Did localbitcoins just get hacked?

[bitbite111]

There is a guy claiming to have the usernames and passwords of localbitcoin users. https://satoshibox.com/e3ohpjjhoez6xfy8qjk8qrmj

Should I be worried? I use the same password at every site.

[gentlemand]

Regardless of whether it's true or not, and I think we'd be hearing rather more about it if it was true, I'm sure you don't need to be spanked regarding the same password everywhere. There's enough solutions to ease the breaking of that habit.

[cpfreeplz]

There is a guy claiming to have the usernames and passwords of localbitcoin users. https://satoshibox.com/e3ohpjjhoez6xfy8qjk8qrmj

Should I be worried? I use the same password at every site.

He's been doing this for days it seems. He's full of crap. Don't worry about rando's claiming they 'h@xx3d u a11'. He's just a troll. His post will be deleted and he'll make another new account. Just sit back and laugh.

He claimed to have hacked 500,000 bitcointalk accounts too. It's all a FUD campaign or some other terrible agenda.

Edit: stop using the same password on every page. Does that really need to be said in this day and age?!

[7788bitcoin]

He is just trying his luck.

If I were the hacker, I will quietly use the passwords to withdraw coins into my own address. Why do I need to sell them just for 0.1BTC??

[tobacco123]

There is a guy claiming to have the usernames and passwords of localbitcoin users. https://satoshibox.com/e3ohpjjhoez6xfy8qjk8qrmj

Should I be worried? I use the same password at every site.

How did you get to know this? I tried satoshibox.com but there is no way to get to all the listings...

[Yakamoto]

He is just trying his luck.

If I were the hacker, I will quietly use the passwords to withdraw coins into my own address. Why do I need to sell them just for 0.1BTC??

I'm 50% sure that the guy doesn't have all the accounts he says he does, chances are a majority of them are brute forced and have very little in them. Unless he releases some account names and passwords, it seems like he's trying to sell a lot of useless accounts for $45.

[NLNico]

...using multiple methods of Cross Service and Injections I've managed to gain access to their server.

As (hobby but fairly experienced) security researcher that made me laugh.

Obvious fake scam is obvious.

[pooya87]

just change your password and set a very strong one instead. and if they have some kind of two factor authentication try to enable it also. then you can be sure you are safe.

also it is important to not click on every link you see claiming these type of outrageous claims.

[Yakamoto]

...using multiple methods of Cross Service and Injections I've managed to gain access to their server.

As (hobby but fairly experienced) security researcher that made me laugh.

Obvious fake scam is obvious.

>Responsibly disclosed forum security flaws

Seems believable.

To be honest, it also sounded like a bunch of buzzwords to me as well, but I'm glad to see someone who's educated in this can confirm my suspicions.

[MingLee]

just change your password and set a very strong one instead. and if they have some kind of two factor authentication try to enable it also. then you can be sure you are safe.

also it is important to not click on every link you see claiming these type of outrageous claims.

Hackers steals accounts through injections and other buzzwords! Security analysts HATE him!

It definitely seems like the only thing to generate business online is to use buzzwords these days, so chances are he's talking primarily out of his ass. He doesn't have anything of value.

[mkc]

Gee is this true? All localbitcoin user name and passwords for 0.1 btc.
Theoretically, web site should not save user password, they should store a hash of password. When user input password, a hash is generated and compared against saved version. How can hacker reverse calculating all passwords?

[bitbite111]

I downloaded it just to see, and can confirm that at least some of the passwords work. PM me for a copy.

[Raimonn]

On its twitter, they answered to user @Themerklenews that this information about its database hacked is false.
Here you have the link: https://twitter.com/LocalBitcoins/status/724323437347504128

[mobnepal]

On its twitter, they answered to user @Themerklenews that this information about its database hacked is false.
Here you have the link: https://twitter.com/LocalBitcoins/status/724323437347504128

thanks for the link, it seems it is just a rumor but i also suggest everyone not to use same password in all sites and i doubt how they managed to get those passwords? even if they hacked or done sql injection inside database password in database must be hashed one as normally all of the sites do.

So i also think this leak as fud to collect some bitcoin.

[alyssa85]

There is a guy claiming to have the usernames and passwords of localbitcoin users. https://satoshibox.com/e3ohpjjhoez6xfy8qjk8qrmj

Should I be worried? I use the same password at every site.

You should definitely not use the same passwords for every site. Even if localbitcoins hasn't been hacked, chances are high that other exchanges you use will get hacked in the coming year. This kind of stuff is constantly happening in bitcoin world, and you should protect yourself.

[bitbaby]

Even if this was real, which I am certain it is not, the hacker can't get the 2fa code which is required to enter your account/wallet at LBC. Also, LBC has a security measure that as soon as an account is accessed from a different location from where it was accessed earlier, they lock the account and ask the user to go through a security check, which requires them to provide proofs that they're the original owner of the account.

I downloaded it just to see, and can confirm that at least some of the passwords work. PM me for a copy.

Don't encourage the scam by vouching for it. 

[letyouearn2]

There is a guy claiming to have the usernames and passwords of localbitcoin users. https://satoshibox.com/e3ohpjjhoez6xfy8qjk8qrmj

Should I be worried? I use the same password at every site.

Why are you inviting hackers by announcing the thing that you are using the same password for every site. That's the main mistake you are doing. Don't mind, but i am just informing you about this.

[BitcoinSupremo]

This is at least the 10th time I am saying it, you can always use the same password but you should do this before:

When you register somewhere, to an exchange site or any other related bitcoin site keep in mind 2 things
1. Make sure you have gmail with 2FA with SMS enabled first
2. Make sure you have a clean pc when you are registering in these sites
3. Add alwasy 2FA with Google Authenticator when these websites offer it.
4. Keep the one time passkey Google Authenticator gives you when registering in order to manually disable if you unfortunately lose your phone, in a safe place.
5. Optional, I suggest using a safe OS like Linux when trying the above 4 points.

If you do these (I personally using same password almost everywhere) but I strictly follow those 5 rules above, nothing have happened to me.

Last advice. Never leave your bitcoins in any exchange.

[coinstatic]

I highly doubt it.

I can bet you any bitcoins he wants people to panic so they start messaging him and he will offer them an alternative by obviously taking YOUR bitcoins and running off

I've never had a problem with localbitcoins and I don't think I will right now

[ravens]

Nah you aren't in danger, the person is probably lying. There's no way the person wouldn't withdraw the BTC in the "hacked' wallets instead of selling the passwords. Also, don't use the same password for every site you go on.