Bitcoin Forum
December 16, 2019, 06:02:41 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Re: A mail from noreply@bitcointalk.org  (Read 799 times)
joyjeet
Member
**
Offline Offline

Activity: 60
Merit: 10


View Profile WWW
May 26, 2015, 07:02:42 AM
 #1

AT Mon, May 25, 2015 at 8:42 PM I have received a mail from [Suspicious link removed]. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org server. The following
information about your account was likely leaked:
 - Email address
 - Password hash
 - Last-used IP address and registration IP address
 - Secret question and a basic (not brute-force-resistant) hash of your
 secret answer
 - Various settings

You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".

If you used the same password on bitcointalk.org as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.

Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.

While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.

I apologize for the inconvenience and for any trouble that this may cause.
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlVhiGIACgkQxlVWk9q1keeUmgEAhGi8pTghxISo1feeXkUMhW3a
uKxLeOOkTQR5Zh7aGKoBAMEvYsGEBGt3hzInIh+k43XJjGYywSiPAal1KI7Arfs0
=bvuI
-----END PGP SIGNATURE-----

I am a bit confused because the links would take me to http://www.google.com/url?q=http%3A%2F%2Fbitcointalk.org&sa=D&sntz=1&usg=AFQjCNHPB6utuCv1w0kwFLQvdDAmz60Lpg

where in bitcointalk has a link as https

Can someone please confirm whether this is genuine or not because if this is genuine then I should change my password else this is some kind of trick

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
favdesu
Legendary
*
Offline Offline

Activity: 1722
Merit: 1000



View Profile WWW
May 26, 2015, 07:12:43 AM
 #2

hey, check https://bitcointalk.org/index.php?topic=1070136.0

it's an invalid pgp signature, probably fake.

joyjeet
Member
**
Offline Offline

Activity: 60
Merit: 10


View Profile WWW
May 26, 2015, 07:19:59 AM
 #3

Yes, Even I doubted that, but then I searched google and there are links to bitcointalk forum where people are saying that bitcointalk forum was again hacked

However on a safer side I just changed my details by coming directly to the page and have avoided clicking the link which came in the email

dominicg
Full Member
***
Offline Offline

Activity: 166
Merit: 100



View Profile
May 26, 2015, 07:21:39 AM
 #4

Yes, Even I doubted that, but then I searched google and there are links to bitcointalk forum where people are saying that bitcointalk forum was again hacked

However on a safer side I just changed my details by coming directly to the page and have avoided clicking the link which came in the email

You did the right thing. Most users here recieved that kind of email. Safer way is just visit the site directly and avoid clicling links in the email

jacktheking
Legendary
*
Offline Offline

Activity: 1428
Merit: 1001


Personal Text Space Not For Sale


View Profile
May 26, 2015, 07:24:37 AM
 #5

Just changed my password and security question. I also received the email few days back. I'm using my phone so I did not click on the link. When I'm back using computer today.. I just went to Bitcointalk.org as normal. Why would I log into my email and click the link? After reading this thread I feel safer as I did not click on any suspicious link.

Hey! Thank you for visiting/stalking my profile! I appreciate it. ^.^.
romano1
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250


have fun


View Profile
May 26, 2015, 07:48:49 AM
 #6

I never reply to any such messages Smiley , and i hope people are smart enough to avoid these Smiley
notlist3d
Legendary
*
Offline Offline

Activity: 1470
Merit: 1000



View Profile
May 26, 2015, 08:00:41 AM
 #7

Just changed my password and security question. I also received the email few days back. I'm using my phone so I did not click on the link. When I'm back using computer today.. I just went to Bitcointalk.org as normal. Why would I log into my email and click the link? After reading this thread I feel safer as I did not click on any suspicious link.

Honestly I would not use the security question.  I would have a email that is secure possible 2fa access that account info is sent to.  It would be harder to steal account this way.

Also highly suggest staking a BTC account in Meta in case you ever do lose account.   Everyone after this really should stake a address if they have not.
joyjeet
Member
**
Offline Offline

Activity: 60
Merit: 10


View Profile WWW
May 26, 2015, 08:06:50 AM
 #8

I think bitcointalk admin should take some steps and post a news also with announcements of the same so that when people search google they get appropriate new, because when I searched for the same I get links where people are talking that the forum is compromised.

BTW- we all members are more smarter than those creepy hackers  Tongue - we will never click the links sent over email rather would come to the forum directly

notlist3d
Legendary
*
Offline Offline

Activity: 1470
Merit: 1000



View Profile
May 26, 2015, 08:41:35 AM
 #9

I think bitcointalk admin should take some steps and post a news also with announcements of the same so that when people search google they get appropriate new, because when I searched for the same I get links where people are talking that the forum is compromised.

BTW- we all members are more smarter than those creepy hackers  Tongue - we will never click the links sent over email rather would come to the forum directly

As far as forum's nothing compares to here.  There just is not anything.

If in future you need it check out: http://www.reddit.com/r/Bitcoin/   .  I watched that during the weekend and was able to get a little info by reading, to tide me over till I got the email everyone got.  But hopefully you will never need this again because of security reasons.  But reddit bitcoin has a decent amount of people.
randy8777
Legendary
*
Offline Offline

Activity: 896
Merit: 1000


View Profile
May 26, 2015, 08:43:37 AM
 #10

I think bitcointalk admin should take some steps and post a news also with announcements of the same so that when people search google they get appropriate new, because when I searched for the same I get links where people are talking that the forum is compromised.

BTW- we all members are more smarter than those creepy hackers  Tongue - we will never click the links sent over email rather would come to the forum directly

as long as people refuse to use common sense and not click on links, hackers will continue to have success. newbies don't know how to secure wallets properly, so if they indeed click on a bad link they are burned.
joyjeet
Member
**
Offline Offline

Activity: 60
Merit: 10


View Profile WWW
May 26, 2015, 08:56:14 AM
 #11

Ok guys just found this on Coin Desk
Published on May 22, 2015 at 07:21 BST

I think you all should read it

Here is the link http://www.coindesk.com/bitcointalk-server-compromised/

notlist3d
Legendary
*
Offline Offline

Activity: 1470
Merit: 1000



View Profile
May 26, 2015, 09:00:46 AM
 #12

Ok guys just found this on Coin Desk
Published on May 22, 2015 at 07:21 BST

I think you all should read it

Here is the link http://www.coindesk.com/bitcointalk-server-compromised/

I suggest going over to Meta - https://bitcointalk.org/index.php?topic=1067985.0

It has a longer and more current timeline.  It goes more in depth, but I don't think we know yet for sure full extent.  Time will tell this.
w.a.y.n.e
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
May 26, 2015, 09:03:14 AM
 #13

I too just got one of these messages, and like others have said in this and the other thread, no link in the email to click, i just came here directly from the shortcut i have saved with my login details, and updated my password, i didn't set a security question so knew i didn''t need to do anything with that.

Seems a bit stupid if you send out a phishing email, with no phishing link in it  Roll Eyes  Huh
Gervais
Sr. Member
****
Offline Offline

Activity: 366
Merit: 250



View Profile
May 26, 2015, 11:23:39 AM
 #14

Seems a bit stupid if you send out a phishing email, with no phishing link in it  Roll Eyes  Huh

That's because it's not a phishing email.
nintendo1889
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
May 26, 2015, 11:27:10 AM
 #15

Seems a bit stupid if you send out a phishing email, with no phishing link in it  Roll Eyes  Huh

That's because it's not a phishing email.

Could someone please confirm that the forum hasn't been hacked and that someone isn't capturing our new passwords. I don't use this password anywhere else, but I still would like to know.

And where is the valid bitcointalk.org pgp signature?
notlist3d
Legendary
*
Offline Offline

Activity: 1470
Merit: 1000



View Profile
May 26, 2015, 11:59:35 AM
 #16

Seems a bit stupid if you send out a phishing email, with no phishing link in it  Roll Eyes  Huh

That's because it's not a phishing email.

Could someone please confirm that the forum hasn't been hacked and that someone isn't capturing our new passwords. I don't use this password anywhere else, but I still would like to know.

And where is the valid bitcointalk.org pgp signature?


Go to meta and ask as far as new passwords.  It should not be happening.  It all should be past information whoever got.

But a guarantee I don't think there there is one.
Neg
Full Member
***
Offline Offline

Activity: 224
Merit: 100



View Profile
May 26, 2015, 12:13:32 PM
 #17

Seems a bit stupid if you send out a phishing email, with no phishing link in it  Roll Eyes  Huh

That's because it's not a phishing email.

Could someone please confirm that the forum hasn't been hacked and that someone isn't capturing our new passwords. I don't use this password anywhere else, but I still would like to know.

And where is the valid bitcointalk.org pgp signature?

The forum database was hacked, but it's back in safe hands now apparently. Email addresses and password hashes were apparently leaked but not the actual passwords (though they could be cracked). I'd still advise caution but I think theymos will have everything sorted. If you don;t use your password or details elsewhere I'm sure you'll be ok.
Brewins
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000



View Profile
May 26, 2015, 01:11:43 PM
 #18

I received such email even from an email account that is not linked to any bitcointalk account Huh


(haven't verified the signature, though)


something strange is happening/about to happens
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!