marcotheminer (OP)
Legendary
Offline
Activity: 2072
Merit: 1049
┴puoʎǝq ʞool┴
|
|
May 25, 2015, 06:06:03 PM |
|
I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!
|
|
|
|
SaltySpitoon
Legendary
Offline
Activity: 2590
Merit: 2156
Welcome to the SaltySpitoon, how Tough are ya?
|
|
May 25, 2015, 06:08:22 PM |
|
I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!
Agreed, also be especially careful trading with people. Even if no one gets hacked, I foresee some people scamming, and then trying to claim they were hacked to waive their liability.
|
|
|
|
KWH
Legendary
Offline
Activity: 1918
Merit: 1052
In Collateral I Trust.
|
|
May 25, 2015, 06:09:59 PM |
|
I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!
I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!
Agreed, also be especially careful trading with people. Even if no one gets hacked, I foresee some people scamming, and then trying to claim they were hacked to waive their liability. I can really see this happening. Get ready for the tsunami.
|
When the subject of buying BTC with Paypal comes up, I often remember this:
Insanity: doing the same thing over and over again and expecting different results.
Albert Einstein
|
|
|
Welsh
Staff
Legendary
Offline
Activity: 3304
Merit: 4115
|
|
May 25, 2015, 06:10:39 PM |
|
I've already seen several suspicious accounts which I've noted down mentally.
|
|
|
|
dogie
Legendary
Offline
Activity: 1666
Merit: 1185
dogiecoin.com
|
|
May 25, 2015, 06:30:04 PM |
|
I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!
Agreed, also be especially careful trading with people. Even if no one gets hacked, I foresee some people scamming, and then trying to claim they were hacked to waive their liability. The thing is, how can we actually mitigate that risk? Say someone is trading with me, how can they be sure that a) I'm not hacked and b) the escrow we're using isn't hacked. Especially as the escrows will be the primary targets.
|
|
|
|
Welsh
Staff
Legendary
Offline
Activity: 3304
Merit: 4115
|
|
May 25, 2015, 06:32:28 PM |
|
The thing is, how can we actually mitigate that risk? Say someone is trading with me, how can they be sure that a) I'm not hacked and b) the escrow we're using isn't hacked. Especially as the escrows will be the primary targets.
The normal. Signed message via Bitcoin address or PGP.
|
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2982
Merit: 2371
|
|
May 25, 2015, 06:33:34 PM |
|
I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!
Agreed, also be especially careful trading with people. Even if no one gets hacked, I foresee some people scamming, and then trying to claim they were hacked to waive their liability. The thing is, how can we actually mitigate that risk? Say someone is trading with me, how can they be sure that a) I'm not hacked and b) the escrow we're using isn't hacked. Especially as the escrows will be the primary targets. The normal. Signed message via Bitcoin address or PGP. This. It is always a good idea to take this precaution, however now it is even more important to verify this.
|
|
|
|
XinXan
|
|
May 25, 2015, 06:34:23 PM |
|
I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!
Agreed, also be especially careful trading with people. Even if no one gets hacked, I foresee some people scamming, and then trying to claim they were hacked to waive their liability. The thing is, how can we actually mitigate that risk? Say someone is trading with me, how can they be sure that a) I'm not hacked and b) the escrow we're using isn't hacked. Especially as the escrows will be the primary targets. The normal. Signed message via Bitcoin address or PGP. Some people cant provide that. Lock all accounts untill their passwords are changed? Or maybe lock high rank accounts only until the password is changed, or only allow to unlock those accounts if proof of ownership is provided?
|
|
|
|
erikalui
Legendary
Offline
Activity: 2632
Merit: 1094
|
|
May 25, 2015, 06:42:48 PM |
|
I have seen people claiming that their BCT and email accounts are hacked (their passwords were reset). Now it's getting difficult to even trust the old trusted members. Trading will be more difficult if any escrow's account was hacked.
|
|
|
|
jeannemadrigal2
|
|
May 25, 2015, 06:49:29 PM Last edit: May 25, 2015, 07:30:33 PM by jeannemadrigal2 |
|
I have seen people claiming that their BCT and email accounts are hacked (their passwords were reset). Now it's getting difficult to even trust the old trusted members. Trading will be more difficult if any escrow's account was hacked.
It is not that hard, the users can still sign using their known bitcoin address prove their identity.
|
|
|
|
hedgy73
Legendary
Offline
Activity: 1414
Merit: 1077
|
|
May 25, 2015, 06:51:57 PM |
|
I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!
Yeah I've seen some old accounts just started posting again today after years of not being used .
|
|
|
|
erikalui
Legendary
Offline
Activity: 2632
Merit: 1094
|
|
May 25, 2015, 07:04:46 PM |
|
I have seen people claiming that their BCT and email accounts are hacked (their passwords were reset). Now it's getting difficult to even trust the old trusted members. Trading will be more difficult if any escrow's account was hacked.
It is not that hard, the users can still sign using their know bitcoin address prove their identity. That's not the issue but now there might be many users who will claim their accounts as being hacked. Theymos will be having a tough time to recover these accounts and if these users have used their email accounts or bitcoin accounts with the same password, then chances of recovering their account is almost nil.
|
|
|
|
notlist3d
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
May 25, 2015, 07:13:23 PM |
|
I would agree this could become an issue. When dealing with someone for a while after this it might be worth looking if there is a big gap in posting dates.
I don't know where this will lead. So many different and a little scary options. Will who ever use the accounts? Sell information for money? Send emails crafted to load malware to account specific emails? Go after IP address of miners looking for weakness? I hope we see nothing out of it and just are more cautious. But I have no idea what this will all lead to.
|
|
|
|
Welsh
Staff
Legendary
Offline
Activity: 3304
Merit: 4115
|
|
May 25, 2015, 07:27:24 PM |
|
There shouldn't be a problem with using escrows and the like, they can sign an address they've used previously. Or verify with PGP. To be honest, before any escrow trade goes through regardless of the suspicious the account could be hacked or not verifying they are who they say they are should always be done prior to the trade.
And, if you want to verify any other member, I'm sure sending them a message requesting a signature with a valid reason wouldn't be a problem for most users.
|
|
|
|
celebreze32
|
|
May 25, 2015, 07:34:07 PM |
|
How long would it take for the hacker(s) to get a password from the password hash and salt they stole?
How many accounts could they hack in a given period of time?
There must be a limit on the number of accounts they can access, so I assume they will go for the most useful looking ones and ignore low ranks.
|
|
|
|
jeannemadrigal2
|
|
May 25, 2015, 07:35:31 PM |
|
I have seen people claiming that their BCT and email accounts are hacked (their passwords were reset). Now it's getting difficult to even trust the old trusted members. Trading will be more difficult if any escrow's account was hacked.
It is not that hard, the users can still sign using their know bitcoin address prove their identity. That's not the issue but now there might be many users who will claim their accounts as being hacked. Theymos will be having a tough time to recover these accounts and if these users have used their email accounts or bitcoin accounts with the same password, then chances of recovering their account is almost nil. Theymos will not be recovering those accounts that cannot signed using their bitcoin address. Even so they can signed very few accounts will be restored as this is not theymos priority.
|
|
|
|
hilariousandco
Global Moderator
Legendary
Online
Activity: 3962
Merit: 2696
Join the world-leading crypto sportsbook NOW!
|
|
May 25, 2015, 07:36:28 PM |
|
I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!
Yeah I've seen some old accounts just started posting again today after years of not being used . Which ones? Maybe a list should be compiled, though what Quickseller said in another thread will also be relevant that many older inactive members will be likely to return to change their passwords by the email they received from theymos.
|
|
|
|
jeannemadrigal2
|
|
May 25, 2015, 07:40:30 PM |
|
How long would it take for the hacker(s) to get a password from the password hash and salt they stole?
How many accounts could they hack in a given period of time?
There must be a limit on the number of accounts they can access, so I assume they will go for the most useful looking ones and ignore low ranks.
It would take them a few hours to hack all the users with weak passwords. And a few days for users with medium difficulty password. See on the table. There would be no limit to them, because they already downloaded the database. They can test it on their pc offline.
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1043
#Free market
|
|
May 25, 2015, 07:43:21 PM |
|
I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!
Yeah I've seen some old accounts just started posting again today after years of not being used . Which ones? Maybe a list should be compiled, though what Quickseller said in another thread will also be relevant that many older inactive members will be likely to return to change their passwords by the email they received from theymos. Exactly, it could be a possibility but we should stay always on alert.... why an old member should make a trade after his return here in the forum? This is the suspicious thing. Like someone told here in this thread, ask always a signed message from a bitcoin address and PGP key.
|
|
|
|
Slark
Legendary
Offline
Activity: 1862
Merit: 1004
|
|
May 25, 2015, 07:44:07 PM |
|
There shouldn't be a problem with using escrows and the like, they can sign an address they've used previously. Or verify with PGP. To be honest, before any escrow trade goes through regardless of the suspicious the account could be hacked or not verifying they are who they say they are should always be done prior to the trade.
And, if you want to verify any other member, I'm sure sending them a message requesting a signature with a valid reason wouldn't be a problem for most users.
That's the idea, you should always stay alert. Knowing that a lot of accounts could be compromised right now you should stay extra vigilant. If you notice that someone is trying to take out a loan or sell something without escrow or collateral just don't fell for it.
|
|
|
|
|