I want to see how different users got hacked, then we can differentiate the pattern and procedure these hackers do.
This could be a serious problem so I would greatly appreciate any help from users who were hacked or know someone who was hacked.
It would be great if you guys can share with us your experience then I would edit this first post and quote those experiences. I also suggest make the "experience part" as short and as simple as possible too.
Thanks!
EDIT:
Here are some of community replies.
Reuse of credentials is likely the most common reason, combined with the lack of 2FA offered on the forum. There are many database breaches (I believe BitcoinTalk also had one in 2015) from many notable sites that people may have had an account on. They would have used the same credentials on BitcoinTalk, and a hacker would have gone through the list of leaked account info and tried it against BitcoinTalk.
I think because of phishing sites like Bitcointalk.to
if you are not careful, you will believe that the domain Bitcointalk.to is the same with Bitcointalk.org but they are different!
if you are not careful, you will believe that the domain Bitcointalk.to is the same with Bitcointalk.org but they are different!
Users are not just nicknames in the computer world. They "consist" at least of:
- themselves (the real persons who sleep, eat etc);
- their devices (PCs, phones, laptops, tablets, smart TVs
- ways to connect their devices to bitcointalk.org server or any-other-Internet-server (routers, WiFis, DNS etc);
- public Internet-services related to themselves and bitcointalk.org or any-other-Internet-service.
And almost any of these can be vulnerable.
Themselves. Root of evil in most cases. Here we've got:
- weak passwords (only lazybones didn't mention the weak passwords);
- passwords we use for different services (for example, identical password for facebook and for bitcointalk.org, so if facebook account gets hacked, it's highly possible that bitcointalk.org gets hacked too);
- many fine human qualities like stupidity, nonchalance, curiosity and inattention: passwords written on piece of paper and then sticked to monitors to be shown on youtube-video; "indifference" to URLs of sites where people plan to work with money (phishing, yes); irrepressible aspiration to read messages from tax service that tax service never sends; desire to tell everyone that you're
(I'm sure I didn't mention them all.)
Their devices. Here we've got:
- poorly protected operation systems: because you need to use Qubes OS but continue to use outdated and unconfigured Windows HP - or because you start everything with "root" privileges
- viruses, malwares, keyloggers and other "gifts" for antivirus-free machines (and for users who like to download the super-files from cool site letshackeverythingdotcom);
-
(I'm sure I didn't mention them all.)
Methods and devices to connect. Here we've got:
- our IPs;
- leaky cheap routers;
- sincere third-party workers who come to configure our leaky cheap routers;
- curious neighbors (or curious neighbors' children) who decided to check if they're good hackers or not;
- public WiFi's, which curious neighbors and their curious children use to check if they at least can "listen" to something that doesn't have a password;
- poorly protected devices connected to home networks.
(I'm sure I didn't mention them all.)
Public Internet-services. Here we've got:
- weak passwords for public Internet-services (e-mail, for example);
- poor protection when you can use better protection (when someone doesn't use the 2fA, right);
- autologin and "remember my password" - especially when you log in from device using by a bunch of people;
- trivial security questions in social media or e-mails (for example, someone sets a question "the name of my dear kitty" for his/her social media account - when everybody knows everything about that kitty from his/her posts).
(I'm sure I didn't mention them all.)