Bitcoin Forum
July 20, 2019, 12:15:21 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [PSA] Please *never* reuse passwords  (Read 352 times)
RHavar
Legendary
*
Offline Offline

Activity: 1736
Merit: 1360



View Profile
December 20, 2015, 05:57:45 PM
 #1

I know everyone already knows this, but please do not reuse passwords across sites. If you do, please change them now. Also make sure you use strong, unguessable (and unique!) passwords on every site your visit.

I've noticed the last couple of days, a rash of login attempts (and unfortunately logins) across bustabit and moneypot, by what appears to be set of harvested bitcoin gambling  username/password lists. All users have in common that they reuse their small and weak passwords. I'm emailing all the involved users, trying to get an idea of where they reuse their passwords to narrow down the source, which could be:

* A site that's vulnerable to brute-force login attempts (so they're attacked there, and re-used)
* A site that's had its data leaked (containing plaintext or hashed passwords)
* A malicious admin, who is using their users username/passwords on other sites

Also, 2FA has already saved one user 1 BTC, so that's something worth using too. But a secure, unique password on all sites (especially your email) is paramount.



1563581721
Hero Member
*
Offline Offline

Posts: 1563581721

View Profile Personal Message (Offline)

Ignore
1563581721
Reply with quote  #2

1563581721
Report to moderator
1563581721
Hero Member
*
Offline Offline

Posts: 1563581721

View Profile Personal Message (Offline)

Ignore
1563581721
Reply with quote  #2

1563581721
Report to moderator
1563581721
Hero Member
*
Offline Offline

Posts: 1563581721

View Profile Personal Message (Offline)

Ignore
1563581721
Reply with quote  #2

1563581721
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
RHavar
Legendary
*
Offline Offline

Activity: 1736
Merit: 1360



View Profile
December 21, 2015, 05:30:23 AM
 #2

So far everyone who's account was accessed, has used the same details at cloudbet. I have no idea if this is a coincidence (after all cloudbet is very popular), or cloudbet's db has been leaked (or vulnerable to brute-forcing). As a precaution please make sure you're not reusing a password (especially from here). If you are, change all other accounts passwords immediately =)
Joel_Jantsen
Legendary
*
Offline Offline

Activity: 1288
Merit: 1234


Can I merit you with some Flags? 🚩


View Profile
December 21, 2015, 06:15:07 AM
 #3

This doesn't belong in the gambling section.You could post this in meta or Beginners or help .

.BitDice.               ▄▄███▄▄
           ▄▄██▀▀ ▄ ▀▀██▄▄
      ▄▄█ ▀▀  ▄▄█████▄▄  ▀▀ █▄▄
  ▄▄██▀▀     ▀▀ █████ ▀▀     ▀▀██▄▄
██▀▀ ▄▄██▀      ▀███▀      ▀██▄▄ ▀▀██
██  ████▄▄       ███       ▄▄████  ██
██  █▀▀████▄▄  ▄█████▄  ▄▄████▀▀█  ██
██  ▀     ▀▀▀███████████▀▀▀     ▀  ██
             ███████████
██  ▄     ▄▄▄███████████▄▄▄     ▄  ██
██  █▄▄████▀▀  ▀█████▀  ▀▀████▄▄█  ██
██  ████▀▀       ███       ▀▀████  ██
██▄▄ ▀▀██▄      ▄███▄      ▄██▀▀ ▄▄██
  ▀▀██▄▄     ▄▄ █████ ▄▄     ▄▄██▀▀
      ▀▀█ ▄▄  ▀▀█████▀▀  ▄▄ █▀▀
           ▀▀██▄▄ ▀ ▄▄██▀▀
               ▀▀███▀▀
        ▄▄███████▄▄
     ▄███████████████▄
    ████▀▀       ▀▀████
   ████▀           ▀████
   ████             ████
   ████ ▄▄▄▄▄▄▄▄▄▄▄ ████
▄█████████████████████████▄
██████████▀▀▀▀▀▀▀██████████
████                   ████
████                   ████
████                   ████
████                   ████
████                   ████
████▄                 ▄████
████████▄▄▄     ▄▄▄████████
  ▀▀▀█████████████████▀▀▀
        ▀▀▀█████▀▀▀
▄▄████████████████████████████████▄▄
██████████████████████████████████████
█████                            █████
█████                            █████
█████                            █████
█████                            █████
█████                     ▄▄▄▄▄▄▄▄▄▄
█████                   ▄█▀▀▀▀▀▀▀▀▀▀█▄
█████                   ██          ██
█████                   ██          ██
█████                   ██          ██
██████████████████▀▀███ ██          ██
 ████████████████▄  ▄██ ██          ██
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██          ██
             ██████████ ██          ██
           ▄███████████ ██████▀▀██████
          █████████████  ▀████▄▄████▀
[/]
btc-raffle.com
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
December 21, 2015, 06:25:21 AM
 #4

So basically people who were on bustabit got there funds stolen. Sounds like a rogue admin to me.
kenw2
Sr. Member
****
Offline Offline

Activity: 344
Merit: 250


Feed me btc ^


View Profile
December 21, 2015, 06:28:09 AM
 #5

So far everyone who's account was accessed, has used the same details at cloudbet. I have no idea if this is a coincidence (after all cloudbet is very popular), or cloudbet's db has been leaked (or vulnerable to brute-forcing). As a precaution please make sure you're not reusing a password (especially from here). If you are, change all other accounts passwords immediately =)
Could be that huge cloudminr.io database leak from ages ago. It was all over pastebin so I wouldn't be surprised if people are still digging through it.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!