jackg
Copper Member
Legendary
 Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
 |
September 06, 2016, 07:15:52 AM |
|
To clarify, they're selling SHA256 passwords? Hashed passwords! There is great difficulty in converting several hundred thousand of these in one go and highly trusted members may change passwords often so little money can be gotton from this.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
"This isn't the kind of software where we can leave so many unresolved bugs that we need a tracker for them." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
ObscureBean
Legendary
Offline
Activity: 1148
Merit: 1000
|
|
September 06, 2016, 07:43:44 AM |
|
I don't see why we should be worried, I know I'm not. Let him do what he will with the data, if he's able to get the 1 BTC he asking for it then good for him. There is nothing that can done at this point anyway other than changing passwords and making sure email accounts are secured with 2FA. No sense in losing sleep over this if you ask me.
|
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5194
Merit: 12983
|
|
September 06, 2016, 07:44:46 AM |
|
I think that one extra step of security would be to have implemented a custom salt for every users password
Each hash has a unique 12-byte salt. Also, from StackOverflow: That's the same nonsense I was responding to. Not all of the passwords in the database leak had that encryption :p It's impossible to upgrade a user's hash until they log in, since their password isn't known. Those users never logged in since the hash algorithm was upgraded several years ago. |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
mjsbuddha
Sr. Member
Offline
Activity: 336
Merit: 250
yung lean
|
|
September 06, 2016, 07:46:09 AM |
|
I think that one extra step of security would be to have implemented a custom salt for every users password
Each hash has a unique 12-byte salt. Also, from StackOverflow: That's the same nonsense I was responding to. Not all of the passwords in the database leak had that encryption :p It's impossible to upgrade a user's hash until they log in, since their password isn't known. Those users never logged in since the hash algorithm was upgraded several years ago. What year did you change the hashing algorithm? From what I saw in the database some users who didn't logon after 2012 were not in it. |
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5194
Merit: 12983
|
|
September 06, 2016, 07:52:07 AM |
|
What year did you change the hashing algorithm? From what I saw in the database some users who didn't logon after 2012 were not in it.
July 2012. |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
davis196
|
|
September 06, 2016, 07:53:57 AM |
|
This just out in the news. What are the implications of this as a regular user of BCT? Should we be worried about this? http://themerkle.com/hacked-bitcointalk-user-data-finally-surfaces-on-dark-net/"Just a few days ago, the data stolen from the BitcoinTalk.org hack in 2015 was posted for sale on dark net. A hacker going by DoubleFlag, is selling BitcoinTalk.org’s database. The same hacker is said to be responsible for the 68 million emails and hashed passwords from Dropbox that went for sale on dark net not too long ago. BitcoinTalk.org was originally hacked in May of 2015, but the data wasn’t posted until a few days ago. DoubleFlag seems to have been the first one able to get his hands on it, and no one after him for that matter. The stolen data was only accessible by using data breach notification sites like Hacked-DB and LeakedSource." Damn,i guess i will have to change my password to make sure everything is fine. And damn,this might have an impact over the entre bitcoin community or over the bitcoin price. My account is created back in December 2015,the hack is on May 2015.I`m safe, i guess. |
|
|
|
|
BitcoinSupremo
|
|
September 06, 2016, 08:01:13 AM |
|
I am not worried as my account is created in beginning of February but anyway my email is secured with 2FA and everywhere where is possible in my online accounts I always add 2FA.
If the users feel worried about their accounts they can always change the password of the account, change the password of the email, add a security question here (which I honestly cannot understand why is not recommended when you do it in a right way, add it on a PC you know its super safe) and the problem is solved. I guess that Doubleflag will not get the bitcoin he is asking.
|
|
|
|
|
|
2legit2
|
|
September 06, 2016, 03:04:31 PM |
|
To clarify, they're selling SHA256 passwords? Hashed passwords! There is great difficulty in converting several hundred thousand of these in one go and highly trusted members may change passwords often so little money can be gotton from this.
yeah to be honest it would be really hard to get the passwords then i think we are safe but we most probably should change passwords |
|
|
|
|
|
[center][table][tr]
[td][b][size=7px][color=#2ebe5f]◉
◉
◉
◉[/color][/size][/b][/td]
[td][size=2pt][color=transparent].[/color][/size]
[center][url=mintdice.com/game/casino/slots?utm_source=BCT&utm_medium=Sig&utm_campaign=MD&utm_term=Hero][size=9pt][b][font=Arial][color=#2ebe5f]MULTIPLE CURRENCIES. MULTIPLE GAMES. DONE BETTER.[/color][/font][/b][/size]
[size=9pt][font=Arial][color=#838282]Introducing[size=7pt] [/size]the[size=7pt] [/size]world's[size=7pt] [/size]best[size=7pt] [/size]fully[size=7pt] [/size]featured[size=7pt] [/size]cryptocurrency[size=8pt] [/size]casino[/color][/font][/size][/url][/center][/td]
[td][b][size=7px][color=#2ebe5f]◉
◉
◉
◉[/color][/size][/b][/td]
[td][font=monospace][size=2px]
[url=facebook.com/MintDiceOnline/][color=#838282] ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄████████▀▀▀▀███▄
███████▀ ████
███████ ███████
█████ ████
███████ ███████
▀██████ ██████▀
▀▀▀▀▀ ▀▀▀▀▀[/color][/url]
[url=instagram.com/mintdice/][color=#838282] ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄██▀▀▀▀▀▀▀▀▀▀▀██▄
██ ▄▄▄▄▄ ▀ ██
██ █▀ ▀█ ██
██ █▄ ▄█ ██
██ ▀▀▀▀▀ ██
▀██▄▄▄▄▄▄▄▄▄▄▄██▀
▀▀▀▀▀▀▀▀▀▀▀▀▀[/color][/url][/size][/font][/td]
[td][font=monospace][size=2px]
[url=twitter.com/MintDice][color=#838 |
|
|
amacar2
Legendary
Offline
Activity: 1120
Merit: 1007
CryptoTalk.Org - Get Paid for every Post!
|
|
September 06, 2016, 03:32:29 PM |
|
As password is hashed with sha256 than i think it will take too long for anyone to decrypt one password which will certainly not be profitable to hacker by any means. The only reason some may buy this is to grab email list of bitcoin users to promote some shitty/scam/ponzi/fishing products in future.
|
|
|
|
yayayo
Legendary
Offline
Activity: 1806
Merit: 1024
|
|
September 06, 2016, 04:56:33 PM |
|
The hack was already discovered shortly after it happened. I think theymos urged all users to change their passwords. At least I did. Besides that I think all users that follow best security practices - which means randomly generated, long passwords with special characters - are safe anyway. In my opinion the database has been finally posted, because the hacker has extracted all passwords that he could find and now dumps the useless rest of the db.
Given the high number of users here it's pretty clear that the hacker was able to obtain several passwords which of course is bad news, because it encourages further hacking attempts. Bitcointalk is an attractive target because trusted accounts can be easily used to defraud users. Hopefully the affected users have learned their lesson and are now using safe passwords.
ya.ya.yo!
|
|
|
|
|
|
.
..1xBit.com Super Six.. | ▄█████████████▄
████████████▀▀▀
█████████████▄
█████████▌▀████
██████████ ▀██
██████████▌ ▀
████████████▄▄
███████████████
███████████████
███████████████
███████████████
███████████████
▀██████████████ | ███████████████
█████████████▀
█████▀▀
███▀ ▄███ ▄
██▄▄████▌ ▄█
████████
████████▌
█████████ ▐█
██████████ ▐█
███████▀▀ ▄██
███▀ ▄▄▄█████
███ ▄██████████
███████████████ | ███████████████
███████████████
███████████████
███████████████
███████████████
███████████▀▀▀█
██████████
███████████▄▄▄█
███████████████
███████████████
███████████████
███████████████
███████████████ | ▄█████
▄██████
▄███████
▄████████
▄█████████
▄██████████
▄███████████
▄████████████
▄█████████████
▄██████████████
▀▀███████████
▀▀███████
▀▀██▀ | ▄▄██▌
▄▄███████
█████████▀
▄██▄▄▀▀██▀▀
▄██████ ▄▄▄
███████ ▄█▄ ▄
▀██████ █ ▀█
▀▀▀ ▄ ▀▄▄█▀
▄▄█████▄ ▀▀▀
▀████████
▀█████▀ ████
▀▀▀ █████
█████ | ▄ █▄▄ █ ▄
▀▄██▀▀▀▀▀▀▀▀
▀ ▄▄█████▄█▄▄
▄ ▄███▀ ▀▀ ▀▀▄
▄██▄███▄ ▀▀▀▀▄ ▄▄
▄████████▄▄▄▄▄█▄▄▄██
████████████▀▀ █ ▐█
██████████████▄ ▄▄▀██▄██
▐██████████████ ▄███
████▀████████████▄███▀
▀█▀ ▐█████████████▀
▐████████████▀
▀█████▀▀▀ █▀ | .
Premier League
LaLiga
Serie A | .
Bundesliga
Ligue 1
Primeira Liga | | .
..TAKE PART.. |
|
|
|
Kprawn
Legendary
Offline
Activity: 1904
Merit: 1073
|
|
September 06, 2016, 05:43:27 PM |
|
It sucks to continuously change passwords, but it's worth the time and effort spend on that, if you compare that to the time and effort it took you to build a reputation and a higher rank over the years you spend on this forum. Is Satoshi's account one of the affected users, or is his account disabled? Well, time to change my password again.  |
|
|
|
|
Tyrantt
|
|
September 06, 2016, 05:46:12 PM |
|
if you ask me, he can take my encrypted password and shove it up his ass.
|
Need some spare btc for a new PC that can at least run Adobe Dreamweaver.
BTC - 19qm3kH4MZELkefEb55HCe4Y5jgRRLCQmn ♦♦♦ ETH - 0xd71ACd8781d66393eBfc3Acd65B224e97Ae1952D
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
September 06, 2016, 08:56:56 PM |
|
It sucks to continuously change passwords, but it's worth the time and effort spend on that, if you compare that to the time and effort it took you to build a reputation and a higher rank over the years you spend on this forum. Is Satoshi's account one of the affected users, or is his account disabled? Well, time to change my password again. That's inaccurate. No passwords in their raw form can really be taken, if they could, the bitcoin network would've already failed. Like how private keys are hashes of specific thngs and tey are almost impossible to break. Breaking these encrypted passwords would take lots of "brute force" to do it. Instead of qustioning if satoshi is one of the effeted members, maybe try to find if the admins were breached of this issue? Even though they will change teir passwords often (probably) it cannot be ruled out that their passwords are also being sold here. If you pay attention to this: What year did you change the hashing algorithm? From what I saw in the database some users who didn't logon after 2012 were not in it.
July 2012. He last logged in in december 2010! Definitely before that time so he's not on that database.
To clarify, they're selling SHA256 passwords? Hashed passwords! There is great difficulty in converting several hundred thousand of these in one go and highly trusted members may change passwords often so little money can be gotton from this.
yeah to be honest it would be really hard to get the passwords then i think we are safe but we most probably should change passwords Not probably, but i think you must change the password. The hacker might compare hashed password with SHA-256 database or have hints such as birth date, hobby, etc. There are some account hacked because this leaked password, you might check this thread if you're curious : https://bitcointalk.org/index.php?topic=1544686.0What you have to think is, why would he sell these for only 1 BTC. and So late on. As if he can't really be bothered with this thing and is probably not even selling the right hashed passwords. There also bitcoin address staking that comes into acount here as you will still be able to recover accounts that have their passwords compromised. |
|
|
|
|
Wind_FURY (OP)
Legendary
Offline
Activity: 2912
Merit: 1826
|
|
September 07, 2016, 05:20:34 AM |
|
Isn't it strange that we are getting DDOSed after this news? Is it just coincidence or is someone or there is a group out there attacking BTC? Are there people out there that hate this community?
|
| .SHUFFLE.COM.. | ███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████ | ███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████ | .
...Next Generation Crypto Casino... |
|
|
|
|
JeffBrad12
|
|
September 07, 2016, 07:44:04 AM |
|
Isn't it strange that we are getting DDOSed after this news? Is it just coincidence or is someone or there is a group out there attacking BTC? Are there people out there that hate this community?
I don't think so, I doubt for defining where from the attack is coming, and what the aim of attacking this site, but I hope will never getting attack again. |
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
|
ImHash
|
|
September 07, 2016, 07:59:03 AM |
|
I think they are using the stolen data to attack the forum.
|
|
|
|
|
Betwrong
Legendary
Offline
Activity: 3276
Merit: 2151
I stand with Ukraine.
|
|
September 07, 2016, 08:20:56 AM |
|
if you ask me, he can take my encrypted password and shove it up his ass.
Thanks for this comment, I laughed.  I have read all the comments above and I think this comment sums them up perfectly. Stealing is wrong btw, too bad some people do not realize that when they are stealing it's bad for them in the first place. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
|
coynedterm
|
|
September 07, 2016, 08:32:15 AM |
|
This just out in the news. What are the implications of this as a regular user of BCT? Should we be worried about this? http://themerkle.com/hacked-bitcointalk-user-data-finally-surfaces-on-dark-net/"Just a few days ago, the data stolen from the BitcoinTalk.org hack in 2015 was posted for sale on dark net. A hacker going by DoubleFlag, is selling BitcoinTalk.org’s database. The same hacker is said to be responsible for the 68 million emails and hashed passwords from Dropbox that went for sale on dark net not too long ago. BitcoinTalk.org was originally hacked in May of 2015, but the data wasn’t posted until a few days ago. DoubleFlag seems to have been the first one able to get his hands on it, and no one after him for that matter. The stolen data was only accessible by using data breach notification sites like Hacked-DB and LeakedSource." No problem if anyone collect our data because I don't put any sensitive data on any site and Bette if they could send few bitcoin in my wallet.... just kidding. But honestly why they are worried about this platform. We can earn from here so why should they attack bitcointalk. If they have allergic to bitcointalk then they could jump from 5th storey and die. |
|
|
|
|
ethereumhunter
|
|
September 07, 2016, 09:26:56 AM |
|
i can not imagine how to do that, cracked password is far beyond from my imagination and i can not figure out how to do that. i hope that bitcointalk will be fine and will be ok, for the forum and for the member especially. and i hope nothing will be happen with bitcoin community and we should not be worried.
|
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
|
springgers
|
|
September 07, 2016, 10:39:19 AM |
|
I suppose everyone already considered the data compromised even if they did not see it officially on sale, I changed my passwords after every recent issue occurring in BCT as well as the CEX.IO data compromise and I changed all the passwords used on these sites. I think everyone should do that as well.
|
|
|
|
|
|
