Bitcoin Forum
May 25, 2018, 09:58:30 AM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 [5] 6 7 8 9 »  All
  Print  
Author Topic: If your Mt. Gox account has been compromised, PLEASE READ.  (Read 34265 times)
Coffee Ninja
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
June 19, 2011, 09:35:29 PM
 #81

Thankfully had not gotten around to setting an account up. Bitcoin seems to be drawing more and more on real world parallels- these are all real issues that any other currency/market/exchange would face. Definitely trial by fire, will be interesting to see how the market reacts over the next few weeks.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1527242310
Hero Member
*
Offline Offline

Posts: 1527242310

View Profile Personal Message (Offline)

Ignore
1527242310
Reply with quote  #2

1527242310
Report to moderator
1527242310
Hero Member
*
Offline Offline

Posts: 1527242310

View Profile Personal Message (Offline)

Ignore
1527242310
Reply with quote  #2

1527242310
Report to moderator
1527242310
Hero Member
*
Offline Offline

Posts: 1527242310

View Profile Personal Message (Offline)

Ignore
1527242310
Reply with quote  #2

1527242310
Report to moderator
agedet
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
June 19, 2011, 10:19:50 PM
 #82

Screw MtGox, moving my money to Tradehill.  Used code TH-R15720 when signing up to get reduced fees.
SoggyMoggy
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
June 19, 2011, 10:24:37 PM
 #83

Has anybody been able to confirm that their account balances at MtGox are safe? I have a small about of BTC there (ready for sale - more than 1, less than 10). It's only a small amount (as I don't yet trust MtGox) and I moved it there last week.

I am a newbie, and I'm just experimenting with purchases and sales of smaller amounts before investigating the currency further. The recent events at MtGox are indeed troubling... I hope they haven't lost my BTC...
PandaMiner
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250



View Profile
June 19, 2011, 10:25:46 PM
 #84

Now that mtgox closed their exchange, how can I tell if I got hacked?

I have read people mention that they checked the "dump" and found their info in it with their email changed (or not changed). Where is this dump?

EDIT: Google Mail just asked me to verify myself due to suspicious activity.  I did use the same 9 char. password as my email on mtgox.

I'm scared.

❘|❘ NEUFUND Re-Imagine ICOs | Connect off- and on-chain with equity tokens | Enjoy risk-free commitment
JOIN THE ICBM | JOIN THE DISCUSSION
joepie91
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
June 19, 2011, 10:31:09 PM
 #85

Screw MtGox, moving my money to Tradehill.  Used code TH-R15720 when signing up to get reduced fees.
How do you know Tradehill is any more secure than Mt. Gox?

Quite a lot of people using this opportunity to have people flock to Tradehill (which has no guarantees of being secure either), conveniently including a referal code (which smells a lot like referal spamming.)

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
PandaMiner
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250



View Profile
June 19, 2011, 10:35:08 PM
 #86

I heard TradeHill's referral codes use to give 30% discounts, now they are only 10%.

❘|❘ NEUFUND Re-Imagine ICOs | Connect off- and on-chain with equity tokens | Enjoy risk-free commitment
JOIN THE ICBM | JOIN THE DISCUSSION
GeniuSxBoY
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


View Profile
June 19, 2011, 10:45:03 PM
 #87

how the hell do I know tradehill can't get hacked

Be humble!
BitcoinPorn
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500


Posts: 69


View Profile WWW
June 19, 2011, 10:49:29 PM
 #88

how the hell do I know tradehill can't get hacked
You don't.

There is risk with no insurance.

Welcome to Bitcoin.

Blackhawke
Newbie
*
Offline Offline

Activity: 22
Merit: 0



View Profile WWW
June 19, 2011, 11:19:28 PM
 #89

Anyone tried 1Password? I've been looking at getting that.

Personally I've been using LastPass over over year and am quite happy with it. They also have smart phone apps for all platforms I think. If you're an Android user, there's even a LastPass plugin for the Dolphin web browser.

Just my 2 DoBits. You can keep the change.  Grin
Patrón
Newbie
*
Offline Offline

Activity: 27
Merit: 0


View Profile WWW
June 20, 2011, 12:32:14 AM
 #90

I got a gmail notification about account security compomised, meaning someone attempted to password guess their way through google, meaning my shit was in the leak.

Thankfully I use a different password for erryting.

All my bitcoin/altcoin addresses can be found here. (http://moveco.in/geoff)
Create a list of your easily at http://moveco.in/
joepie91
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
June 20, 2011, 01:38:47 AM
 #91

I got a gmail notification about account security compomised, meaning someone attempted to password guess their way through google, meaning my shit was in the leak.

Thankfully I use a different password for erryting.
I believe a Bitcoin community member that is working for / related to Google, has flagged all the Gmail accounts in the leaked database, to prevent breakins.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
Technopope
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
June 20, 2011, 01:40:50 AM
 #92

How much funds did you lose?

17 BTC and a dollar value of under one dollar.


To what address were your stolen funds sent?

There is no way to check, as I couldn't log in with my email address.


What OS are you using (Windows, Linux, Mac OSX ...)?

Windows 7, all updates current.


How long was your old password?

20 characters.


Was your old password random?

Not random, but generally considered "strong". Certainly not guessable.


Was your username the same on Mt. Gox as on the forum?

This is my first post, having just registered for this topic. Same as DeepBit though...


Did you use your Mt. Gox password somewhere else?

No, but a 10 character variation of it was used at DeepBit. Now changed.


Did your old password contain lowercase letters, uppercase letters, special characters and numbers?

A mix of lowercase and numbers.


Have you used any Bitcoin-related software, and if yes, what software? Think about things like miners, wallet managers, etc.

Only GUIMiner v2011-05-21


Please also include a screenshot if possible so we know it's a real report.

No screenshot available, as the MtGox account is inaccessible. I reregistered at MtGox and sent in a ticket describing my situation.
Technopope
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
June 20, 2011, 02:00:56 AM
 #93


qft

if they are a financial institution, they have to have fraud recovery efforts.  He is trying to be legit, maybe he will come around when he thinks that hey I should have spent the money on security, now i have to pay for the breach.

But MtGox is not a financial institution. It is just a guy who started trading online game items,  (Magic The Gathering Online eXchange) and progressed to BitCoins. 

Hopefully he will and is financially able to do the right thing. If he doesn't try, MtGox as a BitCoin exchange is over. Of course, if things are as bad as some people are hypothesizing, MtGox is finished anyway.

Let's hope things work out.
Technopope
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
June 20, 2011, 02:31:19 AM
 #94

Now that mtgox closed their exchange, how can I tell if I got hacked?

I have read people mention that they checked the "dump" and found their info in it with their email changed (or not changed). Where is this dump?

EDIT: Google Mail just asked me to verify myself due to suspicious activity.  I did use the same 9 char. password as my email on mtgox.

I'm scared.

Yes, you are on the list, along with your gmail address, number 3419 out of 61,016 users listed at MtGox.

Understand that the passwords are not directly readable, and must be run through some fairly intense computational power to crack. Very similar to the way BitCoins are mined, actually. Takes a *long* time...

However, I had a 20 character password, using both letters and numbers, and exclusive to MtGox. Looks like my email address was changed in my account and I can't log into my account. I have to assume it lost.

Just change all your passwords that are similar and associated with that address.
pharmhero
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
June 20, 2011, 03:19:25 AM
 #95

First post.

Thankfully I had nothing stolen because I took my coins out just yesterday cause I was afraid MtGox wasn't secure. 

Here is what interested me.  If you look at the leaked list of user accounts it has as the first user jed@thefarwilds.com  Just a little investigative work finds that the first registered user of MtGox is actually Jed McCaleb, creator the the P2P program eDonkey2000! 

What exactly does he have to do with MtGox and what does he know about this.  Was MtGox his coding? I know MtGox stands for "Magic: The Gathering Online Exchange" and Jed's The Far Wilds looks just as dumb.

So is this a coincidence Roll Eyes or does he have something he would like to share with the rest of us?
ErgoOne
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
June 20, 2011, 03:29:41 AM
 #96

1) I'm a brand new Bitcoin user with no Bitcoins.  According to Mt. Gox, my brand new account and password were compromised, but there was nothing for any intruder to steal.

2) Password: 16+ characters, random, upper-case/lower-case letters, numbers, symbols. (I'm anal about passwords.)

3) I do not reuse any passwords on any account that has access to any financial transactions.  This includes bank, payment processor, Bitcoin trading, and any online business where I do business.  I save my passwords in a GPG-encrypted file, keep copies backed up various locations.

4) Mt. Gox currently indicates that the compromise was through the user account of an auditor who has read-only access to the system.  They aren't sure how yet.  My guess is either a spear phish (personalized "phish" email) claiming to be from Mt. Gox, or a trojan with a keylogger that stole their password.

This is scary. :/  However, I"m glad it happened now and not later.  The entire Bitcoin system needs to be made both more secure and more easily usable while secure than it is currently.  I would like to see Bitcoin gain wide acceptance and use outside of the geek world -- the human race needs a digital replacement for cash, and this is the best idea I've seen yet on how to do it.  But I don't see that happening until the security of wallets is ensured (by encrypting them by default), and online trading and payment methods for Bitcoin approach the security of my bank's online banking system.
bc4md
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
June 20, 2011, 03:30:05 AM
 #97

I had nothing on MT gox thank god but I'm still waiting for a transfer from BC market.  

Either that I'm still having generating block issues.
cconover
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
June 20, 2011, 04:02:56 AM
 #98

Mt Gox and other Bitcoin markets ought to enable and encourage the use of some form of multi-factor authentication.  I use a Yubikey in conjunction with my Lastpass account (Lastpass generates very strong, unique passwords for every site so I'm not concerned about my Mt Gox password providing access to anything else), and it's a fantastic and open source authentication system.  Since Bitcoin is growing exponentially in usage and legitimacy, trading services should be growing with it and hardening their systems both on the code side, and on the user interaction side.  Many banks offer or require multi-factor authentication, why shouldn't Bitcoin services?
bitcoin.monger
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
June 20, 2011, 04:25:59 AM
 #99

Regardless how strong your password is, if it's not stored with a strong hashing method on the server it makes no difference. When MtGox was originally launched, it appears it was using MD5 for hashing. This was a very poor decision, MD5 is not secure (although it has been a de-facto standard for years, and change is hard  Smiley ) It appears that lately they have decided to move to something better and offer two-factor authentication etc. Hopefully we will see less incidents in the future.
chr15m
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
June 20, 2011, 04:51:06 AM
 #100

Just a heads up that someone is sending a lovely .exe trojan to all mtgox users under the guise of "info@mtgox.com" from wiscointl.com.cn - the subject of the email is "[Mt.Gox] Account Certificate Download."

You probably do not want to run the exe.
Pages: « 1 2 3 4 [5] 6 7 8 9 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!