wonax (OP)
Newbie
Offline
Activity: 19
Merit: 0
|
|
August 28, 2013, 11:13:35 AM |
|
My Mtgox account has been hacked .... it had $600+ .... someone with china ip address accessed the account ... move funds to BTC and withdraw it to bitcoin I am a developer and i m pretty sure that my system is secure with Kaspersky internet security ... and i dont get scammed with any type of phishing attack i don't know which type of security they had ... that anyone can access any other account....i didn't used any OTP/yubikey .... but cracking a website password indicates their bad security issues....as my system is secure, whom should i blame? me? add funds to mtgox or their website security
|
|
|
|
marcovaldo
|
|
August 28, 2013, 11:17:49 AM |
|
Do you have any proof that mt.gox was compromised? It would be much more probable that it was you.
Maybe you registered on an other website with the same password, and the website was a scam ...
|
BITEX | ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███
| The First Locally-Embedded, Yet Global, Crypto-Bank
| ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███
| WHITEPAPER | ANN JOIN WHITELIST NOW!
|
|
|
|
RaTTuS
|
|
August 28, 2013, 11:19:34 AM |
|
2FA use lastpass Kaspersky used the same login details elsewhere
|
In the Beginning there was CPU , then GPU , then FPGA then ASIC, what next I hear to ask ....
1RaTTuSEN7jJUDiW1EGogHwtek7g9BiEn
|
|
|
wonax (OP)
Newbie
Offline
Activity: 19
Merit: 0
|
|
August 28, 2013, 11:24:50 AM |
|
i didnot made any transaction of withdrawl to bitcoin... actually i added bitcoin traded it for dollars, added a bank account ... and for waiting for bank addition verification i logged out of my account next day i logged into my email and get the mail of withdrawl information with ip information Transaction reference: 530f092e-dda9-4404-86a2-5d3c8b8c44e7 Date: 2013-08-27 22:31:32 GMT IP: 121.233.121.219
i have the same password for bitmit.net and i think they are a trusted compay ..... My old password is working .... the person only withdrawn the fund to its btc
|
|
|
|
marcovaldo
|
|
August 28, 2013, 11:26:31 AM |
|
keylogger, brute forced or whatever error you made. If anyone could access mt.gox database they would NOT choose an account with only 600$ :/
Sorry for your loss though
|
BITEX | ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███
| The First Locally-Embedded, Yet Global, Crypto-Bank
| ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███
| WHITEPAPER | ANN JOIN WHITELIST NOW!
|
|
|
|
levino
|
|
August 28, 2013, 11:29:54 AM |
|
i didnot made any transaction of withdrawl to bitcoin... actually i added bitcoin traded it for dollars, added a bank account ... and for waiting for bank addition verification i logged out of my account next day i logged into my email and get the mail of withdrawl information with ip information Transaction reference: 530f092e-dda9-4404-86a2-5d3c8b8c44e7 Date: 2013-08-27 22:31:32 GMT IP: 121.233.121.219
i have the same password for bitmit.net and i think they are a trusted compay ..... My old password is working .... the person only withdrawn the fund to its btc
What are you developing as "a developer"? Gameboy games? Stop whining. If you use credentials twice this has been the perfect lesson for you. Before you mess with bitcoins, do your homework. In your case probably get a BA in Computer Science. Before you know what you are doing, let the older kids play with the real money.
|
|
|
|
wonax (OP)
Newbie
Offline
Activity: 19
Merit: 0
|
|
August 28, 2013, 11:32:27 AM |
|
I think its brute forced .... bacause the password was dictionary based... but they can add brute force detection to their website ? or not?
|
|
|
|
marcovaldo
|
|
August 28, 2013, 11:34:04 AM |
|
I think its brute forced .... bacause the password was dictionary based... but they can add brute force detection to their website ? or not?
You obviously chose an easy password, and the same for different website. :/ It was a mistake.
|
BITEX | ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███
| The First Locally-Embedded, Yet Global, Crypto-Bank
| ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███ ███
| WHITEPAPER | ANN JOIN WHITELIST NOW!
|
|
|
|
wonax (OP)
Newbie
Offline
Activity: 19
Merit: 0
|
|
August 28, 2013, 12:17:03 PM |
|
yes i know ....i used the same password.... and levino i m currently MCS and doing MS(CS) ....some time develops some php websites ....And after the mistake of same pass i got my lesson from it...
|
|
|
|
jantenner81
Full Member
Offline
Activity: 228
Merit: 100
CIYAM - UI/UX design
|
|
August 28, 2013, 12:25:07 PM |
|
i didnot made any transaction of withdrawl to bitcoin... actually i added bitcoin traded it for dollars, added a bank account ... and for waiting for bank addition verification i logged out of my account next day i logged into my email and get the mail of withdrawl information with ip information Transaction reference: 530f092e-dda9-4404-86a2-5d3c8b8c44e7 Date: 2013-08-27 22:31:32 GMT IP: 121.233.121.219
i have the same password for bitmit.net and i think they are a trusted compay ..... My old password is working .... the person only withdrawn the fund to its btc
What are you developing as "a developer"? Gameboy games? Stop whining. If you use credentials twice this has been the perfect lesson for you. Before you mess with bitcoins, do your homework. In your case probably get a BA in Computer Science. Before you know what you are doing, let the older kids play with the real money. +1 don't use any password twice ...
|
AT - Automated Transactions CIYAM | Developer
|
|
|
b!z
Legendary
Offline
Activity: 1582
Merit: 1010
|
|
August 28, 2013, 01:37:56 PM |
|
Scan your computer for malware. Kaspersky is not good enough.
|
|
|
|
wonax (OP)
Newbie
Offline
Activity: 19
Merit: 0
|
|
August 28, 2013, 02:05:34 PM |
|
If its malware then i have more bitcoins ....but they are intact
|
|
|
|
vm1990
Legendary
Offline
Activity: 1540
Merit: 1002
|
|
August 28, 2013, 02:10:33 PM |
|
Scan your computer for malware. Kaspersky is not good enough.
kaspersky is good enough but for added protection use malwarebytes now your covered all angles if anything has to do with money use passwords with special keys like !@:. this makes it much harder for people to bruteforce a password www.passwordmeter.com/ check out your passwords XD
|
|
|
|
levino
|
|
August 28, 2013, 02:22:17 PM |
|
Scan your computer for malware. Kaspersky is not good enough.
kaspersky is good enough but for added protection use malwarebytes now your covered all angles if anything has to do with money use passwords with special keys like !@:. this makes it much harder for people to bruteforce a password www.passwordmeter.com/ check out your passwords XD You are kidding me, right? Are all people here this badly educated about the very simple topic of internet security? There is today only one way to do it right: Get Lastpass and choose a really secure last password (Just read up about how to choose and remember it. 20 chars of random jibberish should be a good start. And YES everybody who has the right to vote should be able to remember such a password). Get a Yubikey. Get GoogleAuthenticator. Use a unique password generated by Lastpass for every site (20 chars from all possible characters) Use 2 Factor Auth on any service that offers it. If Yubikey and GoogleAuth are offered, use Yubikey (Hardware before Software). --> Sleep tight at night.
|
|
|
|
coastermonger
Sr. Member
Offline
Activity: 367
Merit: 250
Find me at Bitrated
|
|
August 28, 2013, 03:08:33 PM |
|
Did we confirm that OP was using 2-factor? Because that would save him the biggest headache there, even if his password was compromised it's another layer of security that can't easily be cracked
|
Bitrated user: Rees.
|
|
|
RaTTuS
|
|
August 28, 2013, 03:59:46 PM |
|
OP said he wasn't but the OP needs to clean his machine NOW he has a keylogger [my guess] also he should use lastpass after he has cleaned himself
|
In the Beginning there was CPU , then GPU , then FPGA then ASIC, what next I hear to ask ....
1RaTTuSEN7jJUDiW1EGogHwtek7g9BiEn
|
|
|
peonminer
|
|
August 28, 2013, 04:43:44 PM |
|
I think its brute forced .... bacause the password was dictionary based... but they can add brute force detection to their website ? or not?
A dictionary based password for your $$$? D=
|
|
|
|
danympp81
|
|
February 01, 2014, 07:16:45 AM |
|
my account has been compromissed and after 12h nobody from mtgox got in contact with me, it seems that the address kept the BTC for a while so maybe there was something to do but they are to lazy and i am not that important.
i didn´t have the 2FA because i don´t have android mobile but that doesn´t mean that mtgox should clean their hand and do nothing. they should have some responsabilties. other exchanges request you to click a link on the email they send to confirm the transaction. if it was like that i wouldn´t been hack because my email hasn´t beeen compromissed.
i know one that will not use mtgox again and will try to do my best to expando my experience around the forums so people is aware about mtgox
|
|
|
|
RaTTuS
|
|
February 03, 2014, 12:26:07 PM |
|
it's nothing to do with mtgox - if you use a comprised machine or share username / passwords or use free wifi there are many ways of 2FA .. learn how to protect yourself online -
|
In the Beginning there was CPU , then GPU , then FPGA then ASIC, what next I hear to ask ....
1RaTTuSEN7jJUDiW1EGogHwtek7g9BiEn
|
|
|
|