Influx of Hacked Accounts

[marcotheminer]

I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!

[SaltySpitoon]

I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!

Agreed, also be especially careful trading with people. Even if no one gets hacked, I foresee some people scamming, and then trying to claim they were hacked to waive their liability.

[KWH]

I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!

I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!

Agreed, also be especially careful trading with people. Even if no one gets hacked, I foresee some people scamming, and then trying to claim they were hacked to waive their liability.

I can really see this happening. Get ready for the tsunami.

[Welsh]

I've already seen several suspicious accounts which I've noted down mentally.

[dogie]

I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!

Agreed, also be especially careful trading with people. Even if no one gets hacked, I foresee some people scamming, and then trying to claim they were hacked to waive their liability.

The thing is, how can we actually mitigate that risk? Say someone is trading with me, how can they be sure that a) I'm not hacked and b) the escrow we're using isn't hacked. Especially as the escrows will be the primary targets.

[Welsh]

The thing is, how can we actually mitigate that risk? Say someone is trading with me, how can they be sure that a) I'm not hacked and b) the escrow we're using isn't hacked. Especially as the escrows will be the primary targets.

The normal. Signed message via Bitcoin address or PGP.

[Quickseller]

I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!

Agreed, also be especially careful trading with people. Even if no one gets hacked, I foresee some people scamming, and then trying to claim they were hacked to waive their liability.

The thing is, how can we actually mitigate that risk? Say someone is trading with me, how can they be sure that a) I'm not hacked and b) the escrow we're using isn't hacked. Especially as the escrows will be the primary targets.

The normal. Signed message via Bitcoin address or PGP.

This.

It is always a good idea to take this precaution, however now it is even more important to verify this.

[XinXan]

I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!

Agreed, also be especially careful trading with people. Even if no one gets hacked, I foresee some people scamming, and then trying to claim they were hacked to waive their liability.

The thing is, how can we actually mitigate that risk? Say someone is trading with me, how can they be sure that a) I'm not hacked and b) the escrow we're using isn't hacked. Especially as the escrows will be the primary targets.

The normal. Signed message via Bitcoin address or PGP.

Some people cant provide that. Lock all accounts untill their passwords are changed? Or maybe lock high rank accounts only until the password is changed, or only allow to unlock those accounts if proof of ownership is provided?

[erikalui]

I have seen people claiming that their BCT and email accounts are hacked (their passwords were reset). Now it's getting difficult to even trust the old trusted members. Trading will be more difficult if any escrow's account was hacked.

[jeannemadrigal2]

I have seen people claiming that their BCT and email accounts are hacked (their passwords were reset). Now it's getting difficult to even trust the old trusted members. Trading will be more difficult if any escrow's account was hacked.

It is not that hard, the users can still sign using their known bitcoin address prove their identity.

[hedgy73]

I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!

Yeah I've seen some old accounts just started posting again today after years of not being used .

[erikalui]

I have seen people claiming that their BCT and email accounts are hacked (their passwords were reset). Now it's getting difficult to even trust the old trusted members. Trading will be more difficult if any escrow's account was hacked.

It is not that hard, the users can still sign using their know bitcoin address prove their identity.

That's not the issue but now there might be many users who will claim their accounts as being hacked. Theymos will be having a tough time to recover these accounts and if these users have used their email accounts or bitcoin accounts with the same password, then chances of recovering their account is almost nil.

[notlist3d]

I would agree this could become an issue.  When dealing with someone for a while after this it might be worth looking if there is a big gap in posting dates.   

I don't know where this will lead.  So many different and a little scary options.  Will who ever use the accounts?   Sell information for money?   Send emails crafted to load malware to account specific emails? Go after IP address of miners looking for weakness?  I hope we see nothing out of it and just are more cautious.  But I have no idea what this will all lead to.

[Welsh]

There shouldn't be a problem with using escrows and the like, they can sign an address they've used previously. Or verify with PGP. To be honest, before any escrow trade goes through regardless of the suspicious the account could be hacked or not verifying they are who they say they are should always be done prior to the trade.

And, if you want to verify any other member, I'm sure sending them a message requesting a signature with a valid reason wouldn't be a problem for most users.

[celebreze32]

How long would it take for the hacker(s) to get a password from the password hash and salt they stole?

How many accounts could they hack in a given period of time?

There must be a limit on the number of accounts they can access, so I assume they will go for the most useful looking ones and ignore low ranks.

[jeannemadrigal2]

I have seen people claiming that their BCT and email accounts are hacked (their passwords were reset). Now it's getting difficult to even trust the old trusted members. Trading will be more difficult if any escrow's account was hacked.

It is not that hard, the users can still sign using their know bitcoin address prove their identity.

That's not the issue but now there might be many users who will claim their accounts as being hacked. Theymos will be having a tough time to recover these accounts and if these users have used their email accounts or bitcoin accounts with the same password, then chances of recovering their account is almost nil.

Theymos will not be recovering those accounts that cannot signed using their bitcoin address. Even so they can signed very few accounts will be restored as this is not theymos priority.

[hilariousandco]

I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!

Yeah I've seen some old accounts just started posting again today after years of not being used .

Which ones? Maybe a list should be compiled, though what Quickseller said in another thread will also be relevant that many older inactive members will be likely to return to change their passwords by the email they received from theymos.

[jeannemadrigal2]

How long would it take for the hacker(s) to get a password from the password hash and salt they stole?

How many accounts could they hack in a given period of time?

There must be a limit on the number of accounts they can access, so I assume they will go for the most useful looking ones and ignore low ranks.

It would take them a few hours to hack all the users with weak passwords. And a few days for users with medium difficulty password. See on the table.


There would be no limit to them, because they already downloaded the database. They can test it on their pc offline.

[redsn0w]

I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!

Yeah I've seen some old accounts just started posting again today after years of not being used .

Which ones? Maybe a list should be compiled, though what Quickseller said in another thread will also be relevant that many older inactive members will be likely to return to change their passwords by the email they received from theymos.

Exactly, it could be a possibility but we should stay always on alert.... why an old member should make a trade after his return here in the forum? This is the suspicious thing. Like someone told here in this thread, ask always a signed message from a bitcoin address and PGP key.

[Slark]

There shouldn't be a problem with using escrows and the like, they can sign an address they've used previously. Or verify with PGP. To be honest, before any escrow trade goes through regardless of the suspicious the account could be hacked or not verifying they are who they say they are should always be done prior to the trade.

And, if you want to verify any other member, I'm sure sending them a message requesting a signature with a valid reason wouldn't be a problem for most users.

That's the idea, you should always stay alert. Knowing that a lot of accounts could be compromised right now you should stay extra vigilant. If you notice that someone is trying to take out a loan or sell something without escrow or collateral just don't fell for it.