Bitcoin Forum
September 22, 2017, 02:52:47 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 [8] 9 »  All
  Print  
Author Topic: If your Mt. Gox account has been compromised, PLEASE READ.  (Read 34010 times)
MBH
Jr. Member
*
Offline Offline

Activity: 51


View Profile WWW
June 21, 2011, 05:15:37 PM
 #141

Hello people,

I have about $900 invested in MtGox and although I panicked at first, following MtGox's updated page shows that they're really working hard on recovering everything and making sure their systems are up & running.

According to their page: https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback
they got compromised because of an auditor who had read-only access to their DB and his machine was infected. So the site itself wasn't hacked.

I just filed the claim process and all went well without errors. If you are getting errors, then consider putting a wrong password then put in as much info as you can for them to give your claim credit over other claims on your account. They're allowing multiple claims per account for that specific reason: In case someone changed your password before they took the site offline.

You can provide last used funds, transactions, documents and many other things.

Seeing how MtGox has been handling this and the amount of hard work they've put into it, I'm staying with them. Going to another exchange doesn't automagically solve the problem & their infrastructure might be even less secure, putting you at risk AGAIN!

I'm not promoting for MtGox. I simply appreciate the hard work put into recovering from this hellish situation.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1506048767
Hero Member
*
Offline Offline

Posts: 1506048767

View Profile Personal Message (Offline)

Ignore
1506048767
Reply with quote  #2

1506048767
Report to moderator
1506048767
Hero Member
*
Offline Offline

Posts: 1506048767

View Profile Personal Message (Offline)

Ignore
1506048767
Reply with quote  #2

1506048767
Report to moderator
pjce
Newbie
*
Offline Offline

Activity: 14


View Profile
June 21, 2011, 05:30:06 PM
 #142

Thanks for the info. I made a claim at MtGox, don't know yet how much I lost.
Big Time Coin
Sr. Member
****
Offline Offline

Activity: 332



View Profile
June 21, 2011, 05:37:58 PM
 #143

Sill, it is taking an UNBELIEVABLY long time to fix this problem.

Mr. "MagicalTux" should have hired some more people or brought some talented executive into his organization before this point to be able to restore confidence.  Some kind of announcement like "we are bringing in this experienced, talented financial service expert/executive to help run our exchange because we have realized we can't do it right."

He clearly doesn't have what it takes to run the #1 exchange for a $100 million plus market cap currency.  Something like this security breach should have been resolved in HOURS, NOT DAYS.  This is a major unforgiveable failure and all you posters seeing it any other way must have ZERO experience in dealing with stocks, bonds, currency, and other exchanges/financial services companies.  Imagine if a sovereign nation's currency exchange went down for a week.  Or you bank sent you an e-mail saying "someone got $1000 taken from their online banking account, so no one can withdraw or deposit money until next week".  Amateur, unforgivable bullshit.  No excuses, Tux needs to get professional help.  I rest my case.

Big time, I'm on my way I'm making it, big time, oh yes
- Peter Gabriel
Mr2001
Jr. Member
*
Offline Offline

Activity: 42


View Profile
June 21, 2011, 05:43:45 PM
 #144

I am too. The password for this account is invalid, or this account is not currently under claim process.  Huh
Same here. My account was compromised before mtgox shut down (password changed and email erased), were yours too?
MBH
Jr. Member
*
Offline Offline

Activity: 51


View Profile WWW
June 21, 2011, 05:49:42 PM
 #145

Sill, it is taking an UNBELIEVABLY long time to fix this problem.

Mr. "MagicalTux" should have hired some more people or brought some talented executive into his organization before this point to be able to restore confidence.  Some kind of announcement like "we are bringing in this experienced, talented financial service expert/executive to help run our exchange because we have realized we can't do it right."

He clearly doesn't have what it takes to run the #1 exchange for a $100 million plus market cap currency.  Something like this security breach should have been resolved in HOURS, NOT DAYS.  This is a major unforgiveable failure and all you posters seeing it any other way must have ZERO experience in dealing with stocks, bonds, currency, and other exchanges/financial services companies.  Imagine if a sovereign nation's currency exchange went down for a week.  Or you bank sent you an e-mail saying "someone got $1000 taken from their online banking account, so no one can withdraw or deposit money until next week".  Amateur, unforgivable bullshit.  No excuses, Tux needs to get professional help.  I rest my case.

I was involved in a few Disaster Recovery (DR) situations for customers before and I know the amount of pressure admins and businesses are put under during that time. Believe me, in such cases, the last thing you want is for the business/admins to waste their time looking for PR rather than work non-stop on recovering the systems to a secure state. The fact that MagicalTux isn't around means that he's busy with the admins getting things together.

They keep updating their blog post and that's good enough for such situations. This is similar to how Amazon handles its EC2 cloud services when there disruptions: update every now & then while focusing on recovering the systems.
Technopope
Newbie
*
Offline Offline

Activity: 10


View Profile
June 21, 2011, 06:25:22 PM
 #146

Sill, it is taking an UNBELIEVABLY long time to fix this problem.

...

He clearly doesn't have what it takes to run the #1 exchange for a $100 million plus market cap currency.  Something like this security breach should have been resolved in HOURS, NOT DAYS.

Resolved in hours? You mean like the Sony Playstation Network hack?  Wink

The fact that it hasn't been resolved in hours is a positive thing. We really don't want a *quick* fix for this situation, we want a *secure* fix. The MtGox system was was hacked, with funds and secure data stolen. Over 61,000 users have had their email and password publicly posted on the internet. While those passwords are encrypted, they are certainly breakable given some time.

Every user will need to have his account validated and a new password assigned before being able to access that account, with 61,000 users, that will take some time.

You also seem to be confusing MtGox with a real financial institution. It is not. MtGox started out as "Magic The Gathering Online eXchange", trading online game items. It has no backing (much like BitCoin itself) and no official guarantees (again, like BitCoin). I'm sure "he" is doing the best he can given the situation, it looks like every effort is being made to get us back to our accounts and back to business.

snorbit
Newbie
*
Offline Offline

Activity: 6


View Profile
June 21, 2011, 08:24:20 PM
 #147

I completed the claim process process earlier and I was told "Your account recovery request is pending review by our staff."

I wonder how long that will take?
Blinken
Sr. Member
****
Offline Offline

Activity: 334



View Profile
June 21, 2011, 09:02:54 PM
 #148

What does MagicalTux say about this?

Uh, what does he say? Here are some possibilities:

"thanks for the money"

"hasta la vista"

"in japan the hand can be used like a knife"

"please fill out the 6-page reimbursement form on page 32A of our user agreement and email it to /dev/null"

"anybody know good vacation spots?"

"i have been learning parasailing"

"want to see my new Boxster? it's red!"

"Je ne parle qu'un le francais"

"the Japanese legal system is fascinating"

"i am accepting a new position as chief financial advisor to President Mugabe"


Bitcoin ♦♦♦ Trust in Mathematics, Not Bankers ♦♦♦
BITCOINCANADA
Newbie
*
Offline Offline

Activity: 5


View Profile WWW
June 21, 2011, 09:04:22 PM
 #149

thanks for posting this information
holgero
Newbie
*
Offline Offline

Activity: 21


View Profile WWW
June 21, 2011, 11:34:34 PM
 #150

The password for this account is invalid, or this account is not currently under claim process.  Huh

Same here. Whats that supposed to mean? Has the claim site been hacked?
hiponion
Newbie
*
Offline Offline

Activity: 7


View Profile
June 22, 2011, 12:21:16 AM
 #151

arghh would be funny...but not really in the mood to laugh right now
Mr2001
Jr. Member
*
Offline Offline

Activity: 42


View Profile
June 22, 2011, 12:34:15 AM
 #152

The password for this account is invalid, or this account is not currently under claim process.  Huh

Same here. Whats that supposed to mean? Has the claim site been hacked?
The form now has a check box to say you forgot your password. I was finally able to submit a claim after checking that box. I guess I was getting the message because someone changed my password.
stubeans
Newbie
*
Offline Offline

Activity: 7


View Profile
June 22, 2011, 12:41:41 AM
 #153

And now?
I personally think it's a good idea to collect as much data on what happened as possible. Please report in if you got hit as well, and answer the following questions:
* How much funds did you lose?
* To what address were your stolen funds sent?
* What OS are you using (Windows, Linux, Mac OSX ...)?
* How long was your old password?
* Was your old password random?
* Was your username the same on Mt. Gox as on the forum?
* Did you use your Mt. Gox password somewhere else?
* Did your old password contain lowercase letters, uppercase letters, special characters and numbers?
* Have you used any Bitcoin-related software, and if yes, what software? Think about things like miners, wallet managers, etc.

* Please also include a screenshot if possible so we know it's a real report.
let's think this out. if you are someone with access to the Mt. Gox data, including usernames and password hashes, wouldn't the bolded information be particularly useful for said individuals to bruteforce crack and abuse? there is zero reason why anyone would need to disclose this type of information on a public forum, and even less reason why anybody would ask of this type of data. why do you ask for specific data on the length of passwords, whether they were random, the character types contained, and whether their username is the same on here as on Mt. Gox?

furthermore, the request for OS type, bitcoin software and a screenshot of their account info? are you looking for direct targets to hack?

this, to me at least, screams of someone trying to social engineer more lulz and/or theft from data in their possession.
stubeans
Newbie
*
Offline Offline

Activity: 7


View Profile
June 22, 2011, 12:57:03 AM
 #154

for added info on JoePie91 - https://twitter.com/#!/TeaMp0isoN_

and there are allegations that lulzsec is behind the Mt. Gox hack. consider that info, then consider how unusual the initial post is.
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 22, 2011, 03:26:05 AM
 #155

And now?
I personally think it's a good idea to collect as much data on what happened as possible. Please report in if you got hit as well, and answer the following questions:
* How much funds did you lose?
* To what address were your stolen funds sent?
* What OS are you using (Windows, Linux, Mac OSX ...)?
* How long was your old password?
* Was your old password random?
* Was your username the same on Mt. Gox as on the forum?
* Did you use your Mt. Gox password somewhere else?
* Did your old password contain lowercase letters, uppercase letters, special characters and numbers?
* Have you used any Bitcoin-related software, and if yes, what software? Think about things like miners, wallet managers, etc.

* Please also include a screenshot if possible so we know it's a real report.
let's think this out. if you are someone with access to the Mt. Gox data, including usernames and password hashes, wouldn't the bolded information be particularly useful for said individuals to bruteforce crack and abuse? there is zero reason why anyone would need to disclose this type of information on a public forum, and even less reason why anybody would ask of this type of data. why do you ask for specific data on the length of passwords, whether they were random, the character types contained, and whether their username is the same on here as on Mt. Gox?

furthermore, the request for OS type, bitcoin software and a screenshot of their account info? are you looking for direct targets to hack?

this, to me at least, screams of someone trying to social engineer more lulz and/or theft from data in their possession.

for added info on JoePie91 - https://twitter.com/#!/TeaMp0isoN_

and there are allegations that lulzsec is behind the Mt. Gox hack. consider that info, then consider how unusual the initial post is.

Wow, you registered just to try and discredit me?

Let's start with the password information. First off, the very first thing that is recommended in the post is to change passwords, not reuse passwords and use a password with a different length. The reason I ask for this information is to find out what possible attack vectors were for compromised accounts. Second off, adding the questions about whether someone reused username or password elsewhere was on request of someone else (on IRC I believe).

Then the OS information. Yet again, this was to determine what attack vectors could have been used. If people using non-Windows systems, for example, got compromised as well, that would make a keylogger and/or other malware very unlikely.

Then on to the software. It's a bit sad I even have to explain this - obviously the question is whether the compromise may be due to Bitcoin-related software that someone has been running, that may have had malware attached to it.

Then the screenshot. The very line about the screenshot says it all. If you would have been involved in the community here even a bit (instead of registering a new account after Googling joepie91 or however you may have ended up here), you would have known that there were already several reports when this thread was made, and that their validity was disputed (was it a ploy by Tradehill? Or another exchange? Or was it people trying to discredit Bitcoin? etc etc). So obviously the next question is a screenshot to prove that it happened. Seeing as a screenshot does not have to contain anything besides the record of it being transfered away, this is not a problem privacy- or security-wise. It cannot even be used to track it back to other addresses from the same person, as coins going through Mt. Gox get mangled up.

Then the "looking for direct targets to hack" claim. I am a programmer / webdev, and not a cracker (which is the correct term for what you are talking about). My greatest "cracking" achievement to date is finding a vulnerability in Mt. Gox that makes use of a combination of two known techniques to compromise accounts with passwords with less than 6 characters (a vulnerability that I have, after days, STILL not received a response about from MagicalTux). I have absolutely no fucking clue whatsoever how to SQLi a site in such a way that I can actually do something - my knowledge ends at ' OR 1=1.

Then the most retarded claim of all - Lulzsec. First of all the allegations that I am a part of Lulzsec are complete bullshit, and so far all of these allegations originate from the same source - a "leaked" IRC log that was claimed to be from a Lulzsec channel. The only problem is that it wasn't a Lulzsec channel. Since then media, blogs and Twitter users, have been parrotting these allegations without any kind of actual proof - except for an IRC log that was not from the place it was claimed to be from.

Second off, there can be a million allegations of Lulzsec "being behind the Mt. Gox hack" - however, not only is that highly improbable (why would they fuck around with something they like and actively use?), but also is there absolutely zero proof whatsoever that that is the case. Innocent until proven guilty and all that.


Now consider the postcount of said user stubeans, consider his signup date, consider his countless allegations without any facts to support it (except for other alleged 'facts' that were themselves never proven), consider his hostile attitude, consider how he blindly copies the two capital letters in my nickname from a Twitter feed despite me not using any capital letters anywhere (indicating he has no idea who I actually am, and has never seen me anywhere before).

And now consider how unusual and full of bullshit said user is.


Seriously, go back to your troll cave.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
stubeans
Newbie
*
Offline Offline

Activity: 7


View Profile
June 22, 2011, 03:48:38 AM
 #156

Then the most retarded claim of all - Lulzsec. First of all the allegations that I am a part of Lulzsec are complete bullshit, and so far all of these allegations originate from the same source - a "leaked" IRC log that was claimed to be from a Lulzsec channel. The only problem is that it wasn't a Lulzsec channel. Since then media, blogs and Twitter users, have been parrotting these allegations without any kind of actual proof - except for an IRC log that was not from the place it was claimed to be from.
http://www.pastebin.com/QZXBCBYt

let's check the list -

topiary - check
sabu - check
Joepie - check

Quote
Jun 03 21:04:01 <tflow> http://pastebin.com/kixK4rfu
Jun 03 21:04:13 <tflow> blackhat seo, trying to capitilize on lulzsec lol
Jun 03 21:04:21 <tflow> but how the fk did it get 18k views
Jun 03 21:06:47 <joepie91_laptop>       tflow
Jun 03 21:06:50 <joepie91_laptop>       proxy view increaser
Jun 03 21:06:53 <joepie91_laptop>       or similar tools
Jun 03 21:07:02 <joepie91_laptop>       http://www.sven-slootweg.nl/downloads
Jun 03 21:07:05 <joepie91_laptop>       I have a really crappy one
Jun 03 21:07:09 <joepie91_laptop>       that I made for someone a long time ago

hope you are having a good morning! the log is quite entertaining.
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 22, 2011, 04:13:38 AM
 #157

Then the most retarded claim of all - Lulzsec. First of all the allegations that I am a part of Lulzsec are complete bullshit, and so far all of these allegations originate from the same source - a "leaked" IRC log that was claimed to be from a Lulzsec channel. The only problem is that it wasn't a Lulzsec channel. Since then media, blogs and Twitter users, have been parrotting these allegations without any kind of actual proof - except for an IRC log that was not from the place it was claimed to be from.
http://www.pastebin.com/QZXBCBYt

let's check the list -

topiary - check
sabu - check
Joepie - check

Quote
Jun 03 21:04:01 <tflow> http://pastebin.com/kixK4rfu
Jun 03 21:04:13 <tflow> blackhat seo, trying to capitilize on lulzsec lol
Jun 03 21:04:21 <tflow> but how the fk did it get 18k views
Jun 03 21:06:47 <joepie91_laptop>       tflow
Jun 03 21:06:50 <joepie91_laptop>       proxy view increaser
Jun 03 21:06:53 <joepie91_laptop>       or similar tools
Jun 03 21:07:02 <joepie91_laptop>       http://www.sven-slootweg.nl/downloads
Jun 03 21:07:05 <joepie91_laptop>       I have a really crappy one
Jun 03 21:07:09 <joepie91_laptop>       that I made for someone a long time ago

hope you are having a good morning! the log is quite entertaining.
Quote
and so far all of these allegations originate from the same source - a "leaked" IRC log that was claimed to be from a Lulzsec channel. The only problem is that it wasn't a Lulzsec channel.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
stubeans
Newbie
*
Offline Offline

Activity: 7


View Profile
June 22, 2011, 04:30:08 AM
 #158

and so far all of these allegations originate from the same source - a "leaked" IRC log that was claimed to be from a Lulzsec channel. The only problem is that it wasn't a Lulzsec channel.
which refutes what, exactly? the entire chat log repeats the need for secrecy, as well as trusting no one outside the group of (privileged) individuals chatting in that room. connecting the dots is easy, and if a simpleton like me can follow the trail i'm sure others can too.

clearly, you're a smart man. you glanced at my post count and correctly guessed that i registered in order to warn fellow bitcoin users to be mindful of those trying to 'help,' all the while requesting or SEing information that could compromise their online accounts. the info you requested in your OP is so blatantly fishing for information that i thought it'd be wise to highlight that. seriously - asking if a compromised account contained passwords constituted of random characters and/or numbers, its length and Mt. Gox username? how bold!

capt. stu is out and should get some rest. shouldn't you, Joepie? the sun should be rising in a little bit for you too!
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 22, 2011, 04:44:48 AM
 #159

and so far all of these allegations originate from the same source - a "leaked" IRC log that was claimed to be from a Lulzsec channel. The only problem is that it wasn't a Lulzsec channel.
which refutes what, exactly? the entire chat log repeats the need for secrecy, as well as trusting no one outside the group of (privileged) individuals chatting in that room. connecting the dots is easy, and if a simpleton like me can follow the trail i'm sure others can too.
Because every (semi-)private channel on the internet is Lulzsec.

Quote
clearly, you're a smart man. you glanced at my post count and correctly guessed that i registered in order to warn fellow bitcoin users to be mindful of those trying to 'help,' all the while requesting or SEing information that could compromise their online accounts.
Because I totally did not encourage users to change their passwords to something stronger and completely unlike their current password.

Quote
the info you requested in your OP is so blatantly fishing for information that i thought it'd be wise to highlight that. seriously - asking if a compromised account contained passwords constituted of random characters and/or numbers, its length and Mt. Gox username? how bold!
Because I am totally a completely evil person whose only mission in life is to gather statistics on passwords that are not used anymore, to throw them into my magical hat and magically get all new passwords and usernames of everyone in the universe!

Quote
capt. stu is out and should get some rest. shouldn't you, Joepie? the sun should be rising in a little bit for you too!
Because trying to spread fear has worked the past few times something like this happened.

But noooo, you are here as a good saint to warn others about how evil I am, rather than trying to discredit me like several others are actively trying everywhere else.

Go do something constructive instead of accusing people of things they have no involvement with.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
stubeans
Newbie
*
Offline Offline

Activity: 7


View Profile
June 22, 2011, 05:10:27 AM
 #160

Because every (semi-)private channel on the internet is Lulzsec.
and how did you get in that channel to begin with? why do you appear so close to lulzsec members such that you're allowed to freely enter and chat as old friends? with your litany of VPN logins? why so many VPN logins, anyhow? guilty by association? probably? moo? i like question marks?

Quote
Because I totally did not encourage users to change their passwords to something stronger and completely unlike their current password.
You pretend to be a friend, then exploit the info you gather. Isn't that what SE and intel gathering in general is all about?

Quote
Because I am totally a completely evil person whose only mission in life is to gather statistics on passwords that are not used anymore, to throw them into my magical hat and magically get all new passwords and usernames of everyone in the universe!
You may or may not be evil, but you do seem to associate with those online that have less than stellar characters. why?

Quote
Because trying to spread fear has worked the past few times something like this happened.
fear? i'm giving people food for thought. it's obvious that some here need that type of nourishment, no?

Quote
Go do something constructive instead of accusing people of things they have no involvement with.
considering that i'd otherwise be sleeping on a mattress of the highest quality, i think my time this morning has been quite productive!
Pages: « 1 2 3 4 5 6 7 [8] 9 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!