|
TheMage (OP)
|
 |
May 26, 2015, 06:25:26 AM |
|
I got this in an email address not associated with Bitcointalk. Not sure what this means (getting an email from here on an email address not associated with these forums). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
You are receiving this message because your email address is associated
with an account on bitcointalk.org
. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org
server. The following
information about your account was likely leaked:
- Email address
- Password hash
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your
secret answer
- Various settings
You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".
If you used the same password on bitcointalk.org
as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.
Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.
While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.
I apologize for the inconvenience and for any trouble that this may cause.
-----BEGIN PGP SIGNATURE-----
iF4EAREIAAYFAlVhiGIACgkQxlVWk9q1keeUmgEAhGi8pTghxISo1feeXkUMhW3a
uKxLeOOkTQR5Zh7aGKoBAMEvYsGEBGt3hzInIh+k43XJjGYywSiPAal1KI7Arfs0
=bvuI
-----END PGP SIGNATURE----- |
|
|
|
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
sebastian
|
|
May 26, 2015, 06:53:35 AM |
|
I got it too.
Contains some invalid PGP sig... And is sent from a server that apparently does not have any Connection with bitcointalk (?)
|
|
|
|
|
Inkie_Squid
Newbie
 Offline
Activity: 1
Merit: 0
|
|
May 26, 2015, 06:57:50 AM |
|
I got the same one. Doesn't worry me too much who sent it, since there's no links and it's a plain text message - it's also the first time I've been here in 2 years and found that I needed to change the password. Also I tried to delete the account but it's not possible without finding a mod  |
|
|
|
|
Bit_Happy
Legendary
Offline
Activity: 2100
Merit: 1040
A Great Time to Start Something!
|
|
May 26, 2015, 07:00:43 AM |
|
I got the same one. Doesn't worry me too much who sent it, since there's no links....
That makes no sense, did they (perhaps) forget to insert the phishing links? |
|
|
|
|
sebastian
|
|
May 26, 2015, 07:11:02 AM |
|
Could be suspicious.
It comes from:
198.251.81.170
which have a reverse of:
node-198-251-81-170.reverse.x4b.me
However, noticed that bitcointalk.org does resove to 198.251.81.170 too.
This could mean that the attacker still have Control of the server (?)
Perhaps he installed a backdoor... And he want everyone to change passwords, so they Think they're safe now, but he simply capture the new passwords.
|
|
|
|
|
|
joyjeet
|
|
May 26, 2015, 07:21:34 AM |
|
Even I have received the same kind of mail today, the suspicious part was the link embedded in the email which would take you to http bitcointalk.org site wherein our forum is ssl secured and hence has a https Just posted the details here https://bitcointalk.org/index.php?topic=1070165.new#new |
|
|
|
hedgy73
Legendary
Offline
Activity: 1414
Merit: 1077
|
|
May 26, 2015, 09:08:14 AM |
|
I had the same email on Sunday to the email address associated with this forum it says from noreply@bitcointalk.org so assumed it was a service message sent from the forum to inform everyone about recent issues. Also there were are no links to click so would presume it's safe. |
|
|
|
|
|
Gervais
|
|
May 26, 2015, 09:19:32 AM |
|
I got the same one. Doesn't worry me too much who sent it, since there's no links....
That makes no sense, did they (perhaps) forget to insert the phishing links? Hes probably just talking about the genuine email theymos sent out about the hack. |
|
|
|
|
|
TheMage (OP)
|
|
May 27, 2015, 12:20:58 AM |
|
I got the same one. Doesn't worry me too much who sent it, since there's no links....
That makes no sense, did they (perhaps) forget to insert the phishing links? Hes probably just talking about the genuine email theymos sent out about the hack. I am not, please re-read the first sentence I got this in an email address not associated with Bitcointalk. |
|
|
|
vm1990
Legendary
Offline
Activity: 1540
Merit: 1002
|
|
May 27, 2015, 12:32:11 AM |
|
I got the same one. Doesn't worry me too much who sent it, since there's no links....
That makes no sense, did they (perhaps) forget to insert the phishing links? Hes probably just talking about the genuine email theymos sent out about the hack. I am not, please re-read the first sentence I got this in an email address not associated with Bitcointalk. did you try using search. think you can search users by email address **never mind its been disabled. google it xd google knows all |
|
|
|
|
achow101_alt
|
|
May 27, 2015, 12:35:14 AM |
|
The content of the email is the same as the official email from Theymos, and it probably is it. It just seems to have a few extra newlines. After I compared the two messages and removed the extra newlines, it was successfully verified using Theymos's key. This is the original message that is verified: -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
You are receiving this message because your email address is associated
with an account on bitcointalk.org. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org server. The following
information about your account was likely leaked:
- Email address
- Password hash
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your
secret answer
- Various settings
You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".
If you used the same password on bitcointalk.org as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.
Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.
While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.
I apologize for the inconvenience and for any trouble that this may cause.
-----BEGIN PGP SIGNATURE-----
iF4EAREIAAYFAlVhiGIACgkQxlVWk9q1keeUmgEAhGi8pTghxISo1feeXkUMhW3a
uKxLeOOkTQR5Zh7aGKoBAMEvYsGEBGt3hzInIh+k43XJjGYywSiPAal1KI7Arfs0
=bvuI
-----END PGP SIGNATURE----- |
|
|
|
vm1990
Legendary
Offline
Activity: 1540
Merit: 1002
|
|
May 27, 2015, 12:40:10 AM |
|
The content of the email is the same as the official email from Theymos, and it probably is it. It just seems to have a few extra newlines. After I compared the two messages and removed the extra newlines, it was successfully verified using Theymos's key. This is the original message that is verified: -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
You are receiving this message because your email address is associated
with an account on bitcointalk.org. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org server. The following
information about your account was likely leaked:
- Email address
- Password hash
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your
secret answer
- Various settings
You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".
If you used the same password on bitcointalk.org as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.
Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.
While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.
I apologize for the inconvenience and for any trouble that this may cause.
-----BEGIN PGP SIGNATURE-----
iF4EAREIAAYFAlVhiGIACgkQxlVWk9q1keeUmgEAhGi8pTghxISo1feeXkUMhW3a
uKxLeOOkTQR5Zh7aGKoBAMEvYsGEBGt3hzInIh+k43XJjGYywSiPAal1KI7Arfs0
=bvuI
-----END PGP SIGNATURE----- hes not asking if it official hes asking why it got sent to an email address thats NOT linked to an account im pretty sure that even if you change your email address the new and old email addresses are both kept for security (ironic right?) so all email addresses would get the email both old and new. but in theory only current email addresses should be able to change or request a password reset |
|
|
|
|
Athertle
|
|
May 27, 2015, 01:14:40 AM |
|
The content of the email is the same as the official email from Theymos, and it probably is it. It just seems to have a few extra newlines. After I compared the two messages and removed the extra newlines, it was successfully verified using Theymos's key. This is the original message that is verified: -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
You are receiving this message because your email address is associated
with an account on bitcointalk.org. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org server. The following
information about your account was likely leaked:
- Email address
- Password hash
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your
secret answer
- Various settings
You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".
If you used the same password on bitcointalk.org as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.
Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.
While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.
I apologize for the inconvenience and for any trouble that this may cause.
-----BEGIN PGP SIGNATURE-----
iF4EAREIAAYFAlVhiGIACgkQxlVWk9q1keeUmgEAhGi8pTghxISo1feeXkUMhW3a
uKxLeOOkTQR5Zh7aGKoBAMEvYsGEBGt3hzInIh+k43XJjGYywSiPAal1KI7Arfs0
=bvuI
-----END PGP SIGNATURE----- hes not asking if it official hes asking why it got sent to an email address thats NOT linked to an account im pretty sure that even if you change your email address the new and old email addresses are both kept for security (ironic right?) so all email addresses would get the email both old and new. but in theory only current email addresses should be able to change or request a password reset Are you sure? I would think that the old email address would be discarded to make room in the databases. |
|
|
|
vm1990
Legendary
Offline
Activity: 1540
Merit: 1002
|
|
May 27, 2015, 01:25:22 AM |
|
The content of the email is the same as the official email from Theymos, and it probably is it. It just seems to have a few extra newlines. After I compared the two messages and removed the extra newlines, it was successfully verified using Theymos's key. This is the original message that is verified: -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
You are receiving this message because your email address is associated
with an account on bitcointalk.org. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org server. The following
information about your account was likely leaked:
- Email address
- Password hash
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your
secret answer
- Various settings
You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".
If you used the same password on bitcointalk.org as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.
Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.
While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.
I apologize for the inconvenience and for any trouble that this may cause.
-----BEGIN PGP SIGNATURE-----
iF4EAREIAAYFAlVhiGIACgkQxlVWk9q1keeUmgEAhGi8pTghxISo1feeXkUMhW3a
uKxLeOOkTQR5Zh7aGKoBAMEvYsGEBGt3hzInIh+k43XJjGYywSiPAal1KI7Arfs0
=bvuI
-----END PGP SIGNATURE----- hes not asking if it official hes asking why it got sent to an email address thats NOT linked to an account im pretty sure that even if you change your email address the new and old email addresses are both kept for security (ironic right?) so all email addresses would get the email both old and new. but in theory only current email addresses should be able to change or request a password reset Are you sure? I would think that the old email address would be discarded to make room in the databases. pretty sure and it wouldnt take much room in the database (dont think there encrypted) so its just raw text. and i think there kept for account hacking cases. if your accounts been hacked and the hacker changes the email address theymos can then confirm who you are and send the rest stuff to your old email address... i cant say 100% but its the only reason that makes sense |
|
|
|
|
TheMage (OP)
|
|
May 27, 2015, 02:41:41 AM |
|
The email address I received this at has never been associated with Bitcointalk. (Don't know how many times I can repeat this so people stop making assumptions on what im stating. I'm an Admin on Litecointalk so ive been around the block once or twice).
It's very awkward and would like to have an admin address this if possible.
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5180
Merit: 12884
|
|
May 27, 2015, 02:47:12 AM |
|
If the forum sent you an email, then the email address was associated with a forum account. Maybe you didn't create the account, since the forum doesn't verify email addresses. You can use the forgotten password feature to take over whichever account it's attached to if you want.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
TheMage (OP)
|
|
May 27, 2015, 02:57:20 AM |
|
If the forum sent you an email, then the email address was associated with a forum account. Maybe you didn't create the account, since the forum doesn't verify email addresses. You can use the forgotten password feature to take over whichever account it's attached to if you want.
Very interesting information...... Thank you Theymos |
|
|
|
|
tidus1097
|
|
May 27, 2015, 02:59:19 AM |
|
If the forum sent you an email, then the email address was associated with a forum account. Maybe you didn't create the account, since the forum doesn't verify email addresses. You can use the forgotten password feature to take over whichever account it's attached to if you want.
Very interesting information...... Thank you Theymos You could be the new owner of Bitcointalk.org  Or at least a "ghost" account  |
|
|
|
|
|
