Bitcoin Forum
August 20, 2019, 12:11:01 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Hacked BitcoinTalk.org Forum Database Goes for Sale on Dark Web  (Read 805 times)
superiorus
Legendary
*
Offline Offline

Activity: 1358
Merit: 1000

Bitcoiner since start, and continue to love it!


View Profile WWW
September 05, 2016, 09:28:57 PM
 #1


Read the news here: https://www.hackread.com/hacked-bitcointalk-forum-database-on-dark-web/

1566259861
Hero Member
*
Offline Offline

Posts: 1566259861

View Profile Personal Message (Offline)

Ignore
1566259861
Reply with quote  #2

1566259861
Report to moderator
1566259861
Hero Member
*
Offline Offline

Posts: 1566259861

View Profile Personal Message (Offline)

Ignore
1566259861
Reply with quote  #2

1566259861
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1566259861
Hero Member
*
Offline Offline

Posts: 1566259861

View Profile Personal Message (Offline)

Ignore
1566259861
Reply with quote  #2

1566259861
Report to moderator
1566259861
Hero Member
*
Offline Offline

Posts: 1566259861

View Profile Personal Message (Offline)

Ignore
1566259861
Reply with quote  #2

1566259861
Report to moderator
achow101
Staff
Legendary
*
Offline Offline

Activity: 1862
Merit: 2650


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
September 05, 2016, 09:33:27 PM
 #2

The article is inaccurate, and we already knew that this database was floating around somewhere. That's why it was advised to change your email after the site recovered and Theymos sent out a mass mail informing people to do so.

Furthermore, this quote
Quote
The database file has 514,408 accounts, each account has a username, email address, personal text number, gender, date of birth, website title and URL, location and password.
is misleading. All of that except for password and email address are optional, can be anything, and are publicly viewable on the forum already. The only thing to note here is the password and email address, if the email address was private and a legitimate email address (as many are not). There also isn't a "personal text number". The personal text is the little bit of text you can set under your avatar. It isn't a phone number.

tmfp
Legendary
*
Online Online

Activity: 1540
Merit: 1431


大智若愚


View Profile
September 05, 2016, 10:13:37 PM
Last edit: September 05, 2016, 10:25:43 PM by tmfp
 #3

Quote
We are pleased to announce that only 44,869 (9%) of users on Bitcointalk.org used MD5 hashing with a unique salt for passwords. Of those, we have cracked 30,389 or 68%. The remaining 91% of user passwords were hashed with "sha256crypt" and it would take us about a year to crack an estimated 60-70% of them. This method of password storage is far superior to nearly every website we've seen thus far.

https://www.leakedsource.com/blog/bitcointalkbtce



And from the same article, off topic but interesting re: the Btc-e hack of 2014

Quote
Btc-E.com had 568,355 users hacked in October of 2014. Btc-E.com data contains usernames, emails, passwords, ip addresses, register dates, languages and some internal data such as how many coins the user had.
They used some unknown password hashing method which currently makes their passwords completely uncrackable although that may change. 


Extraordinary Claims require Extraordinary Evidence
Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1876
Merit: 1745



View Profile WWW
September 05, 2016, 10:38:24 PM
 #4

The hacked forum DB (more specifically the member's table) has apparently been for sale for a long time now, and has apparently been sold a couple of times as well. A few people have wrecked a decent amount of havoc by both trolling and scamming smallish amounts using information from the hacked DB.

Bitcoin
awesome31312
Hero Member
*****
Offline Offline

Activity: 784
Merit: 503


View Profile
September 05, 2016, 11:34:55 PM
 #5

I saw the listing as it went live, and they were incredibly cheap accounts too. I'm very scared for my account Cry

Change your passwords everyone.

Account recovered 08-12-2019
The Pharmacist
Legendary
*
Offline Offline

Activity: 1610
Merit: 3060



View Profile
September 05, 2016, 11:43:27 PM
 #6

I saw the listing as it went live, and they were incredibly cheap accounts too. I'm very scared for my account Cry

Change your passwords everyone.
Well you should not have to worry if you change your password, right?  I just changed mine now. 

I don't think that if I got hacked, they could do much with my account.  It's the green-trusted hero and legendary members who have to watch out.

awesome31312
Hero Member
*****
Offline Offline

Activity: 784
Merit: 503


View Profile
September 05, 2016, 11:46:57 PM
 #7

I saw the listing as it went live, and they were incredibly cheap accounts too. I'm very scared for my account Cry

Change your passwords everyone.
Well you should not have to worry if you change your password, right?  I just changed mine now. 

I don't think that if I got hacked, they could do much with my account.  It's the green-trusted hero and legendary members who have to watch out.

They could also be either farmed accounts or really old inactive accounts that were part of the early hacks, who didn't change their passwords when the database was compromised. We should be good since Theymos hasn't issued any serious warnings about it (yet).

Account recovered 08-12-2019
Sundark
Hero Member
*****
Offline Offline

Activity: 560
Merit: 502


View Profile
September 05, 2016, 11:55:50 PM
 #8

Can we get a confirmation from the staff that forum was not hacked again today?
It is mildly unsettling seeing that old leaked database appeared just now. There is no connection between today's DDoS and that hacked database??
BitHodler
Legendary
*
Offline Offline

Activity: 1358
Merit: 1148


View Profile
September 06, 2016, 12:14:46 AM
 #9

I think the guys selling the data base are using the current DDOS attack as a cheap way to get people to think bitcointalk is hacked again, to get more interest in the older data base they have been selling several times already.

criptix
Legendary
*
Offline Offline

Activity: 1988
Merit: 1080


View Profile
September 06, 2016, 12:17:33 AM
 #10

The hacked forum DB (more specifically the member's table) has apparently been for sale for a long time now, and has apparently been sold a couple of times as well. A few people have wrecked a decent amount of havoc by both trolling and scamming smallish amounts using information from the hacked DB.

This.

If i remember correct there were offers to sell the db dump just 1 or 2 weeks after the hack.
icanscript
Hero Member
*****
Offline Offline

Activity: 686
Merit: 502



View Profile
September 06, 2016, 12:27:28 AM
 #11

I'm guessing staff have already bought this to check what was sold on.

But I think BitHodler was correct and that is the real story.

I think the guys selling the data base are using the current DDOS attack as a cheap way to get people to think bitcointalk is hacked again, to get more interest in the older data base they have been selling several times already.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!