Thank you! Email sent, fingers crossed. Happy new year!

bump

One more nudge. More than a year has passed now.

Hi,
I'm not sure I understand the question, but the last activity is in Nov 23, 2017 because that's when I locked the account. I did it immediately as soon as I received the notification that my password was changed, as I mentioned that in the very beginning of this thread. So it's not that the hacker abandoned it, it's that it's locked and can't access it themselves.

I guess you are referring to a case where a hacker uses a hacked account successfully for a long period, in which case reducing their trust would compromise their strategy. In my case the hacker didn't even manage to post a single message because I locked the account immediately.
I would love to have my account back and remove the red trust and go back to where we were. Perhaps as we approach the 1 year anniversary, a moderator will help me recover it! 

bump

bump
can someone please take a look?

bump

Thank you. Is any mod watching please?

Yes, indeed. I have however already signed the required message with an address that was shown in my profile, as you can see from the discussion in this thread. I have sent the signed message to Theymos and Cyrus, and have received no response yet. I will wait for longer, while hoping that another mod /admin will help with action being taken to restore my account.

Bump

Yes, brute force very likely, aided by very bad forum design, in that they allow a user to change the account's registered email address without requiring approval by the old email or at least giving the option to reject the change! If it weren't for that the hack would be fruitless, as the rightful owner could easily change the password back (whereas right now the only defence is to lock the account).

Bump
Can someone please look into this?

Was that a PM in the new account?

Bump
Hope a mod will have a look

Thank you. That's fine, I can wait, I just don't want to lose the account. I assume it remains locked until further action is taken by the mods?

Thanks for verifying the message. Can you please clarify what you mean regarding the date.
2017.11.24 is the day after the hack. I received the email about my account's email address and password change on Thu, Nov 23, 2017 at 5:35 PM (GMT), then followed the instructions to lock my account, created this new account and posted this thread on the same day, and then I tried to find a btc address linked to me. I found the one you posted as well, and signed it on November 24th (the following day).
Is there something else that I need to do?

PM sent last night

YES!
This is the address I signed and sent the signed message to Cyrus and Theymos in PM.
I'll send it to you too (in about 6 minutes that I will be allowed to with this new account)
edit: it's 1 hour actually, not 6 minutes, so I'll send you the PM later.
edit2: there's another limit, of 2 PMs a day, so your PM with the signed message (that 4 other people including Theymos and Cyrus already have) will arrive later tonight.

Καλησπέρα.
Μόλις είδα όλες τις απαντήσεις.
Συμφωνώ με τον bomber ότι κάποιος μπορείς να αλλάξει το post σου. Αυτό που δε μπορώ να καταλάβω είναι γιατί επιτρέπουν σε κάποιον να αλλάξει το email address ενός account χωρίς απαίτηση για επιβεβαίωση (ή έστω δικαίωμα άρνησης εντός ενός χρονικού ορίου) από τον ιδιοκτήτη του αρχικού email. Αυτό έγινε στη δική μου περίπτωση. Εντός ολίγων λεπτών έλαβα 2 email, ένα άλλαξε το email address και στο καπάκι το password (είδα και τα δύο email την ίδια στιγμή χωρίς φυσικά να προλάβω να μπω ενδιάμεσα, το μόνο που μπορούσα να κάνω είναι να κλειδώσω το λογαριασμό).
Θα μπορούσε κάλλιστα να σε ενημερώνει ότι ζήτησες αλλαγή email address. Αν θες την επιβεβαιώνεις αμέσως, ή την ακυρώνεις, και αν δεν κάνεις τίποτα από τα δύο εντός Χ χρόνου (1 μέρα ή 1 βδομάδα π.χ.) τότε αυτόματα προχωράει η αλλαγή. Αυτό επιτρέπει αποτροπή hacking και επίσης recover account όπου έχεις χάσει την πρόσβαση στο email σου.

Earlier today I received an email saying that the email address of my bitcointalk account (theta) was changed, and then another one saying that my password was changed.
The only option available was to lock the account and then try to recover it.
I did lock it and then checked the instructions for recovery (https://bitcointalk.org/index.php?topic=497545.0). They require signing a bitcoin address or a PGP key that was previously mentioned and therefore is known to belong to the account holder.
The problem is I haven't publicly disclosed either so according to these instructions I can't recover my account.
I find this hard to believe.
First of all, how come an email address change is allowed without confirmation or at the very least time-locking from the previous email address? And how come I can't recover it now, again by returning ownership to the original email address?
There must be another way to recover it. What shall I do?