|
Title: Hundreds of thousand of bitcointalk accounts hacked Post by: rizzlarolla on March 14, 2017, 07:32:06 PM Have you noticed the growing number of hacked accounts reported? The hacker is asking fubly for bitcoin to return his account, saying he bought the account for twice the price he is asking from fubly, here https://bitcointalk.org/index.php?topic=1702720.0 Where else have i seen that happen recently, oh yes, GreenBits account here, https://bitcointalk.org/index.php?topic=1785972.40 Or ashapasa's account, turned into a slave account alongside nine other hacked accounts i identified here. (all wearing same sig, getting paid?) https://bitcointalk.org/index.php?topic=1821083.msg18157257#msg18157257 One of those accounts is getting fake credibility here, https://bitcointalk.org/index.php?topic=1823355.msg18174976#msg18174976 I even had a hacked account, JohnybBigs, troll me, giving trust to Lauda and Timelord2067 to endear itself to those members, hell, even the OP of that thread is probably hacked here https://bitcointalk.org/index.php?topic=1733765 Thousands of accounts appear to have been hacked recently. Admin will know the true figure, i assume. You can see for yourselves. Click on this member, https://bitcointalk.org/index.php?action=profile;u=9011 see the last active march 1st 2017. Then click on u=9012, 9013, 9014,..... Try any u=number under 100000. More explanation here, https://bitcointalk.org/index.php?topic=1702409.msg17974610#msg17974610 This hack has been anticipated for a while now, do admin have a planned response? Are admin doing anything about this problem? Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: 0xfff on March 14, 2017, 07:42:44 PM This is a very serious issue. Admins should tell us how these people get hacked.
Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: hilariousandco on March 14, 2017, 07:47:28 PM As far as I'm aware people are getting their accounts hacked because they didn't change their account passwords after the data breach and unfortunately there's not much that can be done about it if they don't. There will be several forms of 2-factor auth on the new forum so helpfully that will prevent future issues if people use it.
Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: rizzlarolla on March 14, 2017, 07:56:12 PM As far as I'm aware people are getting their accounts hacked because they didn't change their account passwords after the data breach and unfortunately there's not much that can be done about it if they don't. There will be several forms of 2-factor auth on the new forum so helpfully that will prevent future issues if people use it. Obviously, dormant or unused accounts will likely not have changed their passwords. That is why i ask "This hack has been anticipated for a while now, do admin have a planned response?" The standard answer, nothing can be done. There is plenty that could be done, even at this late stage. Do you have any figures or guesstimates on hacked account numbers? Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: hilariousandco on March 14, 2017, 08:07:46 PM I have no idea how many accounts have been compromised but I don't think it's as bad as you're claiming. I suppose certain accounts could be locked but people weep like widows when their accounts are auto locked as a precautionary measure when someone tries to reset the password via the security question and they cry even more when they have to wait for it to be restored. Also, if the account hasn't posted an address or they can no longer sign a message from one then they're screwed that way and they would then blame the forum for that so we're damned if we do and damned if we don't.
Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: NOP@SSWORD on March 14, 2017, 08:12:08 PM Some of those dormants accounts could have been reactivated by real owners who happen to have heard the recent news and getting interested in bitcoin again.
Edit: Quote Thousands of accounts appear to have been hacked recently. Admin will know the true figure, i assume. You can see for yourselves. Click on this member, https://bitcointalk.org/index.php?action=profile;u=9011 see the last active march 1st 2017. Then click on u=9012, 9013, 9014,..... Try any u=number under 100000. More explanation here, https://bitcointalk.org/index.php?topic=1702409.msg17974610#msg17974610 Most of those accounts are newbies. What are the benefits of hacking newbies? Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: Lauda on March 14, 2017, 08:33:50 PM I have no idea how many accounts have been compromised but I don't think it's as bad as you're claiming. I've noticed a surge of dormant accounts joining in Bitmixer, all of them shitposting and most of them having the same/similar posting patterns (e.g. inactive since X month, start posting after Y date). I think the OP is at least somewhat correct with his statement. Some of those dormants accounts could have been reactivated by real owners who happen to have heard the recent news and getting interested in bitcoin again. Doubtful that account farmers activate only when there is Bitcoin news around. ::)Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: NOP@SSWORD on March 14, 2017, 08:56:36 PM I have no idea how many accounts have been compromised but I don't think it's as bad as you're claiming. I've noticed a surge of dormant accounts joining in Bitmixer, all of them shitposting and most of them having the same/similar posting patterns (e.g. inactive since X month, start posting after Y date). I think the OP is at least somewhat correct with his statement. Some of those dormants accounts could have been reactivated by real owners who happen to have heard the recent news and getting interested in bitcoin again. Doubtful that account farmers activate only when there is Bitcoin news around. ::)I mean the bitcoin price is enough to motivate them to posts again. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: rizzlarolla on March 14, 2017, 10:14:49 PM Some of those dormants accounts could have been reactivated by real owners who happen to have heard the recent news and getting interested in bitcoin again. Edit: Quote Thousands of accounts appear to have been hacked recently. Admin will know the true figure, i assume. You can see for yourselves. Click on this member, https://bitcointalk.org/index.php?action=profile;u=9011 see the last active march 1st 2017. Then click on u=9012, 9013, 9014,..... Try any u=number under 100000. More explanation here, https://bitcointalk.org/index.php?topic=1702409.msg17974610#msg17974610 Most of those accounts are newbies. What are the benefits of hacking newbies? No. real owners do not log in in rota. When hacking, you take what you get? Did you read this thread from op, https://bitcointalk.org/index.php?topic=1702409.msg17974610#msg17974610 Then did you spend more than 5 minutes looking into this? Added - I'll bring the link here for clarity, https://bitcointalk.org/index.php?action=profile;u=9000 jakeroxs 0 post November 24, 2016, 08:47:41 AM https://bitcointalk.org/index.php?action=profile;u=9003 Micro333 0 post February 19, 2017, 01:18:36 PM https://bitcointalk.org/index.php?action=profile;u=9005 Qrr 2 post February 19, 2017, 01:28:59 PM https://bitcointalk.org/index.php?action=profile;u=9009 Trance555 0 post February 19, 2017, 01:28:07 PM https://bitcointalk.org/index.php?action=profile;u=9011 twadsworth 0 post February 19, 2017, 01:16:27 PM https://bitcointalk.org/index.php?action=profile;u=9012 FictionWobbles333 0 post February 19, 2017, 01:27:05 PM https://bitcointalk.org/index.php?action=profile;u=9013 MoodFool333 0 post February 19, 2017, 01:28:08 PM https://bitcointalk.org/index.php?action=profile;u=9014 marish 0 post February 19, 2017, 01:38:06 PM https://bitcointalk.org/index.php?action=profile;u=9015 BlackRunner111 0 post February 19, 2017, 01:15:55 PM https://bitcointalk.org/index.php?action=profile;u=9016 jhallsworth 0 post February 19, 2017, 01:28:12 PM https://bitcointalk.org/index.php?action=profile;u=9020 carter 0 post February 19, 2017, 01:20:13 PM Funny how the price drove 10 of 20 consecutive, really old accounts, who have never posted in years, to all log in on Feb 19, all at 1 o'clock, then not since, don't you think? You will find many, many more Feb 19 hacked accounts, if you have the time to look. Did you see https://bitcointalk.org/index.php?action=profile;u=9183 A nice moving avatar, that will have some value. I hope you give me some credit for my account analysis. I have studied many more than you. many orders of magnitude. Try 9119, 9142, 9158, 9163, 9171, 9190, 9194. You will either have to do more study or take my word for it. Hundreds of thousands of accounts have recently been hacked. Until we hear otherwise from admin. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: NOP@SSWORD on March 15, 2017, 12:35:00 AM Some of those dormants accounts could have been reactivated by real owners who happen to have heard the recent news and getting interested in bitcoin again. Edit: Quote Thousands of accounts appear to have been hacked recently. Admin will know the true figure, i assume. You can see for yourselves. Click on this member, https://bitcointalk.org/index.php?action=profile;u=9011 see the last active march 1st 2017. Then click on u=9012, 9013, 9014,..... Try any u=number under 100000. More explanation here, https://bitcointalk.org/index.php?topic=1702409.msg17974610#msg17974610 Most of those accounts are newbies. What are the benefits of hacking newbies? No. real owners do not log in in rota. When hacking, you take what you get? Did you read this thread from op, https://bitcointalk.org/index.php?topic=1702409.msg17974610#msg17974610 Then did you spend more than 5 minutes looking into this? Added - I'll bring the link here for clarity, https://bitcointalk.org/index.php?action=profile;u=9000 jakeroxs 0 post November 24, 2016, 08:47:41 AM https://bitcointalk.org/index.php?action=profile;u=9003 Micro333 0 post February 19, 2017, 01:18:36 PM https://bitcointalk.org/index.php?action=profile;u=9005 Qrr 2 post February 19, 2017, 01:28:59 PM https://bitcointalk.org/index.php?action=profile;u=9009 Trance555 0 post February 19, 2017, 01:28:07 PM https://bitcointalk.org/index.php?action=profile;u=9011 twadsworth 0 post February 19, 2017, 01:16:27 PM https://bitcointalk.org/index.php?action=profile;u=9012 FictionWobbles333 0 post February 19, 2017, 01:27:05 PM https://bitcointalk.org/index.php?action=profile;u=9013 MoodFool333 0 post February 19, 2017, 01:28:08 PM https://bitcointalk.org/index.php?action=profile;u=9014 marish 0 post February 19, 2017, 01:38:06 PM https://bitcointalk.org/index.php?action=profile;u=9015 BlackRunner111 0 post February 19, 2017, 01:15:55 PM https://bitcointalk.org/index.php?action=profile;u=9016 jhallsworth 0 post February 19, 2017, 01:28:12 PM https://bitcointalk.org/index.php?action=profile;u=9020 carter 0 post February 19, 2017, 01:20:13 PM Funny how the price drove 10 of 20 consecutive, really old accounts, who have never posted in years, to all log in on Feb 19, all at 1 o'clock, then not since, don't you think? You will find many, many more Feb 19 hacked accounts, if you have the time to look. Did you see https://bitcointalk.org/index.php?action=profile;u=9183 A nice moving avatar, that will have some value. I hope you give me some credit for my account analysis. I have studied many more than you. many orders of magnitude. Try 9119, 9142, 9158, 9163, 9171, 9190, 9194. You will either have to do more study or take my word for it. Hundreds of thousands of accounts have recently been hacked. Until we hear otherwise from admin. In your example above seems it is own by one owner, I think he is checking his accounts. Look at the pattern of 3 numbers after the word and the "worth" word added at the end. It is not coincidence. Micro333 Trance555 FictionWobbles333 MoodFool333 BlackRunner111 twadsworth jhallsworth Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: BTCBLOGGER on March 15, 2017, 01:56:28 AM I remember there was an incident happened when a Ponzi mining site cloudminr leaked its data [username, password] for btc at that time many accounts were hacked and I'm able to restore few of them and the grtthegreat was the one of them. someone is trying to sell it but before that i logged into that account and helped him to get his account back at that time I also takeover some accounts but no one claimed that back from me.
I still have those accounts and waiting for their owners to get them back. https://bitcointalk.org/index.php?topic=1120107.msg11864925#msg11864925 https://bitcointalk.org/index.php?topic=1120052.msg11864392#msg11864392 can i sell them if no one claims them back? ;D Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: DomainMagnate on March 15, 2017, 11:09:25 AM As far as I'm aware people are getting their accounts hacked because they didn't change their account passwords after the data breach and unfortunately there's not much that can be done about it if they don't. There will be several forms of 2-factor auth on the new forum so helpfully that will prevent future issues if people use it. The feature that displays message "This user has recently changed his password" prevents me and many like me to change password periodically for safety purpose. This message keeps people away from trading with such users. I hope this feature is not available in new forum. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: minifrij on March 15, 2017, 11:15:59 AM The feature that displays message "This user has recently changed his password" prevents me and many like me to change password periodically for safety purpose. It doesn't stop you doing anything. So long as you can sign a message from an old staked address there is no reason why you shouldn't be able to change your password.This message keeps people away from trading with such users. I hope this feature is not available in new forum. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: BitHodler on March 15, 2017, 02:09:12 PM The feature that displays message "This user has recently changed his password" prevents me and many like me to change password periodically for safety purpose. It doesn't stop you doing anything. So long as you can sign a message from an old staked address there is no reason why you shouldn't be able to change your password.This message keeps people away from trading with such users. I hope this feature is not available in new forum. From there it will be very difficult to know whether or not you're really dealing with the person you are supposed to deal with. Especially when the account has been kept active in the exact same manner it was before the sale. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: erpbridge on March 15, 2017, 10:33:07 PM As far as I'm aware people are getting their accounts hacked because they didn't change their account passwords after the data breach and unfortunately there's not much that can be done about it if they don't. There will be several forms of 2-factor auth on the new forum so helpfully that will prevent future issues if people use it. Was this because of the cloudfare breach or the breach that happened last year ? I remember seeing a list of accounts that was hacked last year, was there another one after that ? Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: minifrij on March 15, 2017, 10:57:15 PM But in case of account sales, nowadays accounts get sold with the private keys connected to the staked address. That's a problem with the forum's policy on account sales. There is little else you can do other than ask for some other information only the original owner would know (E.G a dox). This relies on the previous owner being something other than an account farmer though, which could prove to be difficult.From there it will be very difficult to know whether or not you're really dealing with the person you are supposed to deal with. Especially when the account has been kept active in the exact same manner it was before the sale. Was this because of the cloudfare breach or the breach that happened last year ? I remember seeing a list of accounts that was hacked last year, was there another one after that ? No. The breach on Bitcointalk happened in May 2015 IIRC, and was a result of an internal problem with the hosting provider. I don't believe that Bitcointalk has ever used Cloudflare.Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: achow101 on March 16, 2017, 12:09:02 AM It's possible that someone got their hands on the old hacked database from May 2015 and decided to actually attempt to get into accounts with info that they gathered from that database.
Another possibility is that some site Bitcoin related was hacked and people got their hands on their databases and are checking to see if there are reused passwords to get into bitcointalk accounts. For example, recently a database dump from 2014 of btc-e's database reached HaveIBeenPwned so it is likely that that database was floating around publicly for a bit of time beforehand and is still available. So people might be using that to match accounts on btc-e to accounts on the forum and then trying passwords to see if there is any reuse. Unfortunately the forum can't really do much. If the admins lock accounts which have not changed their passwords and then send password reset emails to all of those accounts, a lot of people will be locked out because emails aren't validated and a lot are either invalid, or just point back to bitcointalk. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: rizzlarolla on March 18, 2017, 01:17:19 PM Most of those accounts are newbies. What are the benefits of hacking newbies? Take a look at this thread where these newbie hacked accounts are used for trust farming/false trading. https://bitcointalk.org/index.php?topic=1793966.msg18067586#msg18067586 No. real owners do not log in in rota https://bitcointalk.org/index.php?action=profile;u=9000 jakeroxs 0 post November 24, 2016, 08:47:41 AM https://bitcointalk.org/index.php?action=profile;u=9003 Micro333 0 post February 19, 2017, 01:18:36 PM https://bitcointalk.org/index.php?action=profile;u=9005 Qrr 2 post February 19, 2017, 01:28:59 PM https://bitcointalk.org/index.php?action=profile;u=9009 Trance555 0 post February 19, 2017, 01:28:07 PM https://bitcointalk.org/index.php?action=profile;u=9011 twadsworth 0 post February 19, 2017, 01:16:27 PM https://bitcointalk.org/index.php?action=profile;u=9012 FictionWobbles333 0 post February 19, 2017, 01:27:05 PM https://bitcointalk.org/index.php?action=profile;u=9013 MoodFool333 0 post February 19, 2017, 01:28:08 PM https://bitcointalk.org/index.php?action=profile;u=9014 marish 0 post February 19, 2017, 01:38:06 PM https://bitcointalk.org/index.php?action=profile;u=9015 BlackRunner111 0 post February 19, 2017, 01:15:55 PM https://bitcointalk.org/index.php?action=profile;u=9016 jhallsworth 0 post February 19, 2017, 01:28:12 PM https://bitcointalk.org/index.php?action=profile;u=9020 carter 0 post February 19, 2017, 01:20:13 PM Hundreds of thousands of accounts have recently been hacked. Until we hear otherwise from admin. In your example above seems it is own by one owner, I think he is checking his accounts. Look at the pattern of 3 numbers after the word and the "worth" word added at the end. It is not coincidence. Micro333 Trance555 FictionWobbles333 MoodFool333 BlackRunner111 twadsworth jhallsworth I agree this example does possibly show a bunch of farmed accounts, However they are still hacked. If you continue clicking through u=# from 9020, you will keep finding time rota Feb 19 log-in accounts. What of " https://bitcointalk.org/index.php?action=profile;u=9183 A nice moving avatar" is he no hacked, just "the farmer checking in"? Did you read/understand this previous link https://bitcointalk.org/index.php?topic=1702409.msg17974610#msg17974610 Quote All Feb 19 accounts (shown here) "reactivated" within 25 minutes. (there is a shed load of other feb 19 "reactivations" elsewhere, look at u=2000 - 2020 @11.00am, or u=3000 onward @11.30am, or u=4000 onward @11.45am, or u=7000 onward @ 12.00pm, or u=8000 onward @1.15pm for example, a clear timeline pattern) - edited for more clarity. Can you see the connection to all these other accounts log-in in time rota? (you will have to do some clicking) ---------------- It's possible that someone got their hands on the old hacked database from May 2015 and decided to actually attempt to get into accounts with info that they gathered from that database. Another possibility is that some site Bitcoin related was hacked and people got their hands on their databases and are checking to see if there are reused passwords to get into bitcointalk accounts. For example, recently a database dump from 2014 of btc-e's database reached HaveIBeenPwned so it is likely that that database was floating around publicly for a bit of time beforehand and is still available. So people might be using that to match accounts on btc-e to accounts on the forum and then trying passwords to see if there is any reuse. Unfortunately the forum can't really do much. If the admins lock accounts which have not changed their passwords and then send password reset emails to all of those accounts, a lot of people will be locked out because emails aren't validated and a lot are either invalid, or just point back to bitcointalk. Either someone has "got their hands on the old hacked database from May 2015 and decided to actually attempt to get into accounts " or it is an inside job. "Another possibility is that some site Bitcoin related was hacked.." that is highly unlikely to account for the mass "systemic hack" we are seeing here. "Unfortunately the forum can't really do much" Same as hilarious said. Several hundred thousand accounts "systemically hacked" - admin do not even respond. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: hilariousandco on March 18, 2017, 01:43:01 PM Most of those accounts are newbies. What are the benefits of hacking newbies? Take a look at this thread where these newbie hacked accounts are used for trust farming/false trading. https://bitcointalk.org/index.php?topic=1793966.msg18067586#msg18067586 That boomin guy is the latest (caught) alt of MariusTi aka steamproject aka tberty aka Dorkslayz etc etc who uses an army of dozens of alts to fake vouch or spam bump his threads of torrent invites (and he's probably had around a 100 banned). He either has a massive stockpile of them or buys them from account sellers but I'm more inclined to believe that he has just farmed/created them himself as there's a lot that were just used to make one or two posts to bump/vouch for his thread then discarded, though some of the older ones recently came back to life and started selling the torrent invites when a lot of his other accounts got found out and banned. This behaviour with him has been going on for years with him and not just on this forum either as he's been banned from numerous forums and never learns. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: rizzlarolla on March 18, 2017, 03:26:34 PM Most of those accounts are newbies. What are the benefits of hacking newbies? Take a look at this thread where these newbie hacked accounts are used for trust farming/false trading.https://bitcointalk.org/index.php?topic=1793966.msg18067586#msg18067586 So you basically just agree that hacking (old) newbie accounts do have benefits for scammer's, and illustrating those benefits to scammer's. Steamproject ran his thread nearly 2 years on bct. What exactly was he supposed to "learn" from that? If he "just farmed/created them himself" he must have been around since July 31, 2010, 07:44:15 PM https://bitcointalk.org/index.php?action=profile;u=657 Weather or not Steamproject farmed those accounts himself or hacked them or bought them is a different topic, probably known alts thread. The fact remains that hundred's of thousands of accounts are "hacked" by someone. bct members are left in the dark over the scale of this, while mods say there is nothing that can be done, admin haven't even responded. ------added I have no idea how many accounts have been compromised but I don't think it's as bad as you're claiming. I suppose certain accounts could be locked but people weep like widows when their accounts are auto locked as a precautionary measure when someone tries to reset the password via the security question and they cry even more when they have to wait for it to be restored. Also, if the account hasn't posted an address or they can no longer sign a message from one then they're screwed that way and they would then blame the forum for that so we're damned if we do and damned if we don't. I should respond here too. You have no idea how many accounts have been compromised, Yet somehow "auto conclude" i'm wrong? You compare "auto locked" accounts with "systemically hacked" account's, but they are not hacked in the same way. (afaik) Security question accounts are by default "locked out" till staff action, while systemically (password) hacked accounts are by default "allowed in" until staff action? You go on about those "auto locked" members weeping like widows, when many have clear proof but still have to wait for months for any action to be taken, then use the damnation of your (staff/admin) inaction's on restoring those few "auto locked" accounts as reason why you can't do anything about 100,000's of completely differently identifiable "systemically (password) hacked" accounts. Correct? Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: Iranus on March 18, 2017, 04:21:23 PM Most of those accounts are newbies. What are the benefits of hacking newbies? Take a look at this thread where these newbie hacked accounts are used for trust farming/false trading.https://bitcointalk.org/index.php?topic=1793966.msg18067586#msg18067586 So you basically just agree that hacking (old) newbie accounts do have benefits for scammer's, and illustrating those benefits to scammer's. Steamproject ran his thread nearly 2 years on bct. What exactly was he supposed to "learn" from that? If he "just farmed/created them himself" he must have been around since July 31, 2010, 07:44:15 PM https://bitcointalk.org/index.php?action=profile;u=657 Weather or not Steamproject farmed those accounts himself or hacked them or bought them is a different topic, probably known alts thread. The fact remains that hundred's of thousands of accounts are "hacked" by someone. bct members are left in the dark over the scale of this, while mods say there is nothing that can be done, admin haven't even responded. I suppose the main problem is the security breach from a while ago, which people are now exploiting because these dormant users never managed to change their passwords as they haven't been on this forum for a long time. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: rizzlarolla on March 18, 2017, 04:58:30 PM Nearly all of these accounts probably are hacked, but one of the key problems is that the forum is very hands-off so they're faced with the dilemma of finding out how to prove that these accounts are hacked without intruding on people's privacy. It must be pretty difficult. I suppose the main problem is the security breach from a while ago, which people are now exploiting because these dormant users never managed to change their passwords as they haven't been on this forum for a long time. You agree on my figures (roughly) but you understand the dilemma facing admin? It's quite easy to prove really, once you understand the relationship between uid#/reactivation time, and other things. The inaccuracy rate would be tiny. Admin could easily do this. Just like my 500+ list of (obvious to me and admin) farmed accounts where the inaccuracy rate is zero, as far as i know. But admin refuse to acknowledge that either, which is great for you as you are a farmed "Alphabet account". 1 of several hundred alphabet accounts. https://bitcointalk.org/index.php?topic=1670807.0 Your opinion is manufactured and worthless. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: hilariousandco on March 19, 2017, 11:17:35 AM Most of those accounts are newbies. What are the benefits of hacking newbies? Take a look at this thread where these newbie hacked accounts are used for trust farming/false trading.https://bitcointalk.org/index.php?topic=1793966.msg18067586#msg18067586 So you basically just agree that hacking (old) newbie accounts do have benefits for scammer's, and illustrating those benefits to scammer's. I'm not sure what the benefits of hacking a zero or one post newbie account are, but he has or had a very large stockpile of newbie accounts he created himself to do his shilling. See these ones: https://bitcointalk.org/index.php?action=profile;u=895304 kusmaki https://bitcointalk.org/index.php?action=profile;u=895247 gherghina https://bitcointalk.org/index.php?action=profile;u=393051 alpitvraj https://bitcointalk.org/index.php?action=profile;u=889079 paraneens https://bitcointalk.org/index.php?action=profile;u=886523 Belvoir https://bitcointalk.org/index.php?action=profile;u=918902 chanway https://bitcointalk.org/index.php?action=profile;u=794655 arnold447 https://bitcointalk.org/index.php?action=profile;u=225107 clappen https://bitcointalk.org/index.php?action=profile;u=213095 iceker https://bitcointalk.org/index.php?action=profile;u=187976 Lala https://bitcointalk.org/index.php?action=profile;u=412652 Brucee https://bitcointalk.org/index.php?action=profile;u=501113 apostolis21 https://bitcointalk.org/index.php?action=profile;u=500285 mario23 https://bitcointalk.org/index.php?action=profile;u=406115 Gotcha007 https://bitcointalk.org/index.php?action=profile;u=503564 Tigarete https://bitcointalk.org/index.php?action=profile;u=505675 vikingur https://bitcointalk.org/index.php?action=profile;u=507216 AmericanTH https://bitcointalk.org/index.php?action=profile;u=507493 petrov https://bitcointalk.org/index.php?action=profile;u=507854 frenchois https://bitcointalk.org/index.php?action=profile;u=508604 Deutch87 https://bitcointalk.org/index.php?action=profile;u=508979 PierreAllan https://bitcointalk.org/index.php?action=profile;u=509715 igorenko https://bitcointalk.org/index.php?action=profile;u=539438 pascqul https://bitcointalk.org/index.php?action=profile;u=539792 cats2dogs https://bitcointalk.org/index.php?action=profile;u=539970 scultz23 https://bitcointalk.org/index.php?action=profile;u=542073 btyanoneal https://bitcointalk.org/index.php?action=profile;u=544562 billkanty https://bitcointalk.org/index.php?action=profile;u=543385 chenzu https://bitcointalk.org/index.php?action=profile;u=542662 barbugeala https://bitcointalk.org/index.php?action=profile;u=548576 doitch2 https://bitcointalk.org/index.php?action=profile;u=549093 harryson2 https://bitcointalk.org/index.php?action=profile;u=553241 bigarmny https://bitcointalk.org/index.php?action=profile;u=553521 Moris2pane https://bitcointalk.org/index.php?action=profile;u=660431 mariutzko https://bitcointalk.org/index.php?action=profile;u=662643 gasparpop https://bitcointalk.org/index.php?action=profile;u=794655 arnold447 https://bitcointalk.org/index.php?action=profile;u=793362 gigarsfree https://bitcointalk.org/index.php?action=profile;u=773056 poponautu Most were just used once to make a bump of his thread then discarded but once he had his main accounts banned some of them suddenly returned back to life and he started selling with those ones. Steamproject ran his thread nearly 2 years on bct. What exactly was he supposed to "learn" from that? He wasn't caught until recently and it was his inability to not follow the marketplace rules repeatedly that kept getting him into trouble. When he gets banned for the behaviour he just comes back on more alts and does the same and seems to have done this on multiple forums. I have no idea how many accounts have been compromised but I don't think it's as bad as you're claiming. I suppose certain accounts could be locked but people weep like widows when their accounts are auto locked as a precautionary measure when someone tries to reset the password via the security question and they cry even more when they have to wait for it to be restored. Also, if the account hasn't posted an address or they can no longer sign a message from one then they're screwed that way and they would then blame the forum for that so we're damned if we do and damned if we don't. I should respond here too. You have no idea how many accounts have been compromised, Yet somehow "auto conclude" i'm wrong? I'm not sure where you get the figure of 'hundreds of thousands' of accounts have been hacked from as it seems exaggerated but if you can provide evidence of that then I'll happily admit I'm wrong but the exact figure seems beside the point. You compare "auto locked" accounts with "systemically hacked" account's, but they are not hacked in the same way. (afaik) Security question accounts are by default "locked out" till staff action, while systemically (password) hacked accounts are by default "allowed in" until staff action? I'm not saying they are hacked in the same way but the outcome is still the same and staff can't win. How can we do anything about accounts that are not yet hacked? People were told to change their account passwords and if they didn't for whatever reason then their accounts are at risk but if they had a very strong password then they'd very likely be fine. What are you suggesting we do? Lock all accounts that haven't changed their passwords since the hack or if they haven't posted after x amount of time? If certain accounts are locked as a precautionary measure then what happens when the original owner can't prove that it belongs to him? Then he cries at the forum for unnecessarily doing this to his account. I'm not sure what you would like the admins to do but if you've got a foolproof plan I'd love to hear it. You go on about those "auto locked" members weeping like widows, when many have clear proof but still have to wait for months for any action to be taken, then use the damnation of your (staff/admin) inaction's on restoring those few "auto locked" accounts as reason why you can't do anything about 100,000's of completely differently identifiable "systemically (password) hacked" accounts. Correct? If it takes months to restore accounts now then what do you expect when there's (in your words) hundreds of thousands to restore? Only admins can restore accounts and there's nothing that regular staff can do about it. Yeah, there should be another admin or two to deal with account recoveries and finding alts or whether but that's something only theymos can act on. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: rizzlarolla on March 19, 2017, 02:36:30 PM Hilarious, thanks for the reply. I dropped the quote, it was getting to long. I will try to answer the most relevant points best i can. (thanks for the list, but i think that has run it's course here, it has little more to add here beyond my using to show 0 post hacked accounts being utilised to scam?) Are admin even interested in doing anything, no response here? (or elsewhere) Is it unreasonable to expect a response on this subject? 1 The problem Upward of 100,000 accounts hacked, no admin response, mods say nothing can be done. Why does it take months to restore accounts, even when "proven" through official guidelines? Without any admin action, the hacker has the upper hand by default of present ownership, where as real (hacked) account owners need to "prove" themselves. 2 Why do anything about it I admit i do not know the true figure of hacked accounts, and agree the exact figure is beside the point, but the figure is massive. I was hoping admin would at least try to clarify. I'm happy to edit the title down to 100,000 hacked accounts if admin assure me that is much more accurate. 3 admin/mod workload Weather admin lock hacked accounts or leave them in the hackers control, staff workload should not be affected. Any real account holder who finds they are either hacked or locked will have to report to admin to regain control. That will not translate into 100,000's of cases to deal with, only a (very) small % of accounts will genuinely be reclaimed. Many of these hacked accounts are years old, have been dormant for "years", or have never posted. Almost none of these would be genuinely reclaimed, and certainly not all at the same time. But these cases where real people reclaim their accounts will occur either way. Therefore, if these accounts were locked by admin, only the hacker would lose, in most cases. (many thousand of hacked accounts will not need moderating, therefore making time other saving for mods/admin?) If the "real" owner cannot "prove" they own the account, then it is lost. That is true weather admin have locked their account or their account is hacked. In those cases, isn't it clearly better no one has the account, rather than the hacker keeps them all by default. Admin could, considering this problem, be more lenient in allowing "other reasonable" evidence's of ownership, if they wish to facilitate faster repatriation. 4 how to stop it. From what i have seen, which is very limited, the hacked accounts are easily identifiable. Admin should find identifying the vast majority of these hacked accounts no problem. I have previously explained how to find them. A programme could easily be written by admin. When dealing with (even) 100,000 accounts as we are surely seeing here, (awaiting confirmation) they are not "individually" controlled. they necessarily act en mass. That rather helpfully means they leave an activity trail en mass, and can be identified, beyond reasonable doubt in almost all cases, en mass. Without going into every detail, i can assure you that simply saving snapshots of user base activity would create evidence that could be refered to any time in the future. The evidence is the u=#/last active time. (please ask if you need more info, but admin should be able to answer questions equally well) (It would be at least nearly as accurate as my "farmed account" detection accuracy, which is about 100% accurate as far as i am aware) Admin must download all member info NOW, (if not done already) then periodically from now. (just as i asked admin to do, but declined, to help me find farmed accounts) This snap shot will be a safety bank of info. If admin are not even doing this, or do not now do it immediately, they are being negligent, or simply don't care, imo. It would be nice if a link was added by admin to view some spreadsheets of at least "some thousands" of early accounts for members to view and understand. I don't want to dos the forum collecting such info without permission, not if i don't have too! Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: NLNico on March 20, 2017, 04:09:22 AM It's possible that someone got their hands on the old hacked database from May 2015 and decided to actually attempt to get into accounts with info that they gathered from that database. This.A lot of the 2010-2012 accounts do seem to be compromised. In 2012 the site was changed to use a much stronger hashing method for passwords. In 2015 the site was hacked and the database (with password hashes) was leaked. It would make sense that the hashes from early accounts are easily brute-force-able. At this point I would assume that the 2013+ accounts are unrelated though and probably hacked due to re-using passwords on other sites. Overall, I do assume most of those old accounts are newbie accounts (most even by spambots) where the owner didn't login after 2012 (as that would update the password hash.) Basically the potential damage is very limited. He might be able to sell those accounts though. I don't think admins can do too much against it. But if there is a very clear pattern (like all accounts logins from same IP), obvious accounts could just be frozen IMO. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: Lauda on March 20, 2017, 11:57:52 AM Three examples which I've found today (looks like I will have to flush out the trash from Bitmixer earlier this week):
https://bitcointalk.org/index.php?action=profile;u=149006;sa=showPosts;start=40 duuuuude https://bitcointalk.org/index.php?action=profile;u=84987;sa=showPosts;start=40 Gufeng https://bitcointalk.org/index.php?action=profile;u=217246;sa=showPosts;start=40 ajeef It is absolutely disgusting that nothing is seriously being done against this. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: rizzlarolla on March 20, 2017, 07:09:33 PM It's possible that someone got their hands on the old hacked database from May 2015 and decided to actually attempt to get into accounts with info that they gathered from that database. This.A lot of the 2010-2012 accounts do seem to be compromised. In 2012 the site was changed to use a much stronger hashing method for passwords. In 2015 the site was hacked and the database (with password hashes) was leaked. It would make sense that the hashes from early accounts are easily brute-force-able. At this point I would assume that the 2013+ accounts are unrelated though and probably hacked due to re-using passwords on other sites. I estimate around 30%, or 30,000 early accounts, under u=100,000, are hacked. You know the forum was hacked in 2015, yet assume 2013+ accounts are not related? I don't understand this. Anyway, whoever is responsible for hacking multiple thousands of accounts is not as important as weather admin are taking any action against the hacker/s. Quote Overall, I do assume most of those old accounts are newbie accounts (most even by spambots) where the owner didn't login after 2012 (as that would update the password hash.) Basically the potential damage is very limited. He might be able to sell those accounts though. I don't think admins can do too much against it. But if there is a very clear pattern (like all accounts logins from same IP), obvious accounts could just be frozen IMO. Most accounts on the forum are newbie. Most accounts have never been used. So by law of averages, the hacker will hack a fairly equal % of those. Many accounts after 2012 are also hacked. Lauda's list below are 2013 and 2014 accounts. Lauda's previous list was longer and more diverse. I have already provided an example of brand new hacked accounts (old accounts, but never posted) being used to farm reputation/trust, and previously used accounts trying to get into paid campaign's. How can 100,000 accounts be hacked, Mods can't do anything, admin don't respond, and you say "potential damage is very limited - he could sell those accounts"? There is a clear pattern, which could be automated not freezing 1 account at a time. No hacker will just use the same ip. I have explained what can be done. If admin (or yourself) don't understand, they could ask for more details. ------------ Three examples which I've found today (looks like I will have to flush out the trash from Bitmixer earlier this week): All 3 accounts "reactivate" March 18, 2017. All with previous post history ending a year or 2 years ago - "dormant"https://bitcointalk.org/index.php?action=profile;u=149006;sa=showPosts;start=40 duuuuude https://bitcointalk.org/index.php?action=profile;u=84987;sa=showPosts;start=40 Gufeng https://bitcointalk.org/index.php?action=profile;u=217246;sa=showPosts;start=40 ajeef All 3 accounts post in time rota, making 94 shitposts between them, minutes apart, spread over 4 post session's on march 18, Quote It is absolutely disgusting that nothing is seriously being done against this. I've tried to give admin time to respond here, even that is too much bother for them? All that needs doing NOW is as i explained to hilarious, "Without going into every detail, i can assure you that simply saving snapshots of user base activity would create evidence that could be refered to any time in the future." That would take minutes of work for admin, and would preserve all the needed evidence for any future action. To fail to do this is to allow the hacker to slowly cover his tracks, to allow all easy to use evidence to disappear. For admin not to do that simple task would be negligent, even complicit? Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: NLNico on March 21, 2017, 04:56:51 AM I estimate around 30%, or 30,000 early accounts, under u=100,000, are hacked. By stealing the DB, you cannot actually get the passwords, just the password hashes. In 2012 the method of password hashing was changed. So anyone who logged in after that (or registered after that), would have their password hashed in a very secure way. I am too lazy to do the math, but basically the password hashes before that are very easy to crack and after that would take an insane amount of computer calculation.You know the forum was hacked in 2015, yet assume 2013+ accounts are not related? I don't understand this. Most accounts on the forum are newbie. Most accounts have never been used. My point is that the real accounts who were active, still logged in after 2012 automatically causing the password hash to be changed to the much more secure method. That is why I believe most hacked account will be accounts with 0-low posts (former spam bots and other newbies), that never logged in after 2010 - (begin)2012 again. Therefor the damage is relatively limited, but could be used for selling / signature campaigns / maybe somewhat fake reputation / etc, so I do agree it is worth investigating for theymos. Note that the forum already keeps logs and theymos added extra logging methods too, like when the user changes a password: https://bitcointalk.org/seclog.php so IMO he can still do plenty of analyzing.Many accounts after 2012 are also hacked. Lauda's list below are 2013 and 2014 accounts. Lauda's previous list was longer and more diverse. Hacked accounts have always been happening here for many years. Mostly because people re-use passwords on all sites. This means that if a hacker hacks any bitcoin sites (even faucet sites with ton of users), he could use those passwords on this forum. Bitcointalk also always have been the target of phishing attacks, so another way to get hacked.As of now, I don't have very clear proof that 1) hacked newbies accounts from 2010-2012 and 2) hacked accounts after that - are related. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: Lauda on March 21, 2017, 06:26:49 AM Three examples which I've found today (looks like I will have to flush out the trash from Bitmixer earlier this week): All 3 accounts "reactivate" March 18, 2017. All with previous post history ending a year or 2 years ago - "dormant"https://bitcointalk.org/index.php?action=profile;u=149006;sa=showPosts;start=40 duuuuude https://bitcointalk.org/index.php?action=profile;u=84987;sa=showPosts;start=40 Gufeng https://bitcointalk.org/index.php?action=profile;u=217246;sa=showPosts;start=40 ajeef All 3 accounts post in time rota, making 94 shitposts between them, minutes apart, spread over 4 post session's on march 18, ] I've tried to give admin time to respond here, even that is too much bother for them? Looks like nobody really gives a damn about this forum nor the infestation of parasites. :-\Many accounts after 2012 are also hacked. Lauda's list below are 2013 and 2014 accounts. Lauda's previous list was longer and more diverse. Hacked accounts have always been happening here for many years. Mostly because people re-use passwords on all sites. This means that if a hacker hacks any bitcoin sites (even faucet sites with ton of users), he could use those passwords on this forum. Bitcointalk also always have been the target of phishing attacks, so another way to get hacked.Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: rizzlarolla on March 21, 2017, 03:18:02 PM snip Thanks for clarifying Nico. I don't have any real problem with your assessment. You have helped answer possibilities of who and why. I shall bear it in mind. I do see some evidence that accounts under u=100,000 are more affected than accounts over u=100,000. That does not mitigate admin from taking simple action's to counter this. (if they think mass hacked accounts is a bad thing) Let me try to show here how clear this is to detect, and therefore how easy to counter it could be. Let's just look at (some of) 1 day - Feb 19 2017. Lets look at the activity of the first 20 accounts from various round numbers as a sample, so u=1000 - u=1020 https://bitcointalk.org/index.php?action=profile;u=1003 cookie 0 post March 07, 2017, 05:54:51 AM (was feb 19, 12.03pm) God damn, that was feb 19 last i looked, now mar 7 (1002, 1004, 1005, 6, 7, 8, 9, 11, 12, 13, 14, 15, 18, and 1020 "do not exist", so not much to hack there) u=2000 - u=2020 https://bitcointalk.org/index.php?action=profile;u=2003 McKyle025 0 post March 07, 2017, 04:07:31 AM (was feb 19, 12.03pm) https://bitcointalk.org/index.php?action=profile;u=2004 marktaylor142 0 post March 07, 2017, 09:16:18 AM (was feb 19, 12.05pm) https://bitcointalk.org/index.php?action=profile;u=2005 kavindave26 0 post March 07, 2017, 08:01:11 AM (was feb 19, 12.58pm) https://bitcointalk.org/index.php?action=profile;u=2008 celina111 0 post March 07, 2017, 06:55:41 AM (was feb 19, 12.18pm) https://bitcointalk.org/index.php?action=profile;u=2011 reverselockup23 0 post March 07, 2017, 10:31:53 AM (was feb 19, 12.45pm) https://bitcointalk.org/index.php?action=profile;u=2012 nadav001 0 post March 07, 2017, 07:48:42 AM (was feb 19, 12.07pm) https://bitcointalk.org/index.php?action=profile;u=2017 aranaahmed1 0 post March 07, 2017, 08:21:32 AM (was feb 19, 12.05pm) Ok, these were all feb 19 as well, now all mar 7 also. This is exactly why admin need to save "snapshots" of activity of all accounts as i described. (2001, 2002, 6, 13, and 2014 "do not exist") u=3000 - u-3020 https://bitcointalk.org/index.php?action=profile;u=3000 Rai 12 post February 19, 2017, 12:19:35 PM (last post 2011) https://bitcointalk.org/index.php?action=profile;u=3003 v-tim 3 post February 19, 2017, 12:33:30 PM (last post 2011) https://bitcointalk.org/index.php?action=profile;u=3011 tyler123 0 post February 19, 2017, 12:19:50 PM https://bitcointalk.org/index.php?action=profile;u=3019 ngatyeu87 0 post March 01, 2017, 02:43:47 AM (was feb 19, 12.30pm) So most of these are still feb 19. 1 changed, again showing how the evidence is slowly dispersed. (3002, 5, 6, 7, 8, 9, 10, 14, 15, and 2016 "do not exist") u=4000 - u=4020 https://bitcointalk.org/index.php?action=profile;u=4011 brynfrlin 0 post February 19, 2017, 12:28:49 PM https://bitcointalk.org/index.php?action=profile;u=4014 aq8586 0 post February 19, 2017, 12:53:54 PM https://bitcointalk.org/index.php?action=profile;u=4017 menoskedos 0 post February 19, 2017, 12:47:28 PM https://bitcointalk.org/index.php?action=profile;u=4018 qaz22 0 post March 01, 2017, 08:05:16 AM (was feb 19, 12.46pm) Most still show feb 19. 1 change to march 1 same as above list. (4001, 4, 5, 7, 8, 10, 16, 19, 4020 "do not exist") Lets skip 5000 accounts to this list i quoted on previous page, u=9000 - u=9020 https://bitcointalk.org/index.php?action=profile;u=9003 Micro333 0 post February 19, 2017, 01:18:36 PM https://bitcointalk.org/index.php?action=profile;u=9005 Qrr 2 post February 19, 2017, 01:28:59 PM https://bitcointalk.org/index.php?action=profile;u=9009 Trance555 0 post February 19, 2017, 01:28:07 PM https://bitcointalk.org/index.php?action=profile;u=9011 twadsworth 0 post February 19, 2017, 01:16:27 PM https://bitcointalk.org/index.php?action=profile;u=9012 FictionWobbles333 0 post February 19, 2017, 01:27:05 PM https://bitcointalk.org/index.php?action=profile;u=9013 MoodFool333 0 post February 19, 2017, 01:28:08 PM https://bitcointalk.org/index.php?action=profile;u=9014 marish 0 post February 19, 2017, 01:38:06 PM https://bitcointalk.org/index.php?action=profile;u=9015 BlackRunner111 0 post February 19, 2017, 01:15:55 PM https://bitcointalk.org/index.php?action=profile;u=9016 jhallsworth 0 post February 19, 2017, 01:28:12 PM https://bitcointalk.org/index.php?action=profile;u=9020 carter 0 post February 19, 2017, 01:20:13 PM I think these are still correct. And on to u=11000 - u=11020 https://bitcointalk.org/index.php?action=profile;u=11003 breakbank4 0 post March 01, 2017, 06:27:51 AM (was feb 19, 2.08pm) https://bitcointalk.org/index.php?action=profile;u=11007 yashrajskio 0 post February 28, 2017, 10:27:43 PM (was feb 19, 2.08pm) https://bitcointalk.org/index.php?action=profile;u=11008 ronanlepp 0 post February 19, 2017, 02:07:35 PM https://bitcointalk.org/index.php?action=profile;u=11010 jacktralia 0 post February 19, 2017, 01:53:45 PM https://bitcointalk.org/index.php?action=profile;u=11014 ameldajones 0 post February 19, 2017, 02:07:52 PM https://bitcointalk.org/index.php?action=profile;u=11019 slotcar101 0 post February 19, 2017, 01:59:50 PM Couple changed. 1 mar 1st again. Dispersing the evidence. But as i had it recorded, it can never be lost - as theymos can easily do. See how the time frame goes from around 12pm - around 2pm over 11000 accounts, short work! theymos could confirm my "was feb 19" time and date is accurate, if he saved the correct info, and if he could be bothered. So regardless of weather it is 100,000 accounts or "just" 10's of thousands, i hope it is clear how easy it is to spot. This carries on on different dates, 27 January 2017 for example, u=25,000 - u= 25020 https://bitcointalk.org/index.php?action=profile;u=25005 inertiatic 0 post January 27, 2017, 05:50:53 AM https://bitcointalk.org/index.php?action=profile;u=25007 Jepp 0 post January 27, 2017, 06:10:37 AM https://bitcointalk.org/index.php?action=profile;u=25008 bottommaster 0 post January 27, 2017, 06:11:44 AM https://bitcointalk.org/index.php?action=profile;u=25014 basseffekt 0 post January 27, 2017, 05:51:37 AM https://bitcointalk.org/index.php?action=profile;u=25017 badinstincts 0 post January 27, 2017, 05:52:50 AM https://bitcointalk.org/index.php?action=profile;u=25018 pero991 6 post January 27, 2017, 05:59:17 AM (last post 2011) https://bitcointalk.org/index.php?action=profile;u=25019 dragoon1001 0 post January 27, 2017, 05:42:25 AM https://bitcointalk.org/index.php?action=profile;u=25020 MrMaple 1 post January 27, 2017, 05:58:58 AM (last post 2011) And the list goes on and on. The time rota being totally obvious. So after looking at 140 accounts, minus around 40accounts "do not exist", so 100 possible accounts to hack, 42 are hacked here. That equates to around 40% of all early accounts being hacked. (early accounts in this sample) All clear as day. No reason for mods to spout "there is nothing we can do". (i presume admin are saying the same to themselves) theymos must save the data as previously instructed by me (take him a few minutes) or forever be complicit in this. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: Chris! on March 21, 2017, 04:39:27 PM Looks like nobody really gives a damn about this forum nor the infestation of parasites. :-\ I think the problem isn't that no one cares, it's that the people that do care aren't listened to/taken seriously/not important enough to listen to. When is this new forum coming out? I guess it doesn't really matter what the date is at this point because it's been a WIP for so long that the date will most likely be pushed again. Q2 2019 is my guess. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: rizzlarolla on March 21, 2017, 05:19:33 PM Looks like nobody really gives a damn about this forum nor the infestation of parasites. :-\ I think the problem isn't that no one cares, it's that the people that do care aren't listened to/taken seriously/not important enough to listen to. So,the people that do care aren't listened to/taken seriously/not important enough to be listen to, (members) by those who are in position to act seriously, but don't care, and wont listen to or communicate with people less important than themselves. (admin) That is how i read Lauda's post too, between the lines. "nobody (who can do anything about it) really gives a damn about this forum" (at some point my view will turn from admin not giving a damn to instigating or being complicit in this) Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: Lauda on March 23, 2017, 10:49:36 PM That is how i read Lauda's post too, between the lines. "nobody (who can do anything about it) really gives a damn about this forum" You've correctly interpreted my post! Just take a look at the post difference between 2015 and 2017: https://bitcointalk.org/index.php?action=profile;u=159728;sa=showPosts;start=20 Jaccee Sold, hacked, farmed? Seems to be a daily thing in my campaign nowadays. ::) In this case the post quality isn't bad. However, the forum is at the point where I've even stopped reporting the worst offenders knowing that they wouldn't get punished or would just get an absurdly short *warning ban* (i.e. I'd waste my time). After this they usually continue their routine. The best I can do is keep this trash out of Bitmixer && other SMAS campaigns. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: Chris! on March 28, 2017, 02:53:45 PM It looks like we may have a step in the right direction here:
https://bitcointalk.org/index.php?topic=1842839.0 (https://bitcointalk.org/index.php?topic=1842839.0) Maybe someone saw your post and did something about it. Maybe it was a plan the whole time. Who knows since I can't seem to find an announcement of any sort. Check out his trust profile (https://bitcointalk.org/index.php?action=trust;u=357263). Holy crap! Look how many brand new accounts from 2011-2013 are "waking up" this is insane! https://bitcointalk.org/seclog.php (https://bitcointalk.org/seclog.php) Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: freedomno1 on March 28, 2017, 11:38:57 PM Are admin doing anything about this problem? It depends on if the password was changed or not if someone has access to the stake address from this thread they probably could recover without a ransom if you send a signed signature. Assuming they were around to post in 2015 onwards. https://bitcointalk.org/index.php?topic=996318.0 At some point though I presume the new forum will activate cough cough and the issue will resolve been away long enough some progress must have been made in the last year ^^. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: ABitNut on March 29, 2017, 03:26:06 AM It's possible that someone got their hands on the old hacked database from May 2015 and decided to actually attempt to get into accounts with info that they gathered from that database. This.A lot of the 2010-2012 accounts do seem to be compromised. In 2012 the site was changed to use a much stronger hashing method for passwords. In 2015 the site was hacked and the database (with password hashes) was leaked. It would make sense that the hashes from early accounts are easily brute-force-able. At this point I would assume that the 2013+ accounts are unrelated though and probably hacked due to re-using passwords on other sites. Overall, I do assume most of those old accounts are newbie accounts (most even by spambots) where the owner didn't login after 2012 (as that would update the password hash.) Basically the potential damage is very limited. He might be able to sell those accounts though. I don't think admins can do too much against it. But if there is a very clear pattern (like all accounts logins from same IP), obvious accounts could just be frozen IMO. Achow was spot on. The database stolen in 2015 has been made available for sale and that means the data is now spreading more. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: Chris! on March 29, 2017, 04:23:46 PM In ONE day there were 237 accounts that "woke up". The whole hundreds of thousands of hacked accounts has become far too real at this point. Assuming this has been happening for 1 year that would be 86,505 accounts hacked (minus the 5 legitimate 'wake ups'). It looks like the vast majority of them wake up then have their password reset or they have their password recent via email then wake up. A lot of these are newbies or brand new members.
See the seclog on March 28th: Code: March 28, 2017, 11:54:07 PM - jimmydvd - woke up Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: Nemo1024 on March 29, 2017, 09:56:34 PM Just got this alert from my http://haveibeenpwnd.com/ subscription!
You've been pwned! You signed up for notifications when your account was pwned in a data breach and unfortunately, it's happened. Here's what's known about the breach: Email found: -------------- Breach: Bitcoin Talk Date of breach: 22 May 2015 Number of accounts: 501,407 Compromised data: Dates of birth, Email addresses, Genders, IP addresses, Passwords, Security questions and answers, Usernames, Website activity Description: In May 2015, the Bitcoin forum Bitcoin Talk was hacked and over 500k unique email addresses were exposed. The attack led to the exposure of a raft of personal data including usernames, email and IP addresses, genders, birth dates, security questions and MD5 hashes of their answers plus hashes of the passwords themselves. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: dacueba on March 30, 2017, 12:52:47 PM It looks like we may have a step in the right direction here: https://bitcointalk.org/index.php?topic=1842839.0 (https://bitcointalk.org/index.php?topic=1842839.0) Maybe someone saw your post and did something about it. Maybe it was a plan the whole time. Who knows since I can't seem to find an announcement of any sort. Check out his trust profile (https://bitcointalk.org/index.php?action=trust;u=357263). Holy crap! Look how many brand new accounts from 2011-2013 are "waking up" this is insane! https://bitcointalk.org/seclog.php (https://bitcointalk.org/seclog.php) How long will the message appear in the trust page? And I assume the wake up will appear in the security log, right? Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: Chris! on March 30, 2017, 04:36:30 PM It looks like we may have a step in the right direction here: https://bitcointalk.org/index.php?topic=1842839.0 (https://bitcointalk.org/index.php?topic=1842839.0) Maybe someone saw your post and did something about it. Maybe it was a plan the whole time. Who knows since I can't seem to find an announcement of any sort. Check out his trust profile (https://bitcointalk.org/index.php?action=trust;u=357263). Holy crap! Look how many brand new accounts from 2011-2013 are "waking up" this is insane! https://bitcointalk.org/seclog.php (https://bitcointalk.org/seclog.php) How long will the message appear in the trust page? And I assume the wake up will appear in the security log, right? I'm assuming 30 days like the changed email/password alerts but I can't find too much information on it. Yes it's in the seclog (https://bitcointalk.org/seclog.php). Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: rizzlarolla on March 30, 2017, 08:05:45 PM It looks like we may have a step in the right direction here: https://bitcointalk.org/index.php?topic=1842839.0 (https://bitcointalk.org/index.php?topic=1842839.0) Maybe someone saw your post and did something about it. Maybe it was a plan the whole time. Who knows since I can't seem to find an announcement of any sort. Check out his trust profile (https://bitcointalk.org/index.php?action=trust;u=357263). Holy crap! Look how many brand new accounts from 2011-2013 are "waking up" this is insane! https://bitcointalk.org/seclog.php (https://bitcointalk.org/seclog.php) So now all can see, yet can do nothing. The numbers are too vast for members to log/avoid/be wary of, and will clearly overrun the forum should they not be locked by default. It should be clear by now how easy it is to identify these accounts, and locking could easily be automated. Does anyone else think admin should let us know their plan of action, if they have a plan of action. Or is it up to members to log and tag 100,000 accounts one by one, which is basically impossible without admin assistance. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: Chris! on March 30, 2017, 10:06:38 PM It looks like we may have a step in the right direction here: https://bitcointalk.org/index.php?topic=1842839.0 (https://bitcointalk.org/index.php?topic=1842839.0) Maybe someone saw your post and did something about it. Maybe it was a plan the whole time. Who knows since I can't seem to find an announcement of any sort. Check out his trust profile (https://bitcointalk.org/index.php?action=trust;u=357263). Holy crap! Look how many brand new accounts from 2011-2013 are "waking up" this is insane! https://bitcointalk.org/seclog.php (https://bitcointalk.org/seclog.php) So now all can see, yet can do nothing. The numbers are too vast for members to log/avoid/be wary of, and will clearly overrun the forum should they not be locked by default. It should be clear by now how easy it is to identify these accounts, and locking could easily be automated. Does anyone else think admin should let us know their plan of action, if they have a plan of action. Or is it up to members to log and tag 100,000 accounts one by one, which is basically impossible without admin assistance. It just feels like too little too late. I'm sure there are days with way more than 237 accounts that are waking up (aka: hacked) so how the hell are we ever supposed to catch up to them and tag 200+ accounts a day with no automation? It's impossible for us. I don't know about you but I can't go through the seclog and manually tag thousands of accounts a day to catch up to a never ending stream of hacked accounts. You just know the hackers squeal with glee when they hack a high ranked account or better yet an account with green trust so they can scam. I highly doubt all of these accounts would be used to spam, Maybe some to shill but I'd have to assume you'd just create thousands of accounts rather than try to hack thousands of accounts for that. What's going to happen when bitcointalk reaches it's 1 million member? Congratulations on 950,000 hacked accounts + 50,000 legit ones. Seems a lot like how the Chinese were trading bitcoins and fiat back and forth with no fees to show a huge volume on their exchanges. What to do now... Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: rizzlarolla on March 31, 2017, 07:16:54 PM It looks like we may have a step in the right direction here: https://bitcointalk.org/index.php?topic=1842839.0 (https://bitcointalk.org/index.php?topic=1842839.0) Maybe someone saw your post and did something about it. Maybe it was a plan the whole time. Who knows since I can't seem to find an announcement of any sort. Check out his trust profile (https://bitcointalk.org/index.php?action=trust;u=357263). Holy crap! Look how many brand new accounts from 2011-2013 are "waking up" this is insane! https://bitcointalk.org/seclog.php (https://bitcointalk.org/seclog.php) So now all can see, yet can do nothing. The numbers are too vast for members to log/avoid/be wary of, and will clearly overrun the forum should they not be locked by default. It should be clear by now how easy it is to identify these accounts, and locking could easily be automated. Does anyone else think admin should let us know their plan of action, if they have a plan of action. Or is it up to members to log and tag 100,000 accounts one by one, which is basically impossible without admin assistance. It just feels like too little too late. I'm sure there are days with way more than 237 accounts that are waking up (aka: hacked) so how the hell are we ever supposed to catch up to them and tag 200+ accounts a day with no automation? It's impossible for us. I don't know about you but I can't go through the seclog and manually tag thousands of accounts a day to catch up to a never ending stream of hacked accounts. You just know the hackers squeal with glee when they hack a high ranked account or better yet an account with green trust so they can scam. I highly doubt all of these accounts would be used to spam, Maybe some to shill but I'd have to assume you'd just create thousands of accounts rather than try to hack thousands of accounts for that. What's going to happen when bitcointalk reaches it's 1 million member? Congratulations on 950,000 hacked accounts + 50,000 legit ones. Seems a lot like how the Chinese were trading bitcoins and fiat back and forth with no fees to show a huge volume on their exchanges. What to do now... In my post on last page i exampled accounts logging-in in rota on Feb 19. I assume this was their "wake up" If you take my random samples as an average, around 3000 accounts "woke up" on that day, all between u=0 and u=10,000. i have previously posted instructions on how admin can preserve all necessary evidence for all time, or prove themselves negligent. so admin should know the real figures and dates. What other internet site would not even respond to "concerned" members on such a relevant topic. What to do now? Like you said, not much we can do unaided. Am i supposed to just STFU, again? Chris, you seem like a genuine, seemingly rational individual. Why would admin not even respond, yet have time to start a thread about how many hits their farmed/hacked accounts are shilling on their list of scam coins? Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: Lauda on March 31, 2017, 07:59:35 PM In my post on last page i exampled accounts logging-in in rota on Feb 19. I assume this was their "wake up" I would argue that the "wake up" is actually useless and a 'fake' gesture. It doesn't do anything besides confirming what we already knew; it doesn't help the admins either as it is trivial for them to detect this.What to do now? Like you said, not much we can do unaided. What did they tell you the last time, 'find a new hobby' or something?Am i supposed to just STFU, again? Chris, you seem like a genuine, seemingly rational individual. Why would admin not even respond, yet have time to start a thread about how many hits their farmed/hacked accounts are shilling on their list of scam coins? You're asking the real questions.Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: not.you on April 01, 2017, 12:46:10 AM So when was this data breach? I think I changed my password like a year ago or so, do I need to change it again?
Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: Chris! on April 01, 2017, 01:03:51 AM It looks like we may have a step in the right direction here: https://bitcointalk.org/index.php?topic=1842839.0 (https://bitcointalk.org/index.php?topic=1842839.0) Maybe someone saw your post and did something about it. Maybe it was a plan the whole time. Who knows since I can't seem to find an announcement of any sort. Check out his trust profile (https://bitcointalk.org/index.php?action=trust;u=357263). Holy crap! Look how many brand new accounts from 2011-2013 are "waking up" this is insane! https://bitcointalk.org/seclog.php (https://bitcointalk.org/seclog.php) So now all can see, yet can do nothing. The numbers are too vast for members to log/avoid/be wary of, and will clearly overrun the forum should they not be locked by default. It should be clear by now how easy it is to identify these accounts, and locking could easily be automated. Does anyone else think admin should let us know their plan of action, if they have a plan of action. Or is it up to members to log and tag 100,000 accounts one by one, which is basically impossible without admin assistance. It just feels like too little too late. I'm sure there are days with way more than 237 accounts that are waking up (aka: hacked) so how the hell are we ever supposed to catch up to them and tag 200+ accounts a day with no automation? It's impossible for us. I don't know about you but I can't go through the seclog and manually tag thousands of accounts a day to catch up to a never ending stream of hacked accounts. You just know the hackers squeal with glee when they hack a high ranked account or better yet an account with green trust so they can scam. I highly doubt all of these accounts would be used to spam, Maybe some to shill but I'd have to assume you'd just create thousands of accounts rather than try to hack thousands of accounts for that. What's going to happen when bitcointalk reaches it's 1 million member? Congratulations on 950,000 hacked accounts + 50,000 legit ones. Seems a lot like how the Chinese were trading bitcoins and fiat back and forth with no fees to show a huge volume on their exchanges. What to do now... *Adjusts tinfoil hat* I am seemly rational aren't I? I don't know. I just don't understand it. I'm looking into that post you mentioned now to understand the context of your post. So when was this data breach? I think I changed my password like a year ago or so, do I need to change it again? 2015 so you should be fine. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: kenesu on April 01, 2017, 09:40:12 AM Have you noticed the growing number of hacked accounts reported? The hacker is asking fubly for bitcoin to return his account, saying he bought the account for twice the price he is asking from fubly, here https://bitcointalk.org/index.php?topic=1702720.0 Where else have i seen that happen recently, oh yes, GreenBits account here, https://bitcointalk.org/index.php?topic=1785972.40 Or ashapasa's account, turned into a slave account alongside nine other hacked accounts i identified here. (all wearing same sig, getting paid?) https://bitcointalk.org/index.php?topic=1821083.msg18157257#msg18157257 One of those accounts is getting fake credibility here, https://bitcointalk.org/index.php?topic=1823355.msg18174976#msg18174976 I even had a hacked account, JohnybBigs, troll me, giving trust to Lauda and Timelord2067 to endear itself to those members, hell, even the OP of that thread is probably hacked here https://bitcointalk.org/index.php?topic=1733765 Thousands of accounts appear to have been hacked recently. Admin will know the true figure, i assume. You can see for yourselves. Click on this member, https://bitcointalk.org/index.php?action=profile;u=9011 see the last active march 1st 2017. Then click on u=9012, 9013, 9014,..... Try any u=number under 100000. More explanation here, https://bitcointalk.org/index.php?topic=1702409.msg17974610#msg17974610 This hack has been anticipated for a while now, do admin have a planned response? Are admin doing anything about this problem? this is really serious problem and need to be attended. I guess they must add additional security here. example 4 combination of numbers to avoid hacking of account :-X Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: Chris! on April 01, 2017, 02:30:56 PM OMG :o this is really serious problem and need to be attended. I guess they must add additional security here. example 4 combination of numbers to avoid hacking of account :-X I'm assuming you're talking about 2FA. The problem is that older accounts are getting hacked so 2FA still wouldn't be set up on them. It seems like a lot of emails must be hacked with the accounts too if you look at the seclog so essentially it'd be useless for this particular problem. It would be good for us though. I heard the new forum should have it. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: alexius89-2 on April 03, 2017, 03:51:43 AM Mine got hacked as well, any idea what to do? I do not receive any email to create a new password...
actual account: https://bitcointalk.org/index.php?action=profile;u=96934 Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: Lauda on April 14, 2017, 09:58:56 AM This is really annoying:
https://bitcointalk.org/index.php?action=profile;u=92798;sa=showPosts;start=40 https://bitcointalk.org/index.php?action=profile;u=162087;sa=showPosts;start=40 https://bitcointalk.org/index.php?action=profile;u=161195;sa=showPosts;start=40 https://bitcointalk.org/index.php?action=profile;u=90490;sa=showPosts;start=40 https://bitcointalk.org/index.php?action=profile;u=136967;sa=showPosts;start=0 It is very clear that the same person/group of people are behind these hacked accounts. It is also a possibility that they are using a bot to spam these one liners. However, Bitcointalk staff doesn't do anything. Maybe they will receive a 7 day ban. ::) Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: Chris! on April 15, 2017, 07:51:46 PM It is very clear that the same person/group of people are behind these hacked accounts. It is also a possibility that they are using a bot to spam these one liners. However, Bitcointalk staff doesn't do anything. Maybe they will receive a 7 day ban. ::) There are so many obvious things that should be done. Hacked accounts get banned until the original owner can prove it's theirs. All accounts that didn't change their passwords after 2015 get locked until confirmed (via a script obviously. Log in with the same IP = unlocked). Why do the mods keep these massive spam threads open still? If there are 1000 answers over a month the OP obviously doesn't care if you think gambling is good or bad anymore or if you think satoshi will ever be found. I find that I see less spammers because I just don't look at those threads. They all flock to them because it's so easy to blend in and spam. I'm sure there are better ideas too but that's what I've come up with off the top of my head. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: cybermods1 on April 16, 2017, 07:26:18 PM my account was hacked just the other day with no password or email change notifications.
my original was cybermods Iv contacted admins with zero response. I had no idea there was a breach in 2015. Im more of a casual lurker and posting maybe 1 or 2 times a month. With this many accounts getting hacked and the utter clusterf@ck of account spamming on the forums you would think something would be done. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: rizzlarolla on April 18, 2017, 08:16:33 PM my account was hacked just the other day with no password or email change notifications. my original was cybermods Iv contacted admins with zero response. I had no idea there was a breach in 2015. Im more of a casual lurker and posting maybe 1 or 2 times a month. With this many accounts getting hacked and the utter clusterf@ck of account spamming on the forums you would think something would be done. I see your account still posting today, scam selling thread. Couldn't call him out, thread is kept locked. Your account is part of an admin lead hack, imo. What other possible reason would they allow 100,000 hacked accounts - easily detectable as i previously explained - free to scam/shill/sig (1000 of their farmed accounts were previously left in ruins https://bitcointalk.org/index.php?topic=1670807.0 ) Why else would "admin" allow 100,000 accounts to activate and not even respond to members on this issue! (or the mass farmed account issue) Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: shirazteam110 on July 19, 2017, 12:18:23 PM My account also hack just few hour before !
https://bitcointalk.org/index.php?action=profile;u=878718 Lets see if Admin can help to recover it Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: nanfeiyan on July 22, 2017, 01:54:18 PM my main account wenwen has been hacked 07.20.2017,I can't find my old BTC wallet,now I have to wait for reply from administrator.
Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: xtraelv on August 17, 2018, 09:38:33 PM I believe that this is the main cause of the hacked accounts (phished)
https://bitcointalk.org/index.php?topic=4426885.msg39499059#msg39499059 Warning - unsafe links mentioned --> thebitcointalk.net and bitcointalk.to are scam phishing sites <-- Warning - unsafe links mentioned Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: hilariousetc on August 18, 2018, 11:48:22 AM I believe that this is the main cause of the hacked accounts (phished) https://bitcointalk.org/index.php?topic=4426885.msg39499059#msg39499059 Warning - unsafe links mentioned --> thebitcointalk.net and bitcointalk.to are scam phishing sites <-- Warning - unsafe links mentioned The main cause has already been established and that's due to the forum being hacked. People have just brute-forced the leaked password hashes that can be bought online very cheaply now. Anyone who didn't change their password after the leak is susceptible to being hacked. If you had a weak password then that's how they lost their account. Any other lost accounts are usually lost to downloading malware from here in the forum of things infected alt coin wallets, bitcoin doublers and visiting dodgy bitcoin sites and so on, then the rest are probably due to falling victim to phishing. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: mapuche33 on August 18, 2018, 02:15:32 PM My account AvenG (https://bitcointalk.org/index.php?action=profile;u=67153/) has also been hacked recently, I already started a thread following all the requirements here (https://bitcointalk.org/index.php?topic=4832256.0). Still waiting reply from Admins.
I believe that this is the main cause of the hacked accounts (phished) https://bitcointalk.org/index.php?topic=4426885.msg39499059#msg39499059 Warning - unsafe links mentioned --> the[Suspicious link removed] are scam phishing sites <-- Warning - unsafe links mentioned The main cause has already been established and that's due to the forum being hacked. People have just brute-forced the leaked password hashes that can be bought online very cheaply now. Anyone who didn't change their password after the leak is susceptible to being hacked. If you had a weak password then that's how they lost their account. Any other lost accounts are usually lost to downloading malware from here in the forum of things infected alt coin wallets, bitcoin doublers and visiting dodgy bitcoin sites and so on, then the rest are probably due to falling victim to phishing. If the hacking cause has already been identified what the hell the Theymos / Cyrus are waiting for to address it then fix it ??. it is not a matter if we the users have a "weak password" it is a matter of how the admins store our passwords because they shouldn't store the passwords themselves, they could hire Google, Amazon or any other service to handle user authentication. If they dislike trusting 3rd parties then they should follow some tutorial about hashing + salting , this way the hacker couldn't brute force the database. Using a strong hashing algorithm combined with another complicated salting algorithm should be incredible difficult to hack, not to mention if they enable 2FA to all of us. This way even those phishing sites wouldn't catch us. Here some video about the subject: YouTube (https://youtu.be/8ZtInClXe1Q) hope someone shares it to them. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: edwardceng on August 18, 2018, 02:46:06 PM Quote If the hacking cause has already been identified what the hell the Theymos / Cyrus are waiting for to address it then fix it ??. I'm sure they are thinking about it and have a solution to overcome this, but the problem is the lack of communication.Quote it is not a matter if we the users have a "weak password" it's a problem, members must have a strong password at least this makes hackers have difficulty in carrying out the action.Quote they could hire Google, Amazon or any other service to handle user authentication. I think Theymos will not use their services because there is sensitive data that must be shared.Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: mapuche33 on August 18, 2018, 03:58:54 PM I'm sure they are thinking about it and have a solution to overcome this, but the problem is the lack of communication. What makes you so sure? +3 years from 2015 db leak, none solutions to this major problem yet except saying that they made announcements.. advising users to take precautions. Their role is not telling us what to do rather deliver the solution themselves. Sure they lack of communication because they suck, they should lead a team to perform the tasks they dislike or don''t have time for. it's a problem, members must have a strong password at least this makes hackers have difficulty in carrying out the action. Alright then tell them to create some basic script to check how strong the chosen password is!. I encourage you to register a new account picking a dumb password like '123456password' you'll see the system doesn't acknowledge it as a vulnerability.. it is a joke! I invite you to try it yourself. The hackers can recognize the same hashes of those users that picked the same password, try searching on google those hashes yourself you will realize how silly this is. Try this: https://hashkiller.co.uk/ (https://hashkiller.co.uk/) I think Theymos will not use their services because there is sensitive data that must be shared. ok, then they should become proficient at handling the user database themselves making it secure with the described method above. Which they already demonstrated are not even concerned, for them everything seems to be "fine" or "nothing can be done". They don't care about our requests nor suggestions neither, just take a look on the Meta board to realize how many proposals get ignored and even criticized by ignorant plebs. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: hilariousetc on August 18, 2018, 04:37:48 PM If the hacking cause has already been identified what the hell the Theymos / Cyrus are waiting for to address it then fix it ??. it is not a matter if we the users have a "weak password" it is a matter of how the admins store our passwords because they shouldn't store the passwords themselves, they could hire Google, Amazon or any other service to handle user authentication. If they dislike trusting 3rd parties then they should follow some tutorial about hashing + salting , this way the hacker couldn't brute force the database. Using a strong hashing algorithm combined with another complicated salting algorithm should be incredible difficult to hack, not to mention if they enable 2FA to all of us. This way even those phishing sites wouldn't catch us. Here some video about the subject: YouTube (https://youtu.be/8ZtInClXe1Q) hope someone shares it to them. They fixed it. They can't do anything about those that didn't change their passwords, but there are auto-lock features for accounts that have remained long-dormant and suddenly reactivate. And trusting a third party is how the passwords were lost. The hacker gained access via the hosting service by social engineering. The passwords were also hashed and salted, but those with weak passwords were bruteforced and broken over time. There's more about the hack at the following link with what happened: https://bitcointalk.org/index.php?topic=1067985.msg11445725#msg11445725 Also, several 2-fa options will be available on the new forum software. There has been a sort of 2f option implemented here though in that now you can lock your account via an email once the details have been changed. It's not ideal but it's better than nothing. Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: TalkStar on August 18, 2018, 04:54:45 PM Hacking accounts has already been an rising issue worldwide. Not only bitcointalk accounts hacked but also many crypto currency exchanges hacked and hackers steal big amount of BTC & ETH. Most of the time hackers use phising site link to make entry to the account. Nowadays DDOS attack also been popular. Its another way to disable website security. Many sites integrated many security options to get rid of hacking such as 2fa with sending codes to users email and some are using mobile phone verification method too. But honestly if an user care little about phising site before login to their account and make a regular routine to change password.
Title: Re: Hundreds of thousand of bitcointalk accounts hacked Post by: edwardceng on August 18, 2018, 04:55:42 PM Quote Alright then tell them to create some basic script to check how strong the chosen password is! If this's a suggestion, then a good to apply in a forum by adding information about the password used when registering. Maybe trusted members (hilariousetc) like you can discuss (PM) with theymos about this. |