable.

In the previous chapter, I'm not referring to the above discussion about harvesting etc. - those are good points. Then again, the possibility of something does not exclude the existence of another, at least until there is actual and factual proof one way or the other. It should be pretty obvious soon; if the sites have really been hacked, it's not going to go unnoticed.

-j.

Bitcointalk has very decent bug bounties, see here: https://bitcointalk.org/index.php?topic=309785.0

Obtaining arbitrary PMs or password hashes would be around 24 BTC based on current prices.

Root access (since they have DB and source?) would be around 35 BTC based on current prices.

But instead they e-mail randoms asking for 0.3 BTC. Lol. SCAAAAMMMM

No worries, it's good to be overly cautious with regard security.

If you make some folk change passwords then that certainly can't hurt.

You don't need to change your handle to "Chicken Little" just yet  :D

Wow I didn't know there are bug bounties on bitcointalk and they are pretty big.

Someone has sent 0.15 btc to the address https://blockchain.info/address/1shopAH6JmxABLCbbG4wNAUZVh3ZjtGfF to the "hacker".

If they had hacked bitcointalk don't you think they would I have posted under multiple high member accounts to advertise? Post under people like theymos, Satoshi?

That would be the best way of proving it.

Yeah. I agree with that. It would make more sense than selling it for 0.15. They would've earned much more than that by using higher level accounts.

its just a fake
they are trying to scam people with fake info
if someone really hacked then he will sell this info for 0.15 BTC
never

it worth much more then this

It's totally fake. I wouldn't worry about it, there's plenty of people on the internet trying to scam you out of your Bitcoins.

When I read the first post I thought:

Are you kidding me ? It is obvious this is only a scam .

Still nothing.   :-\   I think your public email address is the cause, not a hack.

I got this email in my spam folder too, sent to my private email address which I used to signup for this user account.
Found this pastebin(http://pastebin.ca/2865842) which lead me to here.

I just checked to see if my email was public and it seems I already did hide it when I signed up.

So it wasn't only sent to users with their email addresses set to public.

I just checked 3 emails listed in the pastebin.
1 email was registered and public
the 2 others didn't return any results. Could be hidden though