About the recent server compromise

[monbux]

If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?

Yes. I also have a database snapshot from a little before the attack which I can use to verify people by email if necessary.

I'm sorry, but has theymos actually confirmed his forum identity after the attack yet?  And also, is it just me or is the forum currently loading slower than normal?

[alani123]

If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?

Yes. I also have a database snapshot from a little before the attack which I can use to verify people by email if necessary.

I'm sorry, but has theymos actually confirmed his forum identity after the attack yet?  And also, is it just me or is the forum currently loading slower than normal?

It's also loading slower for me, although I'm confident that this will improve throughout the day.

[Lauda]

I don't think he stated or insinuated that, just that people should consider using them.

Have others received an email from the forum? I took a quick peek. Just want to verify if isn't something fishy.

Yes, they were sent out by theymos en masse, though that doesn't mean you might not have recieved a phishing mail. I'm sure the hacker will try something with our emails.

Well yes, I do agree on that. People should consider using one and using Protonmail (or a similar service) with Bitcointalk. Using that email only for Bitcointalk is also recommended.
I'm pretty sure that individuals will receive emails in the future; whoever uses the same email for other services too will receive a taste of social engineering.

I recall theymos saying that deleted PMs and posts are kept in the db? This is a concern (especially PMs) in situations like these. Hopefully PMs have not been compromised.

[fronti]

After he got KVM access, the attacker convinced the ISP NFOrce that he was me (using his KVM access as part of his evidence) and said that he had locked himself out of the server. So NFOrce reset the server's root password for him, giving him complete access to the server and bypassing most of our carefully-designed security measures. I originally assumed that the attacker gained access entirely via social engineering, but later investigation showed that this was probably only part of the overall attack. As far as I know, NFOrce's overall security practices are no worse than average.

To reduce downtime and avoid temporarily-broken features, I was originally going to stay in NFOrce's data center. However, some things made me suspicious and I moved everything elsewhere. That's where the extra day+ of downtime came from after a short period of uptime. No additional data was leaked.

please do so!

[hilariousandco]

If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?

Yes. I also have a database snapshot from a little before the attack which I can use to verify people by email if necessary.

I'm sorry, but has theymos actually confirmed his forum identity after the attack yet?  And also, is it just me or is the forum currently loading slower than normal?

Was running ok earlier but it's got a bit sluggish now, but that's to be expected as everyone tries logging on and resetting their passwords etc. Wouldn't surprise me if the forum will get ddosed as well.

[Mt.Gox Support]

If our account still gets compromised, are you still able to revert permissions back with a PGP btc address to confirm user?

Yes. I also have a database snapshot from a little before the attack which I can use to verify people by email if necessary.

I'm sorry, but has theymos actually confirmed his forum identity after the attack yet?  And also, is it just me or is the forum currently loading slower than normal?

Was running ok earlier but it's got a bit sluggish now, but that's to be expected as everyone tries logging on and resetting their passwords etc. Wouldn't surprise me if the forum will get ddosed as well.

ddosbtc is fucking around with his annoying booter.

[cinnamon_carter]

Did he confirm his identity ??

check the pgp signature in the e mail you would have got.

that confirms it

----------

Thanks for these details.

Also the people running this board CANNOT control if someone social eng. the employee's working or the isp.
This hack is not on them.

Furthermore I would suggest to everyone to do what i do regarding forums or anything else you 'sign up for' ....

Always use different e mail addresses and long difficult passwords, (also login names if possible)

If the information in the op is correct my password is good for several million years at present technology although I did change it as recommended.

Another item to remember.  If you use the e mail for this forum for other 'accounts' , for example twitter, or a coin exchange.....  remember for many places your e mail address is as good as your log in name.....

Therefore it may make it MUCH easier for someone to attack you someplace else unless you use only e mail addresses for one place. 

Anyone who uses the same password for more than one thing in life is just a sitting duck in cyberspace waiting to be taken out.

Personally what I am most curious about is why someone would go to such trouble to hack this forum ?

As most here are going to be way above average in security habits the chance of getting a password to something else is almost nil (and they were not stored in plaintext although I guess the attacker may have hoped they would be) . 

Was it an enemy of bitcoin ??

Was it a teenager hoping to be a famous hacker ?? (doubtful no one claimed respnsibility or  posted information to pastebin proving they pulled this off)

Was it some curious person wondering if they could figure out who Satoshi is ??

Was it a wealthy jealous spouse that paid a private investigator a lot of money to 'sniff out' all their spouses online activity ?

Was it a team of scammers hoping to steal bitcoin ??

I wonder....


When hacks take place they remind everyone how important it is to practice good secure methods on everything.  I guess now we wait and watch........ see what happens next.

   

[kolloh]

Thanks for the info and hope you are able to figure out exactly how it happened.

[Gervais]

Personally what I am most curious about is why someone would go to such trouble to hack this forum ?

As most here are going to be way above average in security habits the chance of getting a password to something else is almost nil (and they were not stored in plaintext although I guess the attacker may have hoped they would be) . 

Was it an enemy of bitcoin ??

   

You'd be surprised at how many people will reuse emails and passwords. I'm sure many do the same with their blockchain.info accounts too. Regardless of that, the infodump of all this forum's users emails would be very valuable to advertisers or scammers/spammers but maybe whoever hacked it did it just because he could. Some people just like finding security holes though I'm sure the person will try get some money out of the info he has.

[LFC_Bitcoin]

If it happens again I'm going to stop posting on here & find somewhere else.
It's ridiculous that with 1.5 million USD donated they can't stop attacks like this happening.
Imagine if people had wallet back ups in their emails, bank details etc.
I think it's disgraceful.

[Gervais]

If it happens again I'm going to stop posting on here & find somewhere else.
It's ridiculous that with 1.5 million USD donated they can't stop attacks like this happening.
Imagine if people had wallet back ups in their emails, bank details etc.
I think it's disgraceful.

It wasn't the forum's fault but the hosting. The new forum is being made now but that wouldn't have stopped this either and its being tested to make sure there are no holes or ways to exploit it. And people shouldn't keep their bank details or back ups of their wallets in their emails especially if they can't keep it secure.

[LFC_Bitcoin]

If it happens again I'm going to stop posting on here & find somewhere else.
It's ridiculous that with 1.5 million USD donated they can't stop attacks like this happening.
Imagine if people had wallet back ups in their emails, bank details etc.
I think it's disgraceful.

It wasn't the forum's fault but the hosting. The new forum is being made now but that wouldn't have stopped this either and its being tested to make sure there are no holes or ways to exploit it. And people shouldn't keep their bank details or back ups of their wallets in their emails especially if they can't keep it secure.

Hopefully nobody has been badly effected by all of this.
Hopefully the culprit was just somebody that thought it'd be funny to make the site get taken down, a troll or something.
Wouldn't be nice if it was somebody who wanted to try & do it for monetary reasons.

[Gervais]

Well it looks like people have already been badly effected by their info being leaked and I'm sure it will become publicly available at some point. It looks like several accounts have already been hacked and over the next few days I'm sure we'll see people complaining about having other accounts hacked or bitcoin balances cleaned out and so on.

[nomad13666]

All good here. Changed password just in case. Don't use secret question.

[Lauda]

If it happens again I'm going to stop posting on here & find somewhere else.
It's ridiculous that with 1.5 million USD donated they can't stop attacks like this happening.
Imagine if people had wallet back ups in their emails, bank details etc.
I think it's disgraceful.

Actually no, you're the one being ridiculous. The money is being used to make a new forum, not actively prevent this one from being breached.
You don't even realize how lucky we are that theymos is the man behind the forum. Most of the time when these hacks happen it usually passes some time before detection.
You can blame anyone here. 1.5 million USD is nothing. If you take a look at the recent hacks, millions of people have been completely exposed.
Remember the Sony hack (a multi-million company)? or this:
http://www.usatoday.com/story/tech/2015/02/15/hackers-steal-billion-in-banking-breach/23464913/

Everyone was advised to use VPNs or at least PGP when sharing valuable information.

[AGD]

It wasn't the forum's fault but the hosting.

Theymos claims it was the hosting. That's what you meant to say.
He openly states, in this very thread, that before any of the alleged social engineering took place,
"... The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything ..."

Not sure why everyone is acting like lax DC security is the issue,

The hoster denied beeing attacked with SE. It is still not clear how attacker gained access and why.
 
Possible, that the goal was to extract only a few certain PMs. This attack could be part of another, bigger attack. This also looks so determined to me, that I exclude email spammers, Satoshi seekers and random script kiddies.

[RFDZ]

So when is the next compromise? 

Just kidding. Need to know what happened though.

[mishax1]

The NSA hacked the forum to link users' information (nicknames, emails, IP's, passwords) with illegal activity made elsewhere.. 

[nor9865]

have a strong feeling they inserted a backdoor somewhere or a keylogger.

something that would keep them getting access to the forum and retrieve data

[Gervais]

The NSA hacked the forum to link users' information (nicknames, emails, IP's, passwords) with illegal activity made elsewhere.. 

Why would they need to hack the forum when the NSA likely has access to all this info already?

have a strong feeling they inserted a backdoor somewhere or a keylogger.

something that would keep them getting access to the forum and retrieve data

I'm sure theymos checked for this kind of stuff or would have noticed if this had of happened. Probably why the forum was down for so long.