Welsh
Staff
Legendary
Offline
Activity: 3304
Merit: 4115
|
|
May 25, 2015, 07:47:18 PM |
|
At least right now, peoples senses are heighted and will be more alert to anything suspicious. Im more worryied for when nothing major has happended and people forget about security protocol and send their Bitcoin without seeking the verification that they would right now.
Which happens all the time, I've escrowed a few people. And they all seem to just want to get the trade done as quick as possible. bar a few.
At least at this present moment in time, users have more than likely upgraded their passwords. There probably isn't too much to worry about for the majority. The hacker only had a few minutes, so was probably unlikely to get the whole dump. However, it should be treated as though he has obtained every bit of information.
|
|
|
|
tarsua
|
|
May 25, 2015, 08:38:46 PM |
|
I've already seen several suspicious accounts which I've noted down mentally.
The thing is, many old users left bitcointalk for a long time but they received an email saying they need to change their passwords, therefore an influx of old users will come back
|
|
|
|
tarsua
|
|
May 25, 2015, 08:52:30 PM |
|
What needs to happen for security is any accounts that do not have their password reset manually within a week should have their passwords revoked and automatically reset where they can only be recovered with an email being sent with a recovery link to the address on file.
Alot of people use fake emails since no confirmation is needed when you signup, and what if i lost the password to the email that i signed up with?
|
|
|
|
tarsua
|
|
May 25, 2015, 09:02:24 PM |
|
Alot of people use fake emails since no confirmation is needed when you signup, and what if i lost the password to the email that i signed up with?
They have a week to manually reset and update their email address. It is very irresponsible to setup an account and lose track of your throwaway email credentials. Any other accounts will be lost unless its a known member who can prove its them to theymos directly. This would be a good opportunity to clear off many garbage shill accounts as well as they are more likely using fake email accounts. Its not the end of the world if a few old anonymous accounts get frozen either and is a much better alternative than a bunch of compromised accounts start scamming people. its not a matter of having throwaway emails, its a matter of not having made an email at all, just putting something where you should put your email address. The hacked accounts make it pretty clear that either the passwords weren't salted,
What hacked accounts?
|
|
|
|
qwk
Donator
Legendary
Offline
Activity: 3542
Merit: 3413
Shitcoin Minimalist
|
|
May 25, 2015, 09:12:40 PM |
|
What hacked accounts?
This.That.Probably more.
|
Yeah, well, I'm gonna go build my own blockchain. With blackjack and hookers! In fact forget the blockchain.
|
|
|
Mt.Gox Support
VIP
Sr. Member
Offline
Activity: 308
Merit: 250
|
|
May 25, 2015, 09:15:25 PM |
|
Such slander. MtGox has the best security practices ever.
|
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2982
Merit: 2371
|
|
May 25, 2015, 09:16:47 PM |
|
It seems that the primary target (at least so far) of hacked accounts has been VIP accounts. At first I was going to argue that the MtGox account was not hacked (it still shows a MtGox email address and it's password was reset via email), however it would be possible that he logged into the account, changed the email address, reset the password via email, then changed the email back. It is not surprising to see a MtGox account having a weak password
|
|
|
|
qwk
Donator
Legendary
Offline
Activity: 3542
Merit: 3413
Shitcoin Minimalist
|
|
May 25, 2015, 09:17:25 PM |
|
Such slander. MtGox has the best security practices ever.
Care to at least share your story of how you came into control of this otherwise absolutely worthless account?
|
Yeah, well, I'm gonna go build my own blockchain. With blackjack and hookers! In fact forget the blockchain.
|
|
|
notlist3d
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
May 25, 2015, 09:17:36 PM |
|
I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!
Well sadly you appear to be 100 percent right - https://bitcointalk.org/index.php?topic=1068150.msg11449580#msg11449580It's sad but appears possibly it will turn into a trolling war.
|
|
|
|
alani123
Legendary
Offline
Activity: 2534
Merit: 1496
|
|
May 25, 2015, 09:18:24 PM |
|
I wonder why the hackers targeting those high ranked accounts are coming out as such obvious trolls. Perhaps they deemed them not worthy? I wonder if more accounts were hacked and are going to be sold in a stealthy way.
|
| Duelbits | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | TRY OUR UNIQUE GAMES! ◥ DICE ◥ MINES ◥ PLINKO ◥ DUEL POKER ◥ DICE DUELS | | | | █▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ KENONEW ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄█ | | 10,000x MULTIPLIER | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ |
[/tabl
|
|
|
tarsua
|
|
May 25, 2015, 09:19:19 PM |
|
>Yeah I've seen some old accounts just started posting again today after years of not being used Sad.
How is this going to change above? The hacked accounts make it pretty clear that either the passwords weren't salted, or the hackers managed to do much more than garb a db of password hashes & emails. Theymos did say he was rooted :
You cannot assume Theymos is lying and the database wasn't salted. We don't know if the security question was encrypted and salted as well. Any old accounts compromised likely used easy passwords or easy security questions. Forcing a password reset where the recovery must happen through email will protect all those accounts unless the user were ignorant enough to use the same password for their email account as here. its not a matter of having throwaway emails, its a matter of not having made an email at all, just putting something where you should put your email address.
Most of those are probably shill accounts... what type of idiot doesn't spend 5 minutes to create an extra throwaway email for security or spam? Any person that doesn't do this and fails to reset in a week deserves to become a newbie again. I am sure there may be 1-2 anonymous heroes accounts who have to become newbies again. That is a small price to pay for good security. well its either using a fake non-existent email or using a fake email which u wont remember the credentials for or arrange an hour a week to clear spam out of your email, the first is the obvious winner for the first you are just paranoid that he doesnt have a username and that he hasnt posted in some time, if you look at his post history, a few years ago, most of his posts were in the german section, although he speaks english now, if you look closely, it is obviously not his first language, he probably received the email today and decided that he will come back
|
|
|
|
Mt.Gox Support
VIP
Sr. Member
Offline
Activity: 308
Merit: 250
|
|
May 25, 2015, 09:20:31 PM |
|
I wonder why the hackers targeting those high ranked accounts are coming out as such obvious trolls. Perhaps they deemed them not worthy? I wonder if more accounts were hacked and are going to be sold in a stealthy way.
The only people who sell accounts and scam here are kids. If you know some stuff about hacking you wouldn't stick around here for more than occasional trolling. Better targets out there than bitcoiners, and stealing from bitcoiners is a real douchebag move.
|
|
|
|
qwk
Donator
Legendary
Offline
Activity: 3542
Merit: 3413
Shitcoin Minimalist
|
|
May 25, 2015, 09:21:00 PM |
|
It seems that the primary target (at least so far) of hacked accounts has been VIP accounts.
IDK. They just happen to be the ones I keep an extra eye on. Theymos mentioned that weak passwords would require dedicated brute force to be hacked. I guess that's what the attacker is doing. Obviously going for the most valuable accounts first.
|
Yeah, well, I'm gonna go build my own blockchain. With blackjack and hookers! In fact forget the blockchain.
|
|
|
Mt.Gox Support
VIP
Sr. Member
Offline
Activity: 308
Merit: 250
|
|
May 25, 2015, 09:27:05 PM |
|
|
|
|
|
Mt.Gox Support
VIP
Sr. Member
Offline
Activity: 308
Merit: 250
|
|
May 25, 2015, 09:28:20 PM |
|
It seems that the primary target (at least so far) of hacked accounts has been VIP accounts.
IDK. They just happen to be the ones I keep an extra eye on. Theymos mentioned that weak passwords would require dedicated brute force to be hacked. I guess that's what the attacker is doing. Obviously going for the most valuable accounts first. The attacker is sleeping right now. he has no idea the shitstorm he is going to wake up to.
|
|
|
|
qwk
Donator
Legendary
Offline
Activity: 3542
Merit: 3413
Shitcoin Minimalist
|
|
May 25, 2015, 09:30:24 PM |
|
for the first you are just paranoid that he doesnt have a username and that he hasnt posted in some time, if you look at his post history, a few years ago, most of his posts were in the german section, although he speaks english now, if you look closely, it is obviously not his first language, he probably received the email today and decided that he will come back About the first: the account was originally in possession of a German, who started a service that soon turned into (possibly) the second largest ponzi here at bitcointalk. He claimed to have sold the account to another German, who then claimed to have sold to a Russian. Nobody knows if the original account ever changed owners in the first place. But today, the account came back with a very fluent English speaker, potentially with a Dutch origin. Paranoid I may be, but that does not mean that I'm wrong
|
Yeah, well, I'm gonna go build my own blockchain. With blackjack and hookers! In fact forget the blockchain.
|
|
|
Mt.Gox Support
VIP
Sr. Member
Offline
Activity: 308
Merit: 250
|
|
May 25, 2015, 09:32:15 PM |
|
for the first you are just paranoid that he doesnt have a username and that he hasnt posted in some time, if you look at his post history, a few years ago, most of his posts were in the german section, although he speaks english now, if you look closely, it is obviously not his first language, he probably received the email today and decided that he will come back About the first: the account was originally in possession of a German, who started a service that soon turned into (possibly) the second largest ponzi here at bitcointalk. He claimed to have sold the account to another German, who then claimed to have sold to a Russian. Nobody knows if the original account ever changed owners in the first place. But today, the account came back with a very fluent English speaker, potentially with a Dutch origin. Paranoid I may be, but that does not mean that I'm wrong You are next. enjoy.
|
|
|
|
tarsua
|
|
May 25, 2015, 09:35:45 PM |
|
for the first you are just paranoid that he doesnt have a username and that he hasnt posted in some time, if you look at his post history, a few years ago, most of his posts were in the german section, although he speaks english now, if you look closely, it is obviously not his first language, he probably received the email today and decided that he will come back About the first: the account was originally in possession of a German, who started a service that soon turned into (possibly) the second largest ponzi here at bitcointalk. He claimed to have sold the account to another German, who then claimed to have sold to a Russian. Nobody knows if the original account ever changed owners in the first place. But today, the account came back with a very fluent English speaker, potentially with a Dutch origin. Paranoid I may be, but that does not mean that I'm wrong I reviewed a few of his posts, i wouldn't say his English is "very fluent" and why did you give him negative trust without being sure he is a hacker?
|
|
|
|
qwk
Donator
Legendary
Offline
Activity: 3542
Merit: 3413
Shitcoin Minimalist
|
|
May 25, 2015, 09:39:40 PM |
|
You are next. enjoy.
I'll be back.
|
Yeah, well, I'm gonna go build my own blockchain. With blackjack and hookers! In fact forget the blockchain.
|
|
|
qwk
Donator
Legendary
Offline
Activity: 3542
Merit: 3413
Shitcoin Minimalist
|
|
May 25, 2015, 09:42:20 PM |
|
I reviewed a few of his posts, i wouldn't say his English is "very fluent" and why did you give him negative trust without being sure he is a hacker?
He would have received negative trust for his scams in the past, anyway. And when it comes to the trust system, I'm always in favor of shooting first and asking questions later. Negative trust can be easily revoked, but a successful scammer will not return the money
|
Yeah, well, I'm gonna go build my own blockchain. With blackjack and hookers! In fact forget the blockchain.
|
|
|
|