The server hack of May 2015 and it's effects on *YOUR* accounts

[legendster]

I am going to discuss here how this recent hack has affected me and what steps I have taken to avoid further ramifications from this incident.

So the first thing that I did right after I gained access here - like a few minutes ago, was check the secret question I set here but I found that it was empty.
I dont remember if I never actually set a security question, and if I did which one was it but all I know now is it is empty, weather it was cleared off after this recent attack or not I'll let you guys to speculate.

Ive already done the very basic things like changing password of this account and changing the password of any accounts associated with this email with this password combination, I also thought it would be a wise thing to do to change the secret question of the email id as well.

Has this hack affected me ? So far no, but I do think its best to take precaution.

So my question to you guys would be what practical steps would you take to avoid being hacked by the info supposedly leaked by this forum. How much sensitive information does your BCT account has in it that it can really affect you if at all ??

Also, since this attack, I have heard all this buzz about stowing the salt and pass hash in the same table on reddit, now, I am not going to pretend to understand the complexity of those discussions but what precautions and changes has (or will) the forum take(n) to prevent similar incidents from happening again ??

[1714882318]

1714882318

[Gervais]

Hopefully people can learn from this and take it as a kick up the ass to make sure people protect themselves as much as possible and not rely on others to keep your personal data 100% safe. I think its absolutely essential that people don't re-use passwords and I'd recommend using a different email here compared to all your other things. If the hackers have your email then its already vulnerable and exposed. If you used it to sign up to other bitcoin related sites like exchanges or web wallets than that could definitely be a problem. I'm sure problems will start arising soon from the leaked data but hopefully this can be kept to a minimum and if people change all their exposed info they should be good (but we know not everyone will).

[legendster]

Hopefully people can learn from this and take it as a kick up the ass to make sure people protect themselves as much as possible and not rely on others to keep your personal data 100% safe. I think its absolutely essential that people don't re-use passwords and I'd recommend using a different email here compared to all your other things. If the hackers have your email then its already vulnerable and exposed. If you used it to sign up to other bitcoin related sites like exchanges or web wallets than that could definitely be a problem. I'm sure problems will start arising soon from the leaked data but hopefully this can be kept to a minimum and if people change all their exposed info they should be good (but we know not everyone will).

Agreed, the real problem is that the issues arising from this incident wont be obvious in the recent days and by the time they do become obvious how would one link it to this forum ?
Who takes responsibility IF someone faces monetary losses because of THIS incident ?

[TECSHARE]

Who takes responsibility IF someone faces monetary losses because of THIS incident ?

No one, just like every other hack.

[Xialla]

Agreed, the real problem is that the issues arising from this incident wont be obvious in the recent days and by the time they do become obvious how would one link it to this forum ?
Who takes responsibility IF someone faces monetary losses because of THIS incident ?

uhh somebody pushed you to create acc here or insert mail address/password? firstly, it is your responsibility and decision, that you are here..

[legendster]

Agreed, the real problem is that the issues arising from this incident wont be obvious in the recent days and by the time they do become obvious how would one link it to this forum ?
Who takes responsibility IF someone faces monetary losses because of THIS incident ?

uhh somebody pushed you to create acc here or insert mail address/password? firstly, it is your responsibility and decision, that you are here..

Thats just a naive thing to say. Its equivalent to saying "If you were a bikini in a beach you will be raped."

[notlist3d]

With possibility of IP address's.  I suggest changing yours if your dynamic.  Also do not use default password on router.

I was a little paranoid an turned off telnet, outside access, etc on my router.   I don't have anything really that special on my network I just wanted to feel safe.

The question is still there on what is motive.  Was it Money, Power, ReP, etc?   I would also be careful with emails as they might try to target emails of accounts here with emails appearing to be from other services.

[Gervais]

Who takes responsibility IF someone faces monetary losses because of THIS incident ?

No one, just like every other hack.

The person responsible is the hacker and they should be held accountable, but the forum as well as any other site shouldn't be expected or relied upon to keep your info invincible or 100% safe because things like this can always happen. It's also the user's responsibility to make sure all their other accounts are safe and if your other accounts get hacked because of the leak then thats your fault for having poor security practices. The only thing you wouldn't be responsible for is your forum account getting potentially hacked but if you've changed your details then all should be fine.

[legendster]

With possibility of IP address's.  I suggest changing yours if your dynamic.  Also do not use default password on router.

I was a little paranoid an turned off telnet, outside access, etc on my router.   I don't have anything really that special on my network I just wanted to feel safe.

The question is still there on what is motive.  Was it Money, Power, ReP, etc?   I would also be careful with emails as they might try to target emails of accounts here with emails appearing to be from other services.

Its no secret that this forum is run on the business of fear (ahem! ahem!..xxx Trust score xxx..ahem!) so its probably the same power game but hey if they are spending thousands of dollars and hundreds of hours trying to come up with a way to hack EVERYONE on the forum there MUST be a monetary motivation.

[erikalui]

The only thing which is affecting me due to the hack is the spam emails I am receiving since May 25th. The number is not huge but since there are now many users who are receiving these spam emails, they also have started sending these spam emails.

I have learnt one thing that when I create a forum account now, I need to choose an email that I never use and a password that I have never used or will never use in my life. I am also deleting any PMs I find contain any sensitive information (if any). Fortunately, I am not that affected by this hack as I don't have any details which if leaked can cause any harm (except the fact that my IP address being leaked can cause any harm to me).

[redsn0w]

Who takes responsibility IF someone faces monetary losses because of THIS incident ?

No one, just like every other hack.

The person responsible is the hacker and they should be held accountable, but the forum as well as any other site shouldn't be expected or relied upon to keep your info invincible or 100% safe because things like this can always happen. It's also the user's responsibility to make sure all their other accounts are safe and if your other accounts get hacked because of the leak then thats your fault for having poor security practices. The only thing you wouldn't be responsible for is your forum account getting potentially hacked but if you've changed your details then all should be fine.

This is obvious, but it is also obvious that he will not repay the damage to the entire forum. It is not an user responsibility, if they used a weak password like "1234567890"... because the hacked gained the access to the DB (with a reset of the root's pwd ).

[--Encrypted--]

Wow.. looks like I missed a big hack again. when did this happened?
should I change my password as soon as possible or is it okay to leave it? (I hate having to memorize another password)

[Xialla]

Wow.. looks like I missed a big hack again. when did this happened?
should I change my password as soon as possible or is it okay to leave it? (I hate having to memorize another password)

change it asap.) related details here: https://bitcointalk.org/index.php?topic=1067985.0

[--Encrypted--]

Wow.. looks like I missed a big hack again. when did this happened?
should I change my password as soon as possible or is it okay to leave it? (I hate having to memorize another password)

change it asap.) related details here: https://bitcointalk.org/index.php?topic=1067985.0

my foot. looks like the hacker(s) stole almost every information there is to steal.

[Xialla]

Wow.. looks like I missed a big hack again. when did this happened?
should I change my password as soon as possible or is it okay to leave it? (I hate having to memorize another password)

change it asap.) related details here: https://bitcointalk.org/index.php?topic=1067985.0

my foot. looks like the hacker(s) stole almost every information there is to steal.

don't even remind here, that they had info like IP address or mail..

[favdesu]

change your password AND email address. that's probably all you can do for now

[Bitdonator]

I think that guy who hack Bitcointalk forum only want
our emails, so he can send spam.

I see more  and more BTC related spam in my email acc.

[LFC_Bitcoin]

First thing I did was change my password, I then changed the email.
If the email you used to register here is your main email account I suggest you change all your sensitive info to a new mail account & close the potentially compromised old email account down.
It's too dangerous for them to have access to an email account that has bank details or other such sensitive info in.
These are very clever, tech people, they are not to be trusted, it's not worth the risk.

[legendster]

I think that guy who hack Bitcointalk forum only want
our emails, so he can send spam.

I see more  and more BTC related spam in my email acc.

So you are saying that the thieves would rather send you spam mails than steal your millions of dollars ? haha

[spud21]

Wow.. looks like I missed a big hack again. when did this happened?
should I change my password as soon as possible or is it okay to leave it? (I hate having to memorize another password)

By all means change your password, but change it to something completely random including special characters. Anything you can remember is unlikely to be random and is easily cracked if an attacker has the additional salt information that was stolen during the last hack.

If your new password is not completely random and a similar hack happens in the future your password could be cracked and you could lose your account. Consider using password management software to generate and store a new password.