Bitcoin Forum

Some people on here claimed that there BTT account got hacked or stolen I want to ask how this is possible, before someone can hack your account they need to get access to your email account right? If I am wrong can someone tell me how I can avoid this at all cost? .....

Make sure you aren't clicking on any phishing link, use a password which is combined of Capital and small letter, number and special character. Of course, avoid using common password. You are fine if you follow this.

A common phishing method-
People will send you message here saying they have responded in your topic/post and share link. Link will be seen as simple and from bitcointalk but the link inside is a phishing site.

A link can also be sent you in a PM, if you click on the link, it would take you to a fake bitcointalk login page. If you enter you email and password, the hacker would know both and would be used to compromise your bitcointalk account.

To keep you account safe:
Use a strong password
Avoid the link I explained up there
Read this: Tips on how to keep your Bitcointalk forum account safe. (https://bitcointalk.org/index.php?topic=5415461.msg61035839#msg61035839)
Always check your IP logs (https://bitcointalk.org/myips.php)

It is not only by having access to your email that hackers can hack your account. There are many methods, but majority of hacked account was when the bitcointalk itself was hacked or hijacked, many people lost their account then.

Also you can lose your account by phishing bait, by clicking another link to login to a malicious website thinking it's btt.

Again your username is "Tamedbeast", a hacker can try to login your account by guessing random passwords like "TamedBtt" "Beast1234" "BeastTamed" and could be lucky if you use weak and guess able passwords.

You have to be privacy conscious even offline when using your phone close to friends or untrested people too.

Try learn how to protect your account, there's a bunch threads in this forum already explain it, just use google search to find it.

In short, if you want to protect your account, you can follow this few guide:
1. Sign a message from your non custodial wallet.
2. Hide your email address from public.
3. Make sure your account in this forum and email have different password.
4. Create strong password with various combination and use 2FA (if possible).
5. Regularly change your password every month.

It's not necessary a hacker needs to access your email in able to hack your account(assuming BTT changing password procedure doesn't change) since it only needs to determine your username and password here to access your account to change password and email. You will just have a notification on email to that you change your account details and have a time to recover it using the email but it's nonsense if the account being hacked is not active anymore.

Most of the account being are dormant account which hacker being target by brute forcing it. Having a 2FA and strong security password is the best way to protect your forum account aside from the basic security knowledge mention above by other user.

If they wanted to own that bitcointalk account then yes, and changed the email to their own a message will be send to the original email used to create the account.

To avoid that then make sure you keep your email associated with it safe and far from malicious sites that can steal your account details. Also to retrieve that account the only way is to have a signed bitcoin message that you own so even your details got stolen, as long as you can prove the authencity of that then they will gave your account back.

Two mandatory steps to do for account safety.

Different passwords for all different accounts. Don't resue any password on many platforms.

It should be set up for email that you use to register your account.

Because forum account can be hacked by a password reset via email. If you email is hacked, your forum account will be hacked by password reset via email.

If you are not sure that you can protect your email safely, you can use a non existing email address. So your forum account can not be hacked via email. If you do this, you have to do the first step, signing a message that is helpful for account recovery later.

Good advice but not enough. When you change your password, make sure they (old and new passwords) don't have anything related to each other, don't have any template format like "MyforumpasswordSeptember2022" and "MyforumpasswordOctober2022".

Make sure to use a special Browser and also a special Email that has not been used anywhere, also make sure to turn off the visibility of your email on the forum through the forum settings.
Example, me. I use only chrome browser for my account and nothing else. I do all my browsing on firefox browser but when it comes to logging into my Bitcointalk account, I only use chrome. I do this to avoid clicking some phishing sites that may compromise my password.  For my account email, I don't bother my self about my mail box since am awear am not expecting any email because I don't use the email any were.

I have looked at your profile. You are not acting on your own advice :). Or do you suggest changing the password in the mail every month? I think it's too vain. 
If my password consists of 15-20 or more characters, including all characters and letters in different cases, the probability of cracking the password is reduced to nothing. Another thing is how I store this password. This is more important. 
Also on topic, OP, there's a thread where Lafu catches all sorts of malware on the forum. You can just read it and see how accounts can be hacked. In addition, you will learn a good lesson: you should not trust the promises of profit and follow different links.

Report Malware and Suspicious Links here so Mods can take Action ! (https://bitcointalk.org/index.php?topic=5182222.msg52373139#msg52373139)

Sign a message with your Bitcoin address and post it on this forum there is a thread dedicated to that purpose once you post the sign message from your wallet and post it here any time your account get hijacked by hacker you can report it here and sign a message using that sae address and moderatoer whelp tpu recover your account.

There is nothing special about the forum, you will have the same level of security as if you secured social media accounts (perhaps less due to the lack of features of two-factor authentication)

But even hackers do not try to steal newbie accounts because it does not provide any additional advantage to them.

So creating account with strogn password, hide your email a,d sign a message will be enough.

Thats not true , just remember when the flood of Fake Anns with Malware downloads was ongoing , or the hackers posted there stuff in the Phoenixminer thread.
Mostly they havnt cared about what Account or rank they got hacked , just for getting the Malware spread wherever they can.

Check every link or download link here on the Forum (and also everywhere else) 2 or 3 times before click it or downloading something.
So there is a few ways that you can get hacked maybe the following links can be also informative for you .

PM links in Discord Deskt. client can steal your Password ,Cryptocurrencies ! (https://bitcointalk.org/index.php?topic=5256348.0)
Guide and advice for new Users before you Download anything from the Forum ! (https://bitcointalk.org/index.php?topic=5167236.0)

Yeah I know, I'm regularly changing my password on the other sites, not in this forum because my password is already strong enough and almost impossible to get hacked. Another thing I don't like my history got recorded, it's just my personal reason.

However I think all of my suggestion are correct and it doesn't harm any users if they're following my advice.

There's will be a lot small to tiny thing that can help keep our accounts safe, but it doesn't need to be mentioned since it's similar like how you protect your money from anyone else.

There is no single universal solution to avoid getting hacked, but general rule is not clicking any links in private messages you receive.
Hiding your email address is also a good idea, and you can sign a message with Electrum wallet to prove ownership of your bitcoin address.
You can bookmark bitcointalk forum page in your browser, to avoid getting tricked with fake log in phishing attack.
 

Exactly as long as members of this forum avoid clicking on phishing links and logging in from different devices and browsers.
Securing the account with strong password will be enough to protect one forum account, the rate of accounts hack have reduced significantly lately and this is because members of this forum are becoming more aware of the many tricks that hacker employer to steal personal log in details, so member are becoming more pro active in security and how to better protect their social media accounts including this forum.

You got some suggestions on how to keep safe your account on Bttalk, I would suggest that stake your bitcoin address, which you certainly have access to (private key of course). it may not save your account from being hacked, but it will definitely help you recover your account in case a hack does happen.
Here is a thread: Stake your Bitcoin address here (https://bitcointalk.org/index.php?topic=996318.11620)

Some people don't use valid email to create the account of bitcointalk in their newbies stage, so i believe that is one of things that grant permission of penetrating someone account, or you exposed your email in your profile, so it's can be easily be hacked by breaking into the email. So it's good for someone to create account with valid email address so that if the email is been tampered a notification will be received.

A strong proof of ownership is this stake Bitcoin address, just sign a message of the stake address and your hacked account will be back in a short period of time.  Always checking your IP logs as above said was also very helpful to monitor your account if the hacker won't change your password after hacking but in this very rare case, most of the time they will change your password.

It's our diligence to always keep safe our account, I've been here for how many years and I never change even once my password but I know my account is safe, sometimes being paranoid of our account security, the high chances that it will be lost or hacked.

It's probably the inactive or abandoned accounts that are primarily targeted by hackers. So we wouldn't know whether old accounts that have now waken up after a long period of inactivity are already hacked and probably sold to another person. Unless the posting style is too noticeably different, it might not easily be detected.

Hacking active accounts would only disappoint the hackers as the owner could easily create a new one and alert the entire community about the incident. The original account could be retrieved. Until then, it could be red-tagged.

like that. member sign up with a random email. then they replace it with a valid email.
but for the case of the bounty hunter account, it doesn't seem too much of a problem.

We don't know how hackers started taking over other people's accounts. but if that happens, I think the forum has provided a rule for us to reclaim our hacked account.

The problem is, as @Darker45 said, most hackers target accounts that have been inactive for a long time. if the email used is linked to a mobile device, the owner may get a notification. but if you have lost access to email, that will make it difficult.

But there are sometimes one  might have network connection problem, either from the network providers or from climate (weather), so he might use a trusted friend device to login to the forum.

It is not good or advice to use another person who is not trusted or familiar device to login to your email or any other sites you are using. I have seen a friend hacked a friend sister Facebook account. Because she login to his phone and checked something.

Hackers hacked accounts from links sent to them in mostly. Don't click those links you social media accounts or your email addresses. Avoid showing your password to people (cyber cafe operators) to do something for you because you are in hurry.

There are several ways through which one can secure their account from being hacked, and I will just mention a few, though I believe most of it have been mentioned by other users...
1. Secure your email account with a very strong password, if possible, activate 2fa on your account.
2. Secure your bitcointalk account with a very strong password as well.
3. Maintain the habit of accessing your bitcointalk account from one browser, on both your computer and mobile phone, this is keep you logged in for as long as you are active, anytime you open a site, and the site looks like Bitcointalk and asked you to enter your login details again, you can easily know its a phishing site that wants to steal your bitcointalk login information.
4. Avoid clicking wild links, especially links that are shortened, without any description of what or where the link leads to.
5. Keep your bitcointalk account away from your friends and family, give no one access to your account.
6. Keep your phone or computer locked when not in use, and also make sure they are free from viruses, malicious softwares, etc.
And lastly...
7. If your bitcointalk account is so important to you, then guide and protect it with your life, after all, remember the proverb... where a man's treasure is, there is his heart.

The only problem with this approach is if the forum did have an event which required users to recover their accounts without their password, these users might be stuck. Especially, if they haven't staked an address or have any other adequate proof of ownership.

Although, there are definitely pros of going this route. Privacy being the obvious one, but it could potentially add security in certain ways. However, I tend to think from a security stand point it's better to have an email, and make sure that email is secured, than to reduce the attack vector, but lose some of the convenience of account recovery.

Not sometimes, some members declare their account got hacked by a buyer who didn't pay him. Yes, he gives all the details to the buyer, including password, email, and even private key on sign message (https://bitcointalk.org/index.php?topic=996318.0), and after giving at all, the buyer went never come back to the seller. then a seller declare here to tell a lie he was hacked.