|
Title: Blockchain.info "Authorize log-in attempt" Post by: Melbustus on April 24, 2013, 10:03:25 PM I just received a number of emails saying that there was an attempt to log-in to my blockchain.info account (from IPs very far away from me). The email noted that someone may know my wallet identifier. No money has been moved, so I assume my PW is safe, but what are the possible ways someone other than myself can know my wallet identifier given that I've never posted it anywhere?
Title: Re: Blockchain.info "Authorize log-in attempt" Post by: casperorchids on April 24, 2013, 10:11:00 PM the identifier can also be your account name, so maybe you used a name like I do casperorchids, it happened to me, but they couldn't get past the password
Title: Re: Blockchain.info "Authorize log-in attempt" Post by: gILisH on April 24, 2013, 10:16:30 PM I just got the same notifications
Title: Re: Blockchain.info "Authorize log-in attempt" Post by: shibaji on April 24, 2013, 10:18:29 PM It is fine and usual if you use same username. It also tests your 2FA and gives you confidence ;D - now may be I can go and type a few random forum user names and creep them out ;) j/k
Title: Re: Blockchain.info "Authorize log-in attempt" Post by: Melbustus on April 24, 2013, 10:29:22 PM It is fine and usual if you use same username. It also tests your 2FA and gives you confidence ;D - now may be I can go and type a few random forum user names and creep them out ;) j/k Heh... Yeah. I do not have 2-factor on that wallet, though (it's just a "spending" wallet)... My question about 2-factor with blockchain: What happens if you lose your Yubikey and simultaneously blockchain.info disappears? They say somewhere in their FAQ that if you lose your Yubikey, you have to email them to get a "2 factor auth reset" or something, which sounds to me like you're dependent on either having your Yubikey, or Blockchain.info being alive and well. Personally, what I like about Blockchain is the convenience combined with NOT having to depend on them in any way. Seems like the 2-factor adds dependance. Is that correct? Title: Re: Blockchain.info "Authorize log-in attempt" Post by: matthewh3 on April 24, 2013, 10:31:22 PM It is fine and usual if you use same username. It also tests your 2FA and gives you confidence ;D - now may be I can go and type a few random forum user names and creep them out ;) j/k Heh... Yeah. I do not have 2-factor on that wallet, though (it's just a "spending" wallet)... My question about 2-factor with blockchain: What happens if you lose your Yubikey and simultaneously blockchain.info disappears? They say somewhere in their FAQ that if you lose your Yubikey, you have to email them to get a "2 factor auth reset" or something, which sounds to me like you're dependent on either having your Yubikey, or Blockchain.info being alive and well. Personally, what I like about Blockchain is the convenience combined with NOT having to depend on them in any way. Seems like the 2-factor adds dependance. Is that correct? The wallet can be recreated from the backups they send you without 2FA. The 2FA is only on there website and not on the private keys they send you for backups. Title: Re: Blockchain.info "Authorize log-in attempt" Post by: Melbustus on April 24, 2013, 10:32:55 PM It is fine and usual if you use same username. It also tests your 2FA and gives you confidence ;D - now may be I can go and type a few random forum user names and creep them out ;) j/k Heh... Yeah. I do not have 2-factor on that wallet, though (it's just a "spending" wallet)... My question about 2-factor with blockchain: What happens if you lose your Yubikey and simultaneously blockchain.info disappears? They say somewhere in their FAQ that if you lose your Yubikey, you have to email them to get a "2 factor auth reset" or something, which sounds to me like you're dependent on either having your Yubikey, or Blockchain.info being alive and well. Personally, what I like about Blockchain is the convenience combined with NOT having to depend on them in any way. Seems like the 2-factor adds dependance. Is that correct? The wallet can be recreated from the backups they send you without 2FA. The 2FA is only on there website and not on the private keys they send you for backups. Gotchya, thanks. Title: Re: Blockchain.info "Authorize log-in attempt" Post by: greyhawk on April 24, 2013, 10:33:21 PM It is fine and usual if you use same username. It also tests your 2FA and gives you confidence ;D - now may be I can go and type a few random forum user names and creep them out ;) j/k Heh... Yeah. I do not have 2-factor on that wallet, though (it's just a "spending" wallet)... My question about 2-factor with blockchain: What happens if you lose your Yubikey and simultaneously blockchain.info disappears? They say somewhere in their FAQ that if you lose your Yubikey, you have to email them to get a "2 factor auth reset" or something, which sounds to me like you're dependent on either having your Yubikey, or Blockchain.info being alive and well. Personally, what I like about Blockchain is the convenience combined with NOT having to depend on them in any way. Seems like the 2-factor adds dependance. Is that correct? You really should enable 2FA. People have been reporting blockchain-accounts without 2FA being compromised for weeks. 3 weeks ago someone was trying to get into mine all day everyday for about a week. Title: Re: Blockchain.info "Authorize log-in attempt" Post by: shibaji on April 24, 2013, 11:17:41 PM ... aaaaaaaand with that note, blockchain address lookup is down. ;D
Title: Re: Blockchain.info "Authorize log-in attempt" Post by: yokosan on April 27, 2013, 07:49:51 AM Have been getting a LOT of these recently.
Starting to think a database leak may have occurred and is doing the rounds somewhere. Title: Re: Blockchain.info "Authorize log-in attempt" Post by: shibaji on April 27, 2013, 07:52:50 AM There has been horrible hacks recently on blockchain.info while 2FA and 2 passwords were on. Suspects are android app and java/xss vulnerability, with more weight on the later. Turn off your java in browser pronto.
I have requested security feature increase in piuk's thread. Let's see what happens. Title: Re: Blockchain.info "Authorize log-in attempt" Post by: shawshankinmate37927 on April 27, 2013, 10:23:30 AM There has been horrible hacks recently on blockchain.info while 2FA and 2 passwords were on. Suspects are android app and java/xss vulnerability, with more weight on the later. Turn off your java in browser pronto. I have requested security feature increase in piuk's thread. Let's see what happens. Doesn't have to be one or the other, it could be more than just one vulnerability that's been getting exploited. At this point, there doesn't seem to be a single common factor shared by all the victims. Title: Re: Blockchain.info "Authorize log-in attempt" Post by: shibaji on April 27, 2013, 08:56:33 PM There has been horrible hacks recently on blockchain.info while 2FA and 2 passwords were on. Suspects are android app and java/xss vulnerability, with more weight on the later. Turn off your java in browser pronto. I have requested security feature increase in piuk's thread. Let's see what happens. Doesn't have to be one or the other, it could be more than just one vulnerability that's been getting exploited. At this point, there doesn't seem to be a single common factor shared by all the victims. Yes there is. Read piuk's last note. The common factor was java enabled browser. |