Bitcoin Forum

Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

My question: How come it seems so easy to hack BCT accounts?? What gives??

I think the reasons are:

• The breach you mention, combined with users not changing their password after that happened
• Very poor passwords. Most of the times it's the users' fault. A strong password (32+ chars, easily achieved with password managers) changed once in a while should make very secure accounts
• Lack of 2FA. I hope it gets implemented soon. It's not difficult at all

I got the same question since everyone's posting about their account was allegedly hacked. But most probably(just my opinion) those accounts were:

1.
2. Victims of phishing links (e.g. https://bitcointalk.org/index.php?topic=2846517.0)
3. Victims of phishing sites (e.g. sites that are identical to the forum https://bitcointalk.org/index.php?topic=2841740.0)
4. Their negligence, giving their pw to their accounts or maybe even a hint to it. Although this may seem dumb, but it's the realiylty.[/list]

I agree with what EcuaMobi put forth there, and I've always considered that people here are greedy enough--and plain stupid enough--to fall for phishing links and malicious downloads.  We've all seen people figuratively killing each other for a task that pays 5000 satoshis or something ridiculous.  Idiots are willing to do just about anything for bitcoin, so it doesn't surprise me in the least that a lot of people are getting their password pockets picked.  

But yeah, lately it's been crazy in meta with all the threads about getting hacked.  You'd think people would learn, but no.

Oh no! oops sorry i forgot to add https://www.tomsguide.com/us/how-to-protect-bitcoins,news-26260.html this reference link that i got. thank you for reminding me or pointing that out.

The breach is all  the  problem, add to it phising links sent by newbie accounts to old members, accounts hashes can still be purchased on the dark web, based on what I've find on google.

Did you forget to include the source for those aswell? ::)

Original: https://www.buybitcoinworldwide.com/wallets/set-up/

Original: https://cryptopotato.com/9-must-tips-securing-crypto-wallet/

Original: http://time.com/money/4623650/bitcoin-invest/

I believe there is even more examples. But I'm too lazy to look for them and those "few" examples should be enough, right?

@OP: I know that I'm a little off topic but I didn't want to create a new thread just for this. Sorry :P. Btw, can anymore tell me where should I post cases like this one? Should I just create a new thread in the Meta/Reputation board or there is any "copy/pasting users" mega thread like there is for the "known alts"?

Interesting. I changed my password to what I thought was a strong password generated using https://passwordsgenerator.net/ which 'should' be good enough.

I guess I should have changed it more often, but has there been another breach that we don't know of, OR could it be that the site is constantly being breached so no account is really safe?

Roll on 2FA!

Other suggestions that come into my mind:

Install Noscript on your browser.
Even better sandbox your browser while surfing on unknown sites https://www.sandboxie.com/
Or even better consider to install a virtual machine to split your browsing activity into safe and unsafe (you surf to bitcointalk, bank accounts, exchanges, etc only on the safe side)
Even better use https://www.qubes-os.org/ as OS.

2FA it's really necessary nowadays... I hope they will implement it soon..

I'll check it out. Thanks for the advice

There are several main reasons why there are so many hacked accounts. First of all, many users are using same short, easy to remember passwords on every website. It's convenient to use, but such passwords are very weak. Passwords should be more complex. It has to be longer, with random numbers and special symbols like @,#,$,฿ and similar.
People aren't careful. They clicking phishing links, downloading stuff from suspicious websites and they getting keylogger in this way.
Offcourse, lack of 2FA doesn't helps to protect accounts. But as I read in past, it's very difficult to integrate Google 2FA to bitcointalk. But even if 2FA would be implemented, I'm sure that there still will be many people who will not use because they think "it won't happen to my, my password is strong enough.
My account was also hacked in past, but luckily, admin restored it. I've used strong password on Bitcointalk but it didn't helped. The problem was that that hacker was able to login to my email account (I used really weak password and no 2FA). It was not problem on Bitcointalk side and I had to blame only myself that my account was hacked.

If you want to report this user maybe you could use the thread of LoyceV about users copy pasting, I have seen some other users making their reports there, but just in case ask LoyceV if it is OK to post your reports there. This is the link.

https://bitcointalk.org/index.php?topic=1926895

Most of the people are lazy with passwords. Hackers simple bruteforce the usernames with com only used passwords.

 Here in forums, the usernames are open to the public, so it will be very easy for attackers to hack someone else account easily unless users keep a unique password for every account ( some users keep same passwords for every site). if people use the same password for every site registrations then it would be easy for attackers.

and it would be a good idea if bitcointalk forums provide a nickname option ( so that the username won't be public and it would be difficult for intruders to do any bruteforce or other social engineering techniques).

Thanks

I use base keyword and combination of numbers and special characters.
So, password is different for each sites but also easy to remember.

I am uncomfortable with most autogenerated passwords as they are too complicated
and can't remember when logging in from different device. It's a headache. So, I only use
them for sites that I rarely need to login like cpanel and others.

In the end you have to use autofill option in your browser for it.

Also these days when creating registering most sites will not accept passwords unless they are very strong
combination of special characters, numbers and mix of capitalization.

Not a web developer but I think it's easy to implement the same password system
on this forum.

 

it is not easy , maybe it is the negligence of the owner that is why his or her account will hack , maybe also he is transacting people giving his own acct , the bottomline for me is the negligence .

The other reason that i see is that the weakness of the password that the owner used .

I have realy many accounts which using simple password with 1 word, it's about 200+ and no one of them never have been hacked

i had an account for years with a super long password with symbols and everything and it still got hacked.....not much I could do but lock it RIP.

You have been just lucky so far. Using 1 password for multiple websites is the worst thing. If one sites database gets leaked your password to multiple websites will be leaked and you will be prone to hacks.
I would suggest rather use some password Manger like lastpass and use unique passwords for each website.

Nothing is protect meldtown and spectre attack,even virtual machine.

What about libreboot laptops certified by the Free Software Foundation?
https://tehnoetic.com/
https://store.vikings.net/x200-ryf-certfied

edit It is still unclear if they are affected or not.