Show Posts
|
Pages: [1] 2 »
|
Thank you! Email sent, fingers crossed. Happy new year!
|
|
|
One more nudge. More than a year has passed now.
|
|
|
I wonder why your compromised Full Member account theta with only -2 red trust reports to be Last Active on: November 23, 2017, 05:37:28 PM . What made the spammer abbandon it ? Hi, I'm not sure I understand the question, but the last activity is in Nov 23, 2017 because that's when I locked the account. I did it immediately as soon as I received the notification that my password was changed, as I mentioned that in the very beginning of this thread. So it's not that the hacker abandoned it, it's that it's locked and can't access it themselves. Either way, I just ignored your hacked account (however not sure if my current rank makes any difference) once you manage to recover your account you'll have to sign another message to confirm it, so I can remove my red trust. I believe starting a red trust campaign on those hacked accounts who has been reported + verified successfully will cause a significantly harm on those scammers who bought your hacked account for spamming / shady purposes.
I guess you are referring to a case where a hacker uses a hacked account successfully for a long period, in which case reducing their trust would compromise their strategy. In my case the hacker didn't even manage to post a single message because I locked the account immediately. I would love to have my account back and remove the red trust and go back to where we were. Perhaps as we approach the 1 year anniversary, a moderator will help me recover it!
|
|
|
bump can someone please take a look?
|
|
|
theta1's signed message is good. I verified it before, but I do not see the other thread it was in. Probably removed because of this thread. Hopefully someone can look into this soon, and the many other accounts like this. It would be nice if the forum would allow a "team" of volunteers to work on this issue. I'd sign up for it, and try to clear some space on this board.
Thank you. Is any mod watching please?
|
|
|
Yes, indeed. I have however already signed the required message with an address that was shown in my profile, as you can see from the discussion in this thread. I have sent the signed message to Theymos and Cyrus, and have received no response yet. I will wait for longer, while hoping that another mod /admin will help with action being taken to restore my account.
|
|
|
Yes, brute force very likely, aided by very bad forum design, in that they allow a user to change the account's registered email address without requiring approval by the old email or at least giving the option to reject the change! If it weren't for that the hack would be fruitless, as the rightful owner could easily change the password back (whereas right now the only defence is to lock the account).
|
|
|
Bump Can someone please look into this?
|
|
|
Once either Cyrus or Theymos reset the account, please let us know how the notification process work... Do they reply to our PM or do we periodically check the email address we asked them to reset to? Thank you for the clarification!
You will receive a PM that simply says: UNLOCKED. That's all I received when mine was unlocked last month. My account wasn't hacked so, it could also contain simple instruction for keeping your account safe. Was that a PM in the new account?
|
|
|
Bump Hope a mod will have a look Thanks for verifying the message. Can you please clarify what you mean regarding the date. 2017.11.24 is the day after the hack. I received the email about my account's email address and password change on Thu, Nov 23, 2017 at 5:35 PM (GMT), then followed the instructions to lock my account, created this new account and posted this thread on the same day, and then I tried to find a btc address linked to me. I found the one you posted as well, and signed it on November 24th (the following day). Is there something else that I need to do?
Sorry - that was a typo, and is fixed now. FWIW, I believe you've satisfied the requirements for recovery, the archived address goes back to 2013, so it's enough proof. Cyrus or theymos are the only two that can recover the account though, and it can take some time. If you have sent messages to both, waiting is your only next step. Thank you. That's fine, I can wait, I just don't want to lose the account. I assume it remains locked until further action is taken by the mods?
|
|
|
Thanks for verifying the message. Can you please clarify what you mean regarding the date. 2017.11.24 is the day after the hack. I received the email about my account's email address and password change on Thu, Nov 23, 2017 at 5:35 PM (GMT), then followed the instructions to lock my account, created this new account and posted this thread on the same day, and then I tried to find a btc address linked to me. I found the one you posted as well, and signed it on November 24th (the following day). Is there something else that I need to do?
Sorry - that was a typo, and is fixed now. FWIW, I believe you've satisfied the requirements for recovery, the archived address goes back to 2013, so it's enough proof. Cyrus or theymos are the only two that can recover the account though, and it can take some time. If you have sent messages to both, waiting is your only next step. Thank you. That's fine, I can wait, I just don't want to lose the account. I assume it remains locked until further action is taken by the mods?
|
|
|
Message was signed and verified in PM, signed message was dated "2017.11.24" which appears to be before the suspected hack. I've left feedback to alert others. -----BEGIN BITCOIN SIGNED MESSAGE----- My account theta has been hacked. Please reset the email to <omitted for privacy>. The current date is 2017.11.24. -----BEGIN SIGNATURE----- 1DUFbqqEf8PeH2ZpKf7ovLWpVLMh6urP63 G3Ze1Ug1KQy2rjt972Wrx8a7JhB6ykUHcV2AUyUUOqRhU02ufgJylGyIWSRykq6wf/BX19zqMXeRVN4zVtLdIFA= -----END BITCOIN SIGNED MESSAGE-----
Thanks for verifying the message. Can you please clarify what you mean regarding the date. 2017.11.24 is the day after the hack. I received the email about my account's email address and password change on Thu, Nov 23, 2017 at 5:35 PM (GMT), then followed the instructions to lock my account, created this new account and posted this thread on the same day, and then I tried to find a btc address linked to me. I found the one you posted as well, and signed it on November 24th (the following day). Is there something else that I need to do?
|
|
|
YES! This is the address I signed and sent the signed message to Cyrus and Theymos in PM. I'll send it to you too (in about 6 minutes that I will be allowed to with this new account) edit: it's 1 hour actually, not 6 minutes, so I'll send you the PM later. edit2: there's another limit, of 2 PMs a day, so your PM with the signed message (that 4 other people including Theymos and Cyrus already have) will arrive later tonight.
|
|
|
Καλησπέρα. Μόλις είδα όλες τις απαντήσεις. Συμφωνώ με τον bomber ότι κάποιος μπορείς να αλλάξει το post σου. Αυτό που δε μπορώ να καταλάβω είναι γιατί επιτρέπουν σε κάποιον να αλλάξει το email address ενός account χωρίς απαίτηση για επιβεβαίωση (ή έστω δικαίωμα άρνησης εντός ενός χρονικού ορίου) από τον ιδιοκτήτη του αρχικού email. Αυτό έγινε στη δική μου περίπτωση. Εντός ολίγων λεπτών έλαβα 2 email, ένα άλλαξε το email address και στο καπάκι το password (είδα και τα δύο email την ίδια στιγμή χωρίς φυσικά να προλάβω να μπω ενδιάμεσα, το μόνο που μπορούσα να κάνω είναι να κλειδώσω το λογαριασμό). Θα μπορούσε κάλλιστα να σε ενημερώνει ότι ζήτησες αλλαγή email address. Αν θες την επιβεβαιώνεις αμέσως, ή την ακυρώνεις, και αν δεν κάνεις τίποτα από τα δύο εντός Χ χρόνου (1 μέρα ή 1 βδομάδα π.χ.) τότε αυτόματα προχωράει η αλλαγή. Αυτό επιτρέπει αποτροπή hacking και επίσης recover account όπου έχεις χάσει την πρόσβαση στο email σου.
|
|
|
Earlier today I received an email saying that the email address of my bitcointalk account (theta) was changed, and then another one saying that my password was changed. The only option available was to lock the account and then try to recover it. I did lock it and then checked the instructions for recovery ( https://bitcointalk.org/index.php?topic=497545.0). They require signing a bitcoin address or a PGP key that was previously mentioned and therefore is known to belong to the account holder. The problem is I haven't publicly disclosed either so according to these instructions I can't recover my account. I find this hard to believe. First of all, how come an email address change is allowed without confirmation or at the very least time-locking from the previous email address? And how come I can't recover it now, again by returning ownership to the original email address? There must be another way to recover it. What shall I do?
|
|
|
|