I just hacked 3 and scammed 3 members.

[Quickseller]

-snip-
The hacker was using the stolen DB from the hack last year. He is stupid enough to leave a lot of information about himself so it is fairly easy to confirm when he actually hacked an account (plus the fact that an account's PW was not changed since the hack.

The hacker isn't even using a VPN, and most likely purchased the DB fairly recently. He is nothing more then a script kiddy.

Is that known? I still have to catch up on recent events (yes even things months ago). I wonder what the database costs and howmuch rockyou.txt[2] with good rules can get out of it. I would assume a large portion was breached quickly after the attack.


[2] https://wiki.skullsecurity.org/Passwords

Yes theymos confirmed that the hacker (robertt) was using the leaked password hashes here.

Robert only recently started hacking forum accounts, and trolling/scamming with them somewhat recently, so it is possible that he only recently figured out how to check for passwords from the hashes of the passwords. However the amounts that he is stealing from others is low enough to suggest that he purchased the DB recently (from what I have been told, the value of DBs declines over time, especially after it has been known that the DB has leaked).

I am not sure how much the leaked DB is worth, however I have been told that someone found the DB for sale on a DNM a few months after the hack for 100BTC by a seller with a lot of reputation on that DNM. I visited that DNM recently, and it appears that the DB is no longer listed for sale there; I am also not sure that the particular DNM in question is not an outright scam (it is listed on Deep Dot Web).

[rudarSRB]

The admin should really do a force reset of all the passwords, this is going out of controll and need to be stoped right now.
Is it not possible that he simply do a force reset?

The question would be how he could go about doing something like this.
Would he set all the passwords to the same and allow every account on the website to be hacked much easier?
Would he send out user's passwords through E-mail, leaving those without an E-mail linked to their accounts locked out?

Theymos already sent out an email when the leak happened (over a year ago) warning users to change their passwords; I do not think there is not much more he could do without breaking some user's forum experience.

Well if i would be the admin yes then i would have no choice but lock out the users who have no access to the e-mail anymore or else sign a message!!!!

The security of this forum should be the top priority and not a few users who are stupid enough to use a email that they can not access anymore!

So you shall put this in question as well :

Why he makes it so hard to recover hacked account but does not simply force lock/reset all the accounts?

But who cares right he have enough money...

[swogerino]

The security of this forum should be the top priority and not a few users who are stupid enough to use a email that they can not access anymore!

A password reset would be to help a few users who are too stupid to change their passwords. It is not theymos's fault that they didn't oblige to what his message said. Responsibility should be with the user, not the admin.

[shorena]

-snip-
The hacker was using the stolen DB from the hack last year. He is stupid enough to leave a lot of information about himself so it is fairly easy to confirm when he actually hacked an account (plus the fact that an account's PW was not changed since the hack.

The hacker isn't even using a VPN, and most likely purchased the DB fairly recently. He is nothing more then a script kiddy.

Is that known? I still have to catch up on recent events (yes even things months ago). I wonder what the database costs and howmuch rockyou.txt[2] with good rules can get out of it. I would assume a large portion was breached quickly after the attack.


[2] https://wiki.skullsecurity.org/Passwords

Yes theymos confirmed that the hacker (robertt) was using the leaked password hashes here.

Robert only recently started hacking forum accounts, and trolling/scamming with them somewhat recently, so it is possible that he only recently figured out how to check for passwords from the hashes of the passwords. However the amounts that he is stealing from others is low enough to suggest that he purchased the DB recently (from what I have been told, the value of DBs declines over time, especially after it has been known that the DB has leaked).

I am not sure how much the leaked DB is worth, however I have been told that someone found the DB for sale on a DNM a few months after the hack for 100BTC by a seller with a lot of reputation on that DNM. I visited that DNM recently, and it appears that the DB is no longer listed for sale there; I am also not sure that the particular DNM in question is not an outright scam (it is listed on Deep Dot Web).

Thanks for the links and pointers. I guess I have to wait a little longer to take a look at bitcointalk passwords.

[minifrij]

Well if i would be the admin yes then i would have no choice but lock out the users who have no access to the e-mail anymore or else sign a message!!!!
The security of this forum should be the top priority and not a few users who are stupid enough to use a email that they can not access anymore!

So you would lock out users 'stupid' enough to not use an email (which could be for several valid reasons) to protect those who are stupid enough to not change their password after a hack?

So you shall put this in question as well :
Why he makes it so hard to recover hacked account but does not simply force lock/reset all the accounts?

Theymos has several large communities that he takes care of; he is too busy to answer most queries of account recovery (especially considering that the majority of account problems are caused by the users themselves). If you can prove to a moderator that your account was hacked (through signing a message from a staked address usually) then they will apply a ban onto your account, essentially locking it.

[Roboabhishek]

Total amount excluding losses on dice: 0.1 BTC now.

2 heroes 1 senior some other shit


This is some fucking revenge for you Stunna.

What kind of revenge from stunna i don't think he will give a damn because they were not his accounts.

So what makes you think you revenged stunna ?

[Shiroslullaby]

You would have to be delusional to think this database would be worth 100BTC lol.

Sure maybe some people used the same password for the website that they did on some financial account,
but anyone with half a brain is going to use different passwords for different sites,
and especially for any kind of Bitcoin wallet/ program.
(I'm assuming they put the price so high because people assumed you could use the info to steal coins from members.)

[Quickseller]

Did anyone see what "eng.chaps.returns" posted on here before the post got deleted (I assume the account probably got nuked).

[Joel_Jantsen]

Did anyone see what "eng.chaps.returns" posted on here before the post got deleted (I assume the account probably got nuked).

It's *Engg Chakks S.After days of connecting the dots,I have managed to find his doxx.He's an Indian and a Computer Science Engineer.I missed that post anyway.Mind telling us,what was it about this time ? He still has active alt's on this forum.

[minifrij]

You would have to be delusional to think this database would be worth 100BTC lol.

It wouldn't surprise me. Remember we're talking about the details of (probably) 500,000 members.

Sure maybe some people used the same password for the website that they did on some financial account,
and especially for any kind of Bitcoin wallet/ program.
(I'm assuming they put the price so high because people assumed you could use the info to steal coins from members.)

There are more ways to steal Bitcoin than getting someone's wallet.
Look in the OP, he was able to get 0.16-0.17BTC from 3 members using accounts with little trust. If the could get that with those accounts, what if he got one with Dark Green trust? What if he got one on the DT network? Not to mention that he could also sell the accounts on, or scrape the accounts for personal details to sell.

but anyone with half a brain is going to use different passwords for different sites,

You'd think so, but it's amazing how many people practice terrible security.

[Roboabhishek]

-snip-

-snip-

-snip-

Okay, so this is what happend:

I saw that the user stealth923 was asking for a loan, so I decided to look at the request and accepted it. I thought it was shady that there was no signed message, but it was never staked so I though it was ok, since all the posts were in altcoin announcements. Then he gave me the password, which sounded like easy hackable. So then I made a post and said it, then the lender/scammer became angry and said I was a scammer, so I was forced to send him the lending amount we agreed on. Since the that account I control now is a hero member, is it lucky that there was only scammed 0.08BTC and not more, so the damage that is caused is small. I have send an email to the real owner, since that email was staked in a PM from 2014 and was in the profile page. Now I will be waiting for the real owner to contact me and we will talk about what we will do. Please son't send me fake emails, I am not stupid.

Are you going to give the hero member account to its right full owner without asking for the btc which you have lost in lending ?
You should ask the owner around 0.1-0.15 BTC for recovering his account   and for work you have done in finding the real owner

[Joca97]

Total amount excluding losses on dice: 0.1 BTC now.

2 heroes 1 senior some other shit


This is some fucking revenge for you Stunna.

What kind of revenge from stunna i don't think he will give a damn because they were not his accounts.

So what makes you think you revenged stunna ?

hmm i guess we wont know because the OP isnt responding anymore
but this thread is wierd with the guy conffesing and spitting on the forum that it sucks

[FruitsBasket]

-snip-

-snip-

-snip-

Okay, so this is what happend:

I saw that the user stealth923 was asking for a loan, so I decided to look at the request and accepted it. I thought it was shady that there was no signed message, but it was never staked so I though it was ok, since all the posts were in altcoin announcements. Then he gave me the password, which sounded like easy hackable. So then I made a post and said it, then the lender/scammer became angry and said I was a scammer, so I was forced to send him the lending amount we agreed on. Since the that account I control now is a hero member, is it lucky that there was only scammed 0.08BTC and not more, so the damage that is caused is small. I have send an email to the real owner, since that email was staked in a PM from 2014 and was in the profile page. Now I will be waiting for the real owner to contact me and we will talk about what we will do. Please son't send me fake emails, I am not stupid.

Are you going to give the hero member account to its right full owner without asking for the btc which you have lost in lending ?
You should ask the owner around 0.1-0.15 BTC for recovering his account   and for work you have done in finding the real owner

I didn't have a chance to, since theymos had to come in and reset the password of the account I held as collateral. Of course I was upset about it, since I worked hard for that bitcoin. The real owner didn't even bother to reply when he got his account back(most probable).

[Das]

This hacking thing is just over my head. I have absolutely no idea how a hacker does his work.

Looks like rocket science to me