LTCMine hacking, change your passwords now (Pool ops, check the suspect list)

[tacotime]

List of LTCmine accounts compromised:
https://bitcointalk.org/index.php?topic=92522.msg1892862#msg1892862

This occurred after Balthazar banned a known botnet operator from his pool

It appears the attacker got the users/passwords from another pool by SQL injection, possibly coinotron:
pool-x.eu
litecoinpool.org
Burnside's pool (ltc.kattare.com)
give-me-ltc.com
NuKingsMiningCo

https://bitcointalk.org/index.php?topic=92522.msg1893276#msg1893276

Users are urged to change their passwords for all pools and lock their deposit addresses where they can.

edit:
List of attacker addresses
Litecoin
LZ799S7zBUwuj68MqSXqHudgGEgBvB2sKD

Bitcoin
1Mh9uHViV9MhBiW3tACQj5PB4JRx7tcJQx
1FxvLMD4nigvDi6ynaJpfsMxpWKcbtJeQL
1DxmLunbUVbkoXe7LTs1TM5Lftrz7ujccP
1JS6iyDne5DvwxwzCFyHZkUMYvpsCtL3uG

[coinotron]

I checked out today's payouts. There were no payouts to attacker addresses.
I didn't find any suspicious withdrawals or significant brute force attacks in last few days.


If those passwords were get from another pool, it certainly wasn't Coinotron.

[tacotime]

Okay, thanks for the information.

[milly6]

thanks for the info. +1 for info gathering

[mr_random]

+2 thanks for the info

[coinotron]

Just in case I disabled payouts for all users with account names from LTCMine list of hacked accounts:


a-bolt,imsaguy,MinerG,drjunk,pushyk,nikola,csandr,mutano,aili,Nabi,dextro,Tenechek,metal,skoomskoom,46d938,witcher,Goga43,

Enzo,Alekse777,Acidd,Sinner3232,scorpy,yanes,alexx,drozd,boroda,NTWII,a102030b,ttls,yuren,xefirot,mladen811,228,alexchel,zullus000,

stasson4ik,norman14,fujifotoguy,vatten,Happyendl,bogdan0410,dpushkarev,mining,forgaill,riv2013,NigikGmen,thor,rain,blindas,ekvelibriym,

dimadsp,superbrain,simcity44,calabass

EDIT
Only two of those accounts have some withdrawals today.

[g2x3k]

still floating some around i think but thats to be expected had one user getting his account compromised