Please delete

[nethead]

Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

I guess but this is not the case. He admited that he has access to the given info, dont know if he can manage too

[greyhawk]

Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.

What is this then?

secret_phrase='Neurobion'

Sincere question, I've never used bitchain.

[HostFat]

I want to know every informations that an admin of blockchain.info can see.
I thought that most of them were encrypted...

[MemoryDealers]

Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.

What is this then?

secret_phrase='Neurobion'

Sincere question, I've never used bitchain.

This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request.   It in no way grants access to the account funds in any way.  

Basically it is used so Blockchain can verify that they are communicating with the actual account owner.

[John (John K.)]

Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.

What is this then?

secret_phrase='Neurobion'

Sincere question, I've never used bitchain.

That would be a key to retrieve wallet identifiers or disable the 2FA:

Secret Phrase
A secret phrase can be set in your "Account Details" panel after login. In the case of lost wallet identifiers, yubikeys or lost email access the secret phrase can be given to us to help verify account ownership. This is reviewed manually on a case by case basis.

The password used to encrypt the wallet containing the privkeys is not sent to the server.

[MemoryDealers]

I want to know every informations that an admin of blockchain.info can see.
I thought that most of them were encrypted...

It is all encrypted,  but it depends on  your privacy settings.

Quoted from: https://blockchain.info/wallet/anonymity

Alerts Disabled: If you have notifications disabled your public keys are stored encrypted inside your wallet. In this mode we are unable to view your public keys and hence cannot view your balance or transactions.


Alerts Enabled: When notifications are enabled your public keys are inserted in a separate table along with your email, skype handle or google talk username. This mode does sacrifice some Anonymity as we can now see your public keys and view your wallet balance. However just because a wallet contains a public key does not necessarily mean they are the owner of said key (as you can add keys without the respective private key).

In this case the scammer with my bitcoins had Alerts enabled for his wallet,  so I could easily verify %100 for sure that he has my money in his Blockchain wallet.

If he had his alerts set to Disabled,  I wouldn't know if he really had my money or not.

[ribuck]

This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request.   It in no way grants access to the account funds in any way.  

Basically it is used so Blockchain can verify that they are communicating with the actual account owner.

So obviously it needs to be securely hashed, or else anyone who compromises the database (or has authorised access to it) can impersonate the actual account owner.

[nethead]

Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.

What is this then?

secret_phrase='Neurobion'

Sincere question, I've never used bitchain.

This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request.   It in no way grants access to the account funds in any way.  

Basically it is used so Blockchain can verify that they are communicating with the actual account owner.

And reset their passwords? maybe?

Ill try to stay ontopic: Just a reminder I do not owe you anything. I got what i have sent you, then the address was gotten by someone else. It WAS anon. And i re-request proof which you dont give that it isnt


Also, why some people try to get into my account? I got my funds away as soon as he showed me that he has access to that info, MY info!

[Raoul Duke]

And so it started, the shitstorm: https://bitcointalk.org/index.php?topic=131608

[MemoryDealers]

And reset their passwords? maybe?

This is NO PASSWORD RESET for Blockchain.info

If you have a secure password,  your money is safe no matter what.

Otherwise I could have reset your password and taken the money you owe me.

[Deprived]

This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request.   It in no way grants access to the account funds in any way.  

Basically it is used so Blockchain can verify that they are communicating with the actual account owner or a part-owner of the site or anyone else allowed to just look these up..

FYP

[Bitcoinin]

And so it started, the shitstorm: https://bitcointalk.org/index.php?topic=131608

Blockchain.info has some of the best services for newbies - can we please not scare them off and do as much damage control here as possible?

[CharlieContent]

Otherwise I could have reset your password and taken the money you owe me.

Wow. What a scumbag.

Why should anyone trust you after this? After all, you have no problems going into people's accounts and just taking what you think you are owed in a completely separate business venture. You claim not to be capable, but I'm not sure that I believe a word you say.

BlockChain.info says: "Be your own bank"

What it actually means is: "Open an account at the Roger Ver Bank."

[HostFat]

This is NO PASSWORD RESET for Blockchain.info

If you have a secure password,  your money is safe no matter what.

Otherwise I could have reset your password and taken the money you owe me.

Can you contact another admin of blockchain.info and acting as someone else that wants back his own wallet? (and giving the secretpass)
If this is an open possibility, than it's better to find a way to make it harder or better impossible.

Saving the hash of the password seems a good start.

[augustocroppo]

The Bitcoin address and payments in question are:  http://blockchain.info/address/1H4UR5M72Ybpo4zrqWe8JKKYSeN1gxqBcU

What are the transactions ID of the BTC supposedly sent to Nikolaos?

The current privacy policy states:

But we will disclose these information ...... to protect against misuse or unauthorized use of our website.

I think this falls pretty clearly within that.

That is not what the privacy policy implies. Your policy suggest that you will only disclose personal information only when legally required by a government agency. Moreover, the user did not misused the Internet page.

http://memorydealers.com/terms-and-privacy/

We will not disclose or sell your personal contact information to any third parties without your permission. But we will disclose these information when legally required to do so, at the request of governmental authorities conducting an investigation, to verify or enforce compliance with the policies governing our website and applicable laws or to protect against misuse or unauthorized use of our website.

He has also since threatened my family with the following statement that is obviously directed towards me:  "FuckingTheDeadBodyOfRogersMom"

How the threat was made and by what kind of media?

[MemoryDealers]

Otherwise I could have reset your password and taken the money you owe me.

Wow. What a scumbag.

Why should anyone trust you after this? After all, you have no problems going into people's accounts and just taking what you think you are owed in a completely separate business venture. You claim not to be capable, but I'm not sure that I believe a word you say.

BlockChain.info says: "Be your own bank"

What it actually means is: "Open an account at the Roger Ver Bank."

Please look up the difference between "could" and "would"

I would never do such a thing even if I could.

[nethead]

He has also since threatened my family with the following statement that is obviously directed towards me:  "FuckingTheDeadBodyOfRogersMom"

How the threat was made and by what kind of media?
[/quote]

Guess, blockchain secret key

[piuk]

Roger has pointed me to this thread.

Roger owns part of blockchain, so has access to the admin panel along with me. The admin panel is very basic but there is the ability to query wallets based on certain information. Recently the ability to query a wallet by bitcoin address was added, when notifications are enabled.

These queries are designed to help users recover a forgotten wallet identifier and is not supposed to be used for any other purpose.



If a wallet is found the results are shown as follows:

[Wallet {email='zootreeves@gmail.com'
, guid='abf66471-fe0a-6820-8977-55d7e8c1f6b2'
, shared_key='XXX-XXX-XXX-XXX'
, secret_phrase='My Secret'
, alias='piuk'
, created=Tue Jan 03 12:52:07 GMT 2012
, updated=Tue Dec 18 19:47:40 GMT 2012
, created_ip='81.187.238.52'
, updated_ip='127.0.0.1'
, sms_number='+44 7525431876'
, country='GBP'}
]

So you have the date the wallet was created, when it was last updated, the ip that created it and the ip that updated it. The secret phrase is the phrase required in order to reset two-factor authentication, not the password. The password, wallet balance, other addresses cannot be viewed.

I am going to change notifications to store SHA256(bitcoin_address) rather than the plain bitcoin address which will remove the ability to lookup a wallet by address entirely.

[MemoryDealers]

This is NO PASSWORD RESET for Blockchain.info

If you have a secure password,  your money is safe no matter what.

Otherwise I could have reset your password and taken the money you owe me.

Can you contact another admin of blockchain.info and acting as someone else that wants back his own wallet? (and giving the secretpass)
If this is an open possibility, than it's better to find a way to make it harder or better impossible.

This is not possible.

There is no way for an admin or anyone else in the entire world other than someone who knows the current password to change the password.
If you kept your password a secret,  then no one else in the entire world has access to the funds in your blockchain wallet.

[BadBear]

I saw it just before he deleted it, nethead posted using this account then immediately deleted it. Was a typical nethead post, mentioned it was an anon account and he never got the money, then asked roger to end it as he had to leave in a few mins.  https://bitcointalk.org/index.php?action=profile;u=75200