Bitcoin Forum

Other => Meta => Topic started by: The_Tribesman on January 31, 2018, 02:22:57 AM



Title: Why is it so easy to hack BitcoinTalk accounts??
Post by: The_Tribesman on January 31, 2018, 02:22:57 AM
Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

My question: How come it seems so easy to hack BCT accounts?? What gives??


Title: Re: Why is it so easy to hack BitcoinTalk accounts??
Post by: EcuaMobi on January 31, 2018, 02:57:31 AM
Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

My question: How come it seems so easy to hack BCT accounts?? What gives??
I think the reasons are:
  • The breach you mention, combined with users not changing their password after that happened
  • Very poor passwords. Most of the times it's the users' fault. A strong password (32+ chars, easily achieved with password managers) changed once in a while should make very secure accounts
  • Lack of 2FA. I hope it gets implemented soon. It's not difficult at all


Title: Re: Why is it so easy to hack BitcoinTalk accounts??
Post by: Thirio on January 31, 2018, 03:53:19 AM
    Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

    My question: How come it seems so easy to hack BCT accounts?? What gives??
    I got the same question since everyone's posting about their account was allegedly hacked. But most probably(just my opinion) those accounts were:

    1.
    The breach you mention, combined with users not changing their password after that happened

    2. Victims of phishing links (e.g. https://bitcointalk.org/index.php?topic=2846517.0)
    3. Victims of phishing sites (e.g. sites that are identical to the forum https://bitcointalk.org/index.php?topic=2841740.0)
    4. Their negligence, giving their pw to their accounts or maybe even a hint to it. Although this may seem dumb, but it's the realiylty.[/list]


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: The Pharmacist on January 31, 2018, 04:11:12 AM
    I agree with what EcuaMobi put forth there, and I've always considered that people here are greedy enough--and plain stupid enough--to fall for phishing links and malicious downloads.  We've all seen people figuratively killing each other for a task that pays 5000 satoshis or something ridiculous.  Idiots are willing to do just about anything for bitcoin, so it doesn't surprise me in the least that a lot of people are getting their password pockets picked.  

    But yeah, lately it's been crazy in meta with all the threads about getting hacked.  You'd think people would learn, but no.


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: desklamp on January 31, 2018, 04:32:29 AM
    The price of a single bitcoin surged to more than $17,000 in early December, and (for now) it is still going up. But cryptocurrency isn't quite like other assets, and Bitcoin and other cryptocurrencies are surprisingly easy to steal. They're also not always easy to protect.
    You forgot to include the source of your out-dated copy/paste:
    https://www.tomsguide.com/us/how-to-protect-bitcoins,news-26260.html
    Oh no! oops sorry i forgot to add https://www.tomsguide.com/us/how-to-protect-bitcoins,news-26260.html this reference link that i got. thank you for reminding me or pointing that out.


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: AfterTheFork on January 31, 2018, 04:34:07 AM
    Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

    My question: How come it seems so easy to hack BCT accounts?? What gives??

    The breach is all  the  problem, add to it phising links sent by newbie accounts to old members, accounts hashes can still be purchased on the dark web, based on what I've find on google.


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: TryNinja on January 31, 2018, 05:13:53 AM
    The price of a single bitcoin surged to more than $17,000 in early December, and (for now) it is still going up. But cryptocurrency isn't quite like other assets, and Bitcoin and other cryptocurrencies are surprisingly easy to steal. They're also not always easy to protect.
    You forgot to include the source of your out-dated copy/paste:
    https://www.tomsguide.com/us/how-to-protect-bitcoins,news-26260.html
    Oh no! oops sorry i forgot to add https://www.tomsguide.com/us/how-to-protect-bitcoins,news-26260.html this reference link that i got. thank you for reminding me or pointing that out.
    Did you forget to include the source for those aswell? ::)

    A “wallet” is basically the Bitcoin equivalent of a bank account. It allows you to receive bitcoins, store them, and then send them to others. There are two main types of wallets. A hot wallet is one that you install on your own computer or mobile device. You are in complete control over the security of your coins, but since they are on a device that is connected to the internet they are less secure. The second type of wallet is a hardware wallet. They maintain high levels of security to protect your coins by storing your coins offline. Offline storage keeps your coins and ata out of reach from hackers.
    Original: https://www.buybitcoinworldwide.com/wallets/set-up/

    It seems that nearly every day there’s another report of a major hacking. And as the number of hacks increase, consumer desires for security increase as well. Blockchain is the model of internet security, that doesn’t produce a fully secure system for users. There are a number of important safety and security practices that can help to protect your private keys and therefore protect your funds.
    first it is wise to find a wallet with security measures beyond the normal wallet providers. Some wallets are now using encryption to protect the private keys. Users should always have at least two digital wallets. One wallet should be used for trading and transactional purposes, and the other wallet should be used to store savings and be kept in a secure location. This type of wallet must be a cold storage wallet. In anyway, a backup of the private keys have to be stored safely offline. This two safety tips can help you to avoid hacking your wallet.
    Original: https://cryptopotato.com/9-must-tips-securing-crypto-wallet/

    Some people don`t have enough knowledge when talking about bitcoin, they see bitcoin as an online game because they know that the value of bitcoin may goes down or goes up.Those sudden ups and downs would be bad news for them. Although bitcoin had a more than 100% return on investment in 2016, it’s also five times more volatile than the S&P 500, So for them bitcoin is an “an extremely risky investment.” they are fear that they cant get a big payday that they were hoping for.
    Original: http://time.com/money/4623650/bitcoin-invest/

    I believe there is even more examples. But I'm too lazy to look for them and those "few" examples should be enough, right?

    @OP: I know that I'm a little off topic but I didn't want to create a new thread just for this. Sorry :P. Btw, can anymore tell me where should I post cases like this one? Should I just create a new thread in the Meta/Reputation board or there is any "copy/pasting users" mega thread like there is for the "known alts"?


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: The_Tribesman on January 31, 2018, 08:57:42 AM
    Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

    My question: How come it seems so easy to hack BCT accounts?? What gives??
    I think the reasons are:
    • The breach you mention, combined with users not changing their password after that happened
    • Very poor passwords. Most of the times it's the users' fault. A strong password (32+ chars, easily achieved with password managers) changed once in a while should make very secure accounts
    • Lack of 2FA. I hope it gets implemented soon. It's not difficult at all
    Interesting. I changed my password to what I thought was a strong password generated using https://passwordsgenerator.net/ which 'should' be good enough.

    I guess I should have changed it more often, but has there been another breach that we don't know of, OR could it be that the site is constantly being breached so no account is really safe?

    Roll on 2FA!


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: xxxgoodgirls on January 31, 2018, 11:24:52 AM
    Other suggestions that come into my mind:

    Install Noscript on your browser.
    Even better sandbox your browser while surfing on unknown sites https://www.sandboxie.com/
    Or even better consider to install a virtual machine to split your browsing activity into safe and unsafe (you surf to bitcointalk, bank accounts, exchanges, etc only on the safe side)
    Even better use https://www.qubes-os.org/ as OS.


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: pablito1989 on January 31, 2018, 11:29:18 AM
    2FA it's really necessary nowadays... I hope they will implement it soon..


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: The_Tribesman on January 31, 2018, 12:38:09 PM
    Other suggestions that come into my mind:

    Install Noscript on your browser.
    Even better sandbox your browser while surfing on unknown sites https://www.sandboxie.com/
    Or even better consider to install a virtual machine to split your browsing activity into safe and unsafe (you surf to bitcointalk, bank accounts, exchanges, etc only on the safe side)
    Even better use https://www.qubes-os.org/ as OS.

    I'll check it out. Thanks for the advice


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: LTU_btc on January 31, 2018, 12:54:34 PM
    There are several main reasons why there are so many hacked accounts. First of all, many users are using same short, easy to remember passwords on every website. It's convenient to use, but such passwords are very weak. Passwords should be more complex. It has to be longer, with random numbers and special symbols like @,#,$,฿ and similar.
    People aren't careful. They clicking phishing links, downloading stuff from suspicious websites and they getting keylogger in this way.
    Offcourse, lack of 2FA doesn't helps to protect accounts. But as I read in past, it's very difficult to integrate Google 2FA to bitcointalk. But even if 2FA would be implemented, I'm sure that there still will be many people who will not use because they think "it won't happen to my, my password is strong enough.
    My account was also hacked in past, but luckily, admin restored it. I've used strong password on Bitcointalk but it didn't helped. The problem was that that hacker was able to login to my email account (I used really weak password and no 2FA). It was not problem on Bitcointalk side and I had to blame only myself that my account was hacked.


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: Silberman on January 31, 2018, 06:13:56 PM

    I believe there is even more examples. But I'm too lazy to look for them and those "few" examples should be enough, right?

    @OP: I know that I'm a little off topic but I didn't want to create a new thread just for this. Sorry :P. Btw, can anymore tell me where should I post cases like this one? Should I just create a new thread in the Meta/Reputation board or there is any "copy/pasting users" mega thread like there is for the "known alts"?

    If you want to report this user maybe you could use the thread of LoyceV about users copy pasting, I have seen some other users making their reports there, but just in case ask LoyceV if it is OK to post your reports there. This is the link.

    https://bitcointalk.org/index.php?topic=1926895


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: lukyanli on February 02, 2018, 09:53:06 AM
    Most of the people are lazy with passwords. Hackers simple bruteforce the usernames with com only used passwords.


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: White-Grey-Black on February 03, 2018, 11:39:07 AM
     Here in forums, the usernames are open to the public, so it will be very easy for attackers to hack someone else account easily unless users keep a unique password for every account ( some users keep same passwords for every site). if people use the same password for every site registrations then it would be easy for attackers.

    and it would be a good idea if bitcointalk forums provide a nickname option ( so that the username won't be public and it would be difficult for intruders to do any bruteforce or other social engineering techniques).

    Thanks


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: smilyfaith on February 03, 2018, 01:35:00 PM
    I use base keyword and combination of numbers and special characters.
    So, password is different for each sites but also easy to remember.

    I am uncomfortable with most autogenerated passwords as they are too complicated
    and can't remember when logging in from different device. It's a headache. So, I only use
    them for sites that I rarely need to login like cpanel and others.

    In the end you have to use autofill option in your browser for it.

    Also these days when creating registering most sites will not accept passwords unless they are very strong
    combination of special characters, numbers and mix of capitalization.

    Not a web developer but I think it's easy to implement the same password system
    on this forum.

     


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: AmazingDynamo on February 03, 2018, 02:23:42 PM
    Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

    My question: How come it seems so easy to hack BCT accounts?? What gives??

    it is not easy , maybe it is the negligence of the owner that is why his or her account will hack , maybe also he is transacting people giving his own acct , the bottomline for me is the negligence .

    The other reason that i see is that the weakness of the password that the owner used .


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: mrscourge on February 03, 2018, 06:16:57 PM
    Most of the people are lazy with passwords. Hackers simple bruteforce the usernames with com only used passwords.
    I have realy many accounts which using simple password with 1 word, it's about 200+ and no one of them never have been hacked


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: lucky7GamingWannaRecover on February 03, 2018, 07:57:41 PM
    i had an account for years with a super long password with symbols and everything and it still got hacked.....not much I could do but lock it RIP.


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: jtipt on February 04, 2018, 03:08:54 AM
    Most of the people are lazy with passwords. Hackers simple bruteforce the usernames with com only used passwords.
    I have realy many accounts which using simple password with 1 word, it's about 200+ and no one of them never have been hacked
    You have been just lucky so far. Using 1 password for multiple websites is the worst thing. If one sites database gets leaked your password to multiple websites will be leaked and you will be prone to hacks.
    I would suggest rather use some password Manger like lastpass and use unique passwords for each website.


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: sxafir on February 04, 2018, 07:13:28 AM
    Other suggestions that come into my mind:

    Install Noscript on your browser.
    Even better sandbox your browser while surfing on unknown sites https://www.sandboxie.com/
    Or even better consider to install a virtual machine to split your browsing activity into safe and unsafe (you surf to bitcointalk, bank accounts, exchanges, etc only on the safe side)
    Even better use https://www.qubes-os.org/ as OS.

    Nothing is protect meldtown and spectre attack,even virtual machine.


    Title: Re: Why is it so easy to hack BitcoinTalk accounts??
    Post by: xxxgoodgirls on February 05, 2018, 04:11:18 PM
    Other suggestions that come into my mind:

    Install Noscript on your browser.
    Even better sandbox your browser while surfing on unknown sites https://www.sandboxie.com/
    Or even better consider to install a virtual machine to split your browsing activity into safe and unsafe (you surf to bitcointalk, bank accounts, exchanges, etc only on the safe side)
    Even better use https://www.qubes-os.org/ as OS.

    Nothing is protect meldtown and spectre attack,even virtual machine.

    What about libreboot laptops certified by the Free Software Foundation?
    https://tehnoetic.com/
    https://store.vikings.net/x200-ryf-certfied

    edit It is still unclear if they are affected or not.