Bitcoin Forum
November 07, 2024, 08:11:22 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: [1] 2 »  All
  Print  
Author Topic: Did localbitcoins just get hacked?  (Read 1320 times)
bitbite111 (OP)
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
April 25, 2016, 01:27:26 AM
 #1

There is a guy claiming to have the usernames and passwords of localbitcoin users. https://satoshibox.com/e3ohpjjhoez6xfy8qjk8qrmj

Should I be worried? I use the same password at every site.
gentlemand
Legendary
*
Offline Offline

Activity: 2590
Merit: 3015


Welt Am Draht


View Profile
April 25, 2016, 01:31:20 AM
 #2

Regardless of whether it's true or not, and I think we'd be hearing rather more about it if it was true, I'm sure you don't need to be spanked regarding the same password everywhere. There's enough solutions to ease the breaking of that habit.
cpfreeplz
Legendary
*
Offline Offline

Activity: 966
Merit: 1042


View Profile
April 25, 2016, 01:36:45 AM
 #3

There is a guy claiming to have the usernames and passwords of localbitcoin users. https://satoshibox.com/e3ohpjjhoez6xfy8qjk8qrmj

Should I be worried? I use the same password at every site.

He's been doing this for days it seems. He's full of crap. Don't worry about rando's claiming they 'h@xx3d u a11'. He's just a troll. His post will be deleted and he'll make another new account. Just sit back and laugh.

He claimed to have hacked 500,000 bitcointalk accounts too. It's all a FUD campaign or some other terrible agenda.

Edit: stop using the same password on every page. Does that really need to be said in this day and age?!
7788bitcoin
Legendary
*
Offline Offline

Activity: 2282
Merit: 1023


View Profile
April 25, 2016, 03:34:22 AM
 #4

He is just trying his luck.

If I were the hacker, I will quietly use the passwords to withdraw coins into my own address. Why do I need to sell them just for 0.1BTC??
tobacco123
Sr. Member
****
Offline Offline

Activity: 552
Merit: 250


View Profile
April 25, 2016, 03:45:40 AM
 #5

There is a guy claiming to have the usernames and passwords of localbitcoin users. https://satoshibox.com/e3ohpjjhoez6xfy8qjk8qrmj

Should I be worried? I use the same password at every site.

How did you get to know this? I tried satoshibox.com but there is no way to get to all the listings...

Yakamoto
Legendary
*
Offline Offline

Activity: 1218
Merit: 1007


View Profile
April 25, 2016, 03:46:18 AM
 #6

He is just trying his luck.

If I were the hacker, I will quietly use the passwords to withdraw coins into my own address. Why do I need to sell them just for 0.1BTC??
I'm 50% sure that the guy doesn't have all the accounts he says he does, chances are a majority of them are brute forced and have very little in them. Unless he releases some account names and passwords, it seems like he's trying to sell a lot of useless accounts for $45.
NLNico
Legendary
*
hacker
Offline Offline

Activity: 1876
Merit: 1295


DiceSites.com owner


View Profile WWW
April 25, 2016, 03:52:54 AM
 #7

Quote
...using multiple methods of Cross Service and Injections I've managed to gain access to their server.
As (hobby but fairly experienced) security researcher that made me laugh.

Obvious fake scam is obvious.

pooya87
Legendary
*
Offline Offline

Activity: 3626
Merit: 11010


Crypto Swap Exchange


View Profile
April 25, 2016, 04:06:09 AM
 #8

just change your password and set a very strong one instead. and if they have some kind of two factor authentication try to enable it also. then you can be sure you are safe.

also it is important to not click on every link you see claiming these type of outrageous claims.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Yakamoto
Legendary
*
Offline Offline

Activity: 1218
Merit: 1007


View Profile
April 25, 2016, 04:06:28 AM
 #9

Quote
...using multiple methods of Cross Service and Injections I've managed to gain access to their server.
As (hobby but fairly experienced) security researcher that made me laugh.

Obvious fake scam is obvious.
>Responsibly disclosed forum security flaws

Seems believable.

To be honest, it also sounded like a bunch of buzzwords to me as well, but I'm glad to see someone who's educated in this can confirm my suspicions.
MingLee
Hero Member
*****
Offline Offline

Activity: 490
Merit: 520


View Profile
April 25, 2016, 04:14:15 AM
 #10

just change your password and set a very strong one instead. and if they have some kind of two factor authentication try to enable it also. then you can be sure you are safe.

also it is important to not click on every link you see claiming these type of outrageous claims.
Hackers steals accounts through injections and other buzzwords! Security analysts HATE him!

It definitely seems like the only thing to generate business online is to use buzzwords these days, so chances are he's talking primarily out of his ass. He doesn't have anything of value.
mkc
Hero Member
*****
Offline Offline

Activity: 517
Merit: 501


View Profile
April 25, 2016, 04:48:27 AM
 #11

Gee is this true? All localbitcoin user name and passwords for 0.1 btc.
Theoretically, web site should not save user password, they should store a hash of password. When user input password, a hash is generated and compared against saved version. How can hacker reverse calculating all passwords?

bitbite111 (OP)
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
April 25, 2016, 02:54:27 PM
 #12

I downloaded it just to see, and can confirm that at least some of the passwords work. PM me for a copy.
Raimonn
Legendary
*
Online Online

Activity: 1470
Merit: 1001


View Profile
April 25, 2016, 04:36:20 PM
 #13

On its twitter, they answered to user @Themerklenews that this information about its database hacked is false.
Here you have the link: https://twitter.com/LocalBitcoins/status/724323437347504128
mobnepal
Legendary
*
Offline Offline

Activity: 1218
Merit: 1006


View Profile
April 25, 2016, 06:57:50 PM
 #14

On its twitter, they answered to user @Themerklenews that this information about its database hacked is false.
Here you have the link: https://twitter.com/LocalBitcoins/status/724323437347504128

thanks for the link, it seems it is just a rumor but i also suggest everyone not to use same password in all sites and i doubt how they managed to get those passwords? even if they hacked or done sql injection inside database password in database must be hashed one as normally all of the sites do.

So i also think this leak as fud to collect some bitcoin.
alyssa85
Legendary
*
Offline Offline

Activity: 1652
Merit: 1088

CryptoTalk.Org - Get Paid for every Post!


View Profile
April 25, 2016, 07:20:25 PM
 #15

There is a guy claiming to have the usernames and passwords of localbitcoin users. https://satoshibox.com/e3ohpjjhoez6xfy8qjk8qrmj

Should I be worried? I use the same password at every site.

You should definitely not use the same passwords for every site. Even if localbitcoins hasn't been hacked, chances are high that other exchanges you use will get hacked in the coming year. This kind of stuff is constantly happening in bitcoin world, and you should protect yourself.

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.YoBit InvestBox.|.BUY X10 AND EARN 10% DAILY.🏆
bitbaby
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1000



View Profile WWW
April 26, 2016, 02:17:47 AM
 #16

Even if this was real, which I am certain it is not, the hacker can't get the 2fa code which is required to enter your account/wallet at LBC. Also, LBC has a security measure that as soon as an account is accessed from a different location from where it was accessed earlier, they lock the account and ask the user to go through a security check, which requires them to provide proofs that they're the original owner of the account.

I downloaded it just to see, and can confirm that at least some of the passwords work. PM me for a copy.
Don't encourage the scam by vouching for it.  Angry

letyouearn2
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
April 26, 2016, 02:23:10 AM
 #17

There is a guy claiming to have the usernames and passwords of localbitcoin users. https://satoshibox.com/e3ohpjjhoez6xfy8qjk8qrmj

Should I be worried? I use the same password at every site.

Why are you inviting hackers by announcing the thing that you are using the same password for every site. That's the main mistake you are doing. Don't mind, but i am just informing you about this.

BitcoinSupremo
Copper Member
Hero Member
*****
Offline Offline

Activity: 1442
Merit: 529


View Profile
April 26, 2016, 06:46:42 AM
 #18

This is at least the 10th time I am saying it, you can always use the same password but you should do this before:

When you register somewhere, to an exchange site or any other related bitcoin site keep in mind 2 things
1. Make sure you have gmail with 2FA with SMS enabled first
2. Make sure you have a clean pc when you are registering in these sites
3. Add alwasy 2FA with Google Authenticator when these websites offer it.
4. Keep the one time passkey Google Authenticator gives you when registering in order to manually disable if you unfortunately lose your phone, in a safe place.
5. Optional, I suggest using a safe OS like Linux when trying the above 4 points.

If you do these (I personally using same password almost everywhere) but I strictly follow those 5 rules above, nothing have happened to me.

Last advice. Never leave your bitcoins in any exchange.
coinstatic
Hero Member
*****
Offline Offline

Activity: 545
Merit: 500



View Profile
April 26, 2016, 03:28:15 PM
Last edit: April 26, 2016, 04:17:41 PM by coinstatic
 #19

I highly doubt it.

I can bet you any bitcoins he wants people to panic so they start messaging him and he will offer them an alternative by obviously taking YOUR bitcoins and running off

I've never had a problem with localbitcoins and I don't think I will right now
ravens
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
April 26, 2016, 04:46:31 PM
 #20

Nah you aren't in danger, the person is probably lying. There's no way the person wouldn't withdraw the BTC in the "hacked' wallets instead of selling the passwords. Also, don't use the same password for every site you go on.

▄ ▀ ▄ ▀   LET'S THINK ABOUT THE FUTURE   ▀ ▄ ▀ ▄
●▬●▬●▬●▬●▬●▬●▬●▬●▬●▬●   WhyFuture.com   ●▬●▬●▬●▬●▬●▬●▬●▬●▬●▬●
A Blog That Discusses About Artificial Intelligence, The Future, Ethics on AI, and more
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!