Hacked BitcoinTalk Data Finally Surfaces On Dark Net

[jackg]

To clarify, they're selling SHA256 passwords? Hashed passwords! There is great difficulty in converting several hundred thousand of these in one go and highly trusted members may change passwords often so little money can be gotton from this.

[ObscureBean]

I don't see why we should be worried, I know I'm not. Let him do what he will with the data, if he's able to get the 1 BTC he asking for it then good for him. There is nothing that can done at this point anyway other than changing passwords and making sure email accounts are secured with 2FA. No sense in losing sleep over this if you ask me.

[theymos]

I think that one extra step of security would be to have implemented a custom salt for every users password

Each hash has a unique 12-byte salt.

Also, from StackOverflow:

That's the same nonsense I was responding to.

Not all of the passwords in the database leak had that encryption :p

It's impossible to upgrade a user's hash until they log in, since their password isn't known. Those users never logged in since the hash algorithm was upgraded several years ago.

[mjsbuddha]

I think that one extra step of security would be to have implemented a custom salt for every users password

Each hash has a unique 12-byte salt.

Also, from StackOverflow:

That's the same nonsense I was responding to.

Not all of the passwords in the database leak had that encryption :p

It's impossible to upgrade a user's hash until they log in, since their password isn't known. Those users never logged in since the hash algorithm was upgraded several years ago.

What year did you change the hashing algorithm? From what I saw in the database some users who didn't logon after 2012 were not in it.

[theymos]

What year did you change the hashing algorithm? From what I saw in the database some users who didn't logon after 2012 were not in it.

July 2012.

[davis196]

This just out in the news. What are the implications of this as a regular user of BCT? Should we be worried about this?

http://themerkle.com/hacked-bitcointalk-user-data-finally-surfaces-on-dark-net/

"Just a few days ago, the data stolen from the BitcoinTalk.org hack in 2015 was posted for sale on dark net. A hacker going by DoubleFlag, is selling BitcoinTalk.org’s database. The same hacker is said to be responsible for the 68 million emails and hashed passwords from Dropbox that went for sale on dark net not too long ago.

BitcoinTalk.org was originally hacked in May of 2015, but the data wasn’t posted until a few days ago. DoubleFlag seems to have been the first one able to get his hands on it, and no one after him for that matter. The stolen data was only accessible by using data breach notification sites like Hacked-DB and LeakedSource."

Damn,i guess i will have to change my password to make sure everything is fine.

And damn,this might have an impact over the entre bitcoin community or over the bitcoin price.

My account is created back in December 2015,the hack is on May 2015.I`m safe, i guess.

[BitcoinSupremo]

I am not worried as my account is created in beginning of February but anyway my email is secured with 2FA and everywhere where is possible in my online accounts I always add 2FA.
If the users feel worried about their accounts they can always change the password of the account, change the password of the email, add a security question here (which I honestly cannot understand why is not recommended when you do it in a right way, add it on a PC you know its super safe) and the problem is solved. I guess that Doubleflag will not get the bitcoin he is asking.

[2legit2]

To clarify, they're selling SHA256 passwords? Hashed passwords! There is great difficulty in converting several hundred thousand of these in one go and highly trusted members may change passwords often so little money can be gotton from this.

yeah to be honest it would be really hard to get the passwords then i think we are safe but we most probably should change passwords

[amacar2]

As password is hashed with sha256 than i think it will take too long for anyone to decrypt one password which will certainly not be profitable to hacker by any means. The only reason some may buy this is to grab email list of bitcoin users to promote some shitty/scam/ponzi/fishing products in future.

[yayayo]

The hack was already discovered shortly after it happened. I think theymos urged all users to change their passwords. At least I did. Besides that I think all users that follow best security practices - which means randomly generated, long passwords with special characters - are safe anyway. In my opinion the database has been finally posted, because the hacker has extracted all passwords that he could find and now dumps the useless rest of the db.

Given the high number of users here it's pretty clear that the hacker was able to obtain several passwords which of course is bad news, because it encourages further hacking attempts. Bitcointalk is an attractive target because trusted accounts can be easily used to defraud users. Hopefully the affected users have learned their lesson and are now using safe passwords.

ya.ya.yo!

[Kprawn]

It sucks to continuously change passwords, but it's worth the time and effort spend on that, if you compare that to the time and effort it took you to

build a reputation and a higher rank over the years you spend on this forum. Is Satoshi's account one of the affected users, or is his account

disabled? Well, time to change my password again. 

[Tyrantt]

if you ask me, he can take my encrypted password and shove it up his ass.

[jackg]

It sucks to continuously change passwords, but it's worth the time and effort spend on that, if you compare that to the time and effort it took you to

build a reputation and a higher rank over the years you spend on this forum. Is Satoshi's account one of the affected users, or is his account

disabled? Well, time to change my password again.  

That's inaccurate.
No passwords in their raw form can really be taken, if they could, the bitcoin network would've already failed.
Like how private keys are hashes of specific thngs and tey are almost impossible to break. Breaking these encrypted passwords would take lots of "brute force" to do it.

Instead of qustioning if satoshi is one of the effeted members, maybe try to find if the admins were breached of this issue? Even though they will change teir passwords often (probably) it cannot be ruled out that their passwords are also being sold here.

If you pay attention to this:

What year did you change the hashing algorithm? From what I saw in the database some users who didn't logon after 2012 were not in it.

July 2012.

He last logged in in december 2010! Definitely before that time so he's not on that database.

To clarify, they're selling SHA256 passwords? Hashed passwords! There is great difficulty in converting several hundred thousand of these in one go and highly trusted members may change passwords often so little money can be gotton from this.

yeah to be honest it would be really hard to get the passwords then i think we are safe but we most probably should change passwords

Not probably, but i think you must change the password. The hacker might compare hashed password with SHA-256 database or have hints such as birth date, hobby, etc.
There are some account hacked because this leaked password, you might check this thread if you're curious : https://bitcointalk.org/index.php?topic=1544686.0

What you have to think is, why would he sell these for only 1BTC. and So late on. As if he can't really be bothered with this thing and is probably not even selling the right hashed passwords.

There also bitcoin address staking that comes into acount here as you will still be able to recover accounts that have their passwords compromised.

[Wind_FURY]

Isn't it strange that we are getting DDOSed after this news? Is it just coincidence or is someone or there is a group out there attacking BTC? Are there people out there that hate this community?

[JeffBrad12]

Isn't it strange that we are getting DDOSed after this news? Is it just coincidence or is someone or there is a group out there attacking BTC? Are there people out there that hate this community?

I don't think so, I doubt for defining where from the attack is coming, and what the aim of attacking this site, but I hope will never getting attack again.

[ImHash]

I think they are using the stolen data to attack the forum.

[Betwrong]

if you ask me, he can take my encrypted password and shove it up his ass.

Thanks for this comment, I laughed.  I have read all the comments above and I think this comment sums them up perfectly.

Stealing is wrong btw, too bad some people do not realize that when they are stealing it's bad for them in the first place.

[coynedterm]

This just out in the news. What are the implications of this as a regular user of BCT? Should we be worried about this?

http://themerkle.com/hacked-bitcointalk-user-data-finally-surfaces-on-dark-net/

"Just a few days ago, the data stolen from the BitcoinTalk.org hack in 2015 was posted for sale on dark net. A hacker going by DoubleFlag, is selling BitcoinTalk.org’s database. The same hacker is said to be responsible for the 68 million emails and hashed passwords from Dropbox that went for sale on dark net not too long ago.

BitcoinTalk.org was originally hacked in May of 2015, but the data wasn’t posted until a few days ago. DoubleFlag seems to have been the first one able to get his hands on it, and no one after him for that matter. The stolen data was only accessible by using data breach notification sites like Hacked-DB and LeakedSource."

No problem if anyone collect our data because I don't put any sensitive data on any site and Bette if they could send few bitcoin in my wallet.... just kidding. But honestly why they are worried about this platform. We can earn from here so why should they attack bitcointalk. If they have allergic to bitcointalk then they could jump from 5th storey and die.

[ethereumhunter]

i can not imagine how to do that, cracked password is far beyond from my imagination and i can not figure out how to do that. i hope that bitcointalk will be fine and will be ok, for the forum and for the member especially. and i hope nothing will be happen with bitcoin community and we should not be worried.

[springgers]

I suppose everyone already considered the data compromised even if they did not see it officially on sale, I changed my passwords after every recent issue occurring in BCT as well as the CEX.IO data compromise and I changed all the passwords used on these sites. I think everyone should do that as well.