If your Mt. Gox account has been compromised, PLEASE READ.

[Mr2001]

I am too. The password for this account is invalid, or this account is not currently under claim process. 

Same here. My account was compromised before mtgox shut down (password changed and email erased), were yours too?

[1714103189]

1714103189

[1714103189]

1714103189

[1714103189]

1714103189

[MBH]

Sill, it is taking an UNBELIEVABLY long time to fix this problem.

Mr. "MagicalTux" should have hired some more people or brought some talented executive into his organization before this point to be able to restore confidence.  Some kind of announcement like "we are bringing in this experienced, talented financial service expert/executive to help run our exchange because we have realized we can't do it right."

He clearly doesn't have what it takes to run the #1 exchange for a $100 million plus market cap currency.  Something like this security breach should have been resolved in HOURS, NOT DAYS.  This is a major unforgiveable failure and all you posters seeing it any other way must have ZERO experience in dealing with stocks, bonds, currency, and other exchanges/financial services companies.  Imagine if a sovereign nation's currency exchange went down for a week.  Or you bank sent you an e-mail saying "someone got $1000 taken from their online banking account, so no one can withdraw or deposit money until next week".  Amateur, unforgivable bullshit.  No excuses, Tux needs to get professional help.  I rest my case.

I was involved in a few Disaster Recovery (DR) situations for customers before and I know the amount of pressure admins and businesses are put under during that time. Believe me, in such cases, the last thing you want is for the business/admins to waste their time looking for PR rather than work non-stop on recovering the systems to a secure state. The fact that MagicalTux isn't around means that he's busy with the admins getting things together.

They keep updating their blog post and that's good enough for such situations. This is similar to how Amazon handles its EC2 cloud services when there disruptions: update every now & then while focusing on recovering the systems.

[Technopope]

Sill, it is taking an UNBELIEVABLY long time to fix this problem.

...

He clearly doesn't have what it takes to run the #1 exchange for a $100 million plus market cap currency.  Something like this security breach should have been resolved in HOURS, NOT DAYS.

Resolved in hours? You mean like the Sony Playstation Network hack? 

The fact that it hasn't been resolved in hours is a positive thing. We really don't want a *quick* fix for this situation, we want a *secure* fix. The MtGox system was was hacked, with funds and secure data stolen. Over 61,000 users have had their email and password publicly posted on the internet. While those passwords are encrypted, they are certainly breakable given some time.

Every user will need to have his account validated and a new password assigned before being able to access that account, with 61,000 users, that will take some time.

You also seem to be confusing MtGox with a real financial institution. It is not. MtGox started out as "Magic The Gathering Online eXchange", trading online game items. It has no backing (much like BitCoin itself) and no official guarantees (again, like BitCoin). I'm sure "he" is doing the best he can given the situation, it looks like every effort is being made to get us back to our accounts and back to business.

[snorbit]

I completed the claim process process earlier and I was told "Your account recovery request is pending review by our staff."

I wonder how long that will take?

[Blinken]

What does MagicalTux say about this?

Uh, what does he say? Here are some possibilities:

"thanks for the money"

"hasta la vista"

"in japan the hand can be used like a knife"

"please fill out the 6-page reimbursement form on page 32A of our user agreement and email it to /dev/null"

"anybody know good vacation spots?"

"i have been learning parasailing"

"want to see my new Boxster? it's red!"

"Je ne parle qu'un le francais"

"the Japanese legal system is fascinating"

"i am accepting a new position as chief financial advisor to President Mugabe"

[BITCOINCANADA]

thanks for posting this information

[holgero]

The password for this account is invalid, or this account is not currently under claim process. 

Same here. Whats that supposed to mean? Has the claim site been hacked?

[hiponion]

arghh would be funny...but not really in the mood to laugh right now

[Mr2001]

The password for this account is invalid, or this account is not currently under claim process. 

Same here. Whats that supposed to mean? Has the claim site been hacked?

The form now has a check box to say you forgot your password. I was finally able to submit a claim after checking that box. I guess I was getting the message because someone changed my password.

[stubeans]

And now?
I personally think it's a good idea to collect as much data on what happened as possible. Please report in if you got hit as well, and answer the following questions:
* How much funds did you lose?
* To what address were your stolen funds sent?
* What OS are you using (Windows, Linux, Mac OSX ...)?
* How long was your old password?
* Was your old password random?
* Was your username the same on Mt. Gox as on the forum?
* Did you use your Mt. Gox password somewhere else?
* Did your old password contain lowercase letters, uppercase letters, special characters and numbers?
* Have you used any Bitcoin-related software, and if yes, what software? Think about things like miners, wallet managers, etc.
* Please also include a screenshot if possible so we know it's a real report.

let's think this out. if you are someone with access to the Mt. Gox data, including usernames and password hashes, wouldn't the bolded information be particularly useful for said individuals to bruteforce crack and abuse? there is zero reason why anyone would need to disclose this type of information on a public forum, and even less reason why anybody would ask of this type of data. why do you ask for specific data on the length of passwords, whether they were random, the character types contained, and whether their username is the same on here as on Mt. Gox?

furthermore, the request for OS type, bitcoin software and a screenshot of their account info? are you looking for direct targets to hack?

this, to me at least, screams of someone trying to social engineer more lulz and/or theft from data in their possession.

[stubeans]

for added info on JoePie91 - https://twitter.com/#!/TeaMp0isoN_

and there are allegations that lulzsec is behind the Mt. Gox hack. consider that info, then consider how unusual the initial post is.

[joepie91]

And now?
I personally think it's a good idea to collect as much data on what happened as possible. Please report in if you got hit as well, and answer the following questions:
* How much funds did you lose?
* To what address were your stolen funds sent?
* What OS are you using (Windows, Linux, Mac OSX ...)?
* How long was your old password?
* Was your old password random?
* Was your username the same on Mt. Gox as on the forum?
* Did you use your Mt. Gox password somewhere else?
* Did your old password contain lowercase letters, uppercase letters, special characters and numbers?
* Have you used any Bitcoin-related software, and if yes, what software? Think about things like miners, wallet managers, etc.
* Please also include a screenshot if possible so we know it's a real report.

let's think this out. if you are someone with access to the Mt. Gox data, including usernames and password hashes, wouldn't the bolded information be particularly useful for said individuals to bruteforce crack and abuse? there is zero reason why anyone would need to disclose this type of information on a public forum, and even less reason why anybody would ask of this type of data. why do you ask for specific data on the length of passwords, whether they were random, the character types contained, and whether their username is the same on here as on Mt. Gox?

furthermore, the request for OS type, bitcoin software and a screenshot of their account info? are you looking for direct targets to hack?

this, to me at least, screams of someone trying to social engineer more lulz and/or theft from data in their possession.

for added info on JoePie91 - https://twitter.com/#!/TeaMp0isoN_

and there are allegations that lulzsec is behind the Mt. Gox hack. consider that info, then consider how unusual the initial post is.

Wow, you registered just to try and discredit me?

Let's start with the password information. First off, the very first thing that is recommended in the post is to change passwords, not reuse passwords and use a password with a different length. The reason I ask for this information is to find out what possible attack vectors were for compromised accounts. Second off, adding the questions about whether someone reused username or password elsewhere was on request of someone else (on IRC I believe).

Then the OS information. Yet again, this was to determine what attack vectors could have been used. If people using non-Windows systems, for example, got compromised as well, that would make a keylogger and/or other malware very unlikely.

Then on to the software. It's a bit sad I even have to explain this - obviously the question is whether the compromise may be due to Bitcoin-related software that someone has been running, that may have had malware attached to it.

Then the screenshot. The very line about the screenshot says it all. If you would have been involved in the community here even a bit (instead of registering a new account after Googling joepie91 or however you may have ended up here), you would have known that there were already several reports when this thread was made, and that their validity was disputed (was it a ploy by Tradehill? Or another exchange? Or was it people trying to discredit Bitcoin? etc etc). So obviously the next question is a screenshot to prove that it happened. Seeing as a screenshot does not have to contain anything besides the record of it being transfered away, this is not a problem privacy- or security-wise. It cannot even be used to track it back to other addresses from the same person, as coins going through Mt. Gox get mangled up.

Then the "looking for direct targets to hack" claim. I am a programmer / webdev, and not a cracker (which is the correct term for what you are talking about). My greatest "cracking" achievement to date is finding a vulnerability in Mt. Gox that makes use of a combination of two known techniques to compromise accounts with passwords with less than 6 characters (a vulnerability that I have, after days, STILL not received a response about from MagicalTux). I have absolutely no fucking clue whatsoever how to SQLi a site in such a way that I can actually do something - my knowledge ends at ' OR 1=1.

Then the most retarded claim of all - Lulzsec. First of all the allegations that I am a part of Lulzsec are complete bullshit, and so far all of these allegations originate from the same source - a "leaked" IRC log that was claimed to be from a Lulzsec channel. The only problem is that it wasn't a Lulzsec channel. Since then media, blogs and Twitter users, have been parrotting these allegations without any kind of actual proof - except for an IRC log that was not from the place it was claimed to be from.

Second off, there can be a million allegations of Lulzsec "being behind the Mt. Gox hack" - however, not only is that highly improbable (why would they fuck around with something they like and actively use?), but also is there absolutely zero proof whatsoever that that is the case. Innocent until proven guilty and all that.


Now consider the postcount of said user stubeans, consider his signup date, consider his countless allegations without any facts to support it (except for other alleged 'facts' that were themselves never proven), consider his hostile attitude, consider how he blindly copies the two capital letters in my nickname from a Twitter feed despite me not using any capital letters anywhere (indicating he has no idea who I actually am, and has never seen me anywhere before).

And now consider how unusual and full of bullshit said user is.


Seriously, go back to your troll cave.

[stubeans]

Then the most retarded claim of all - Lulzsec. First of all the allegations that I am a part of Lulzsec are complete bullshit, and so far all of these allegations originate from the same source - a "leaked" IRC log that was claimed to be from a Lulzsec channel. The only problem is that it wasn't a Lulzsec channel. Since then media, blogs and Twitter users, have been parrotting these allegations without any kind of actual proof - except for an IRC log that was not from the place it was claimed to be from.

http://www.pastebin.com/QZXBCBYt

let's check the list -

topiary - check
sabu - check
Joepie - check

Jun 03 21:04:01 <tflow> http://pastebin.com/kixK4rfu
Jun 03 21:04:13 <tflow> blackhat seo, trying to capitilize on lulzsec lol
Jun 03 21:04:21 <tflow> but how the fk did it get 18k views
Jun 03 21:06:47 <joepie91_laptop>       tflow
Jun 03 21:06:50 <joepie91_laptop>       proxy view increaser
Jun 03 21:06:53 <joepie91_laptop>       or similar tools
Jun 03 21:07:02 <joepie91_laptop>       http://www.sven-slootweg.nl/downloads
Jun 03 21:07:05 <joepie91_laptop>       I have a really crappy one
Jun 03 21:07:09 <joepie91_laptop>       that I made for someone a long time ago

hope you are having a good morning! the log is quite entertaining.

[joepie91]

Then the most retarded claim of all - Lulzsec. First of all the allegations that I am a part of Lulzsec are complete bullshit, and so far all of these allegations originate from the same source - a "leaked" IRC log that was claimed to be from a Lulzsec channel. The only problem is that it wasn't a Lulzsec channel. Since then media, blogs and Twitter users, have been parrotting these allegations without any kind of actual proof - except for an IRC log that was not from the place it was claimed to be from.

http://www.pastebin.com/QZXBCBYt

let's check the list -

topiary - check
sabu - check
Joepie - check

Jun 03 21:04:01 <tflow> http://pastebin.com/kixK4rfu
Jun 03 21:04:13 <tflow> blackhat seo, trying to capitilize on lulzsec lol
Jun 03 21:04:21 <tflow> but how the fk did it get 18k views
Jun 03 21:06:47 <joepie91_laptop>       tflow
Jun 03 21:06:50 <joepie91_laptop>       proxy view increaser
Jun 03 21:06:53 <joepie91_laptop>       or similar tools
Jun 03 21:07:02 <joepie91_laptop>       http://www.sven-slootweg.nl/downloads
Jun 03 21:07:05 <joepie91_laptop>       I have a really crappy one
Jun 03 21:07:09 <joepie91_laptop>       that I made for someone a long time ago

hope you are having a good morning! the log is quite entertaining.

and so far all of these allegations originate from the same source - a "leaked" IRC log that was claimed to be from a Lulzsec channel. The only problem is that it wasn't a Lulzsec channel.

[stubeans]

and so far all of these allegations originate from the same source - a "leaked" IRC log that was claimed to be from a Lulzsec channel. The only problem is that it wasn't a Lulzsec channel.

which refutes what, exactly? the entire chat log repeats the need for secrecy, as well as trusting no one outside the group of (privileged) individuals chatting in that room. connecting the dots is easy, and if a simpleton like me can follow the trail i'm sure others can too.

clearly, you're a smart man. you glanced at my post count and correctly guessed that i registered in order to warn fellow bitcoin users to be mindful of those trying to 'help,' all the while requesting or SEing information that could compromise their online accounts. the info you requested in your OP is so blatantly fishing for information that i thought it'd be wise to highlight that. seriously - asking if a compromised account contained passwords constituted of random characters and/or numbers, its length and Mt. Gox username? how bold!

capt. stu is out and should get some rest. shouldn't you, Joepie? the sun should be rising in a little bit for you too!

[joepie91]

and so far all of these allegations originate from the same source - a "leaked" IRC log that was claimed to be from a Lulzsec channel. The only problem is that it wasn't a Lulzsec channel.

which refutes what, exactly? the entire chat log repeats the need for secrecy, as well as trusting no one outside the group of (privileged) individuals chatting in that room. connecting the dots is easy, and if a simpleton like me can follow the trail i'm sure others can too.

Because every (semi-)private channel on the internet is Lulzsec.

clearly, you're a smart man. you glanced at my post count and correctly guessed that i registered in order to warn fellow bitcoin users to be mindful of those trying to 'help,' all the while requesting or SEing information that could compromise their online accounts.

Because I totally did not encourage users to change their passwords to something stronger and completely unlike their current password.

the info you requested in your OP is so blatantly fishing for information that i thought it'd be wise to highlight that. seriously - asking if a compromised account contained passwords constituted of random characters and/or numbers, its length and Mt. Gox username? how bold!

Because I am totally a completely evil person whose only mission in life is to gather statistics on passwords that are not used anymore, to throw them into my magical hat and magically get all new passwords and usernames of everyone in the universe!

capt. stu is out and should get some rest. shouldn't you, Joepie? the sun should be rising in a little bit for you too!

Because trying to spread fear has worked the past few times something like this happened.

But noooo, you are here as a good saint to warn others about how evil I am, rather than trying to discredit me like several others are actively trying everywhere else.

Go do something constructive instead of accusing people of things they have no involvement with.

[stubeans]

Because every (semi-)private channel on the internet is Lulzsec.

and how did you get in that channel to begin with? why do you appear so close to lulzsec members such that you're allowed to freely enter and chat as old friends? with your litany of VPN logins? why so many VPN logins, anyhow? guilty by association? probably? moo? i like question marks?

Because I totally did not encourage users to change their passwords to something stronger and completely unlike their current password.

You pretend to be a friend, then exploit the info you gather. Isn't that what SE and intel gathering in general is all about?

Because I am totally a completely evil person whose only mission in life is to gather statistics on passwords that are not used anymore, to throw them into my magical hat and magically get all new passwords and usernames of everyone in the universe!

You may or may not be evil, but you do seem to associate with those online that have less than stellar characters. why?

Because trying to spread fear has worked the past few times something like this happened.

fear? i'm giving people food for thought. it's obvious that some here need that type of nourishment, no?

Go do something constructive instead of accusing people of things they have no involvement with.

considering that i'd otherwise be sleeping on a mattress of the highest quality, i think my time this morning has been quite productive!

[osborn_20]

Last 2 days I receive tons of email like this

Dear Mt.Gox user,

Our database has been compromised, including your email...

The joke about, I've never registered to Mt. Gox. Is Mt. Gox in colaboration with this forum? Or any officiel Bitcoin site?

If playing world of warcraft taught me anything is that you cant trust any link coming from an Email anymore.

Every email address can be faked, the only way to be sure is to read the headers.

Am starting to hate being paranoid to everything online .

Only way to find some rest is with linux.

[MrAnderson]

Now that mtgox closed their exchange, how can I tell if I got hacked?

I have read people mention that they checked the "dump" and found their info in it with their email changed (or not changed). Where is this dump?

EDIT: Google Mail just asked me to verify myself due to suspicious activity.  I did use the same 9 char. password as my email on mtgox.

I'm scared.

Yes, you are on the list, along with your gmail address, number 3419 out of 61,016 users listed at MtGox.

Understand that the passwords are not directly readable, and must be run through some fairly intense computational power to crack. Very similar to the way BitCoins are mined, actually. Takes a *long* time...

However, I had a 20 character password, using both letters and numbers, and exclusive to MtGox. Looks like my email address was changed in my account and I can't log into my account. I have to assume it lost.

Just change all your passwords that are similar and associated with that address.

Is this the 61k email logins leaked by Lulzsec?

[stubeans]

I consider myself a purveyor of only the finest newspapers throughout the land. So lo and behold when I launch the Guardian today and see this article on my iPad - http://www.guardian.co.uk/technology/2011/jun/21/lulzsec-hacker-group-who-belongs

The group is small – less than 10 or so. (This is confirmed separately by security researcher Rik Ferguson of Trend Micro, who comments that "it seems to be a tight-knit group – it only needs to be a few people, since all they need is a Twitter account and a web page. There's no evidence that they're a particularly sophisticated group.)

The members, according to Imperva:

• "Sabu" – HBgary hacker. Seems to be the leader.

• "Nakomis" – Coder, rumoured to be one of coders of the PHPBB bulletin board.

• "Topiary" – handles finance, such as donations and payment for services (eg botnets)

• "Tflow" – Hacker. (Rumoured.)

• "Kayla" – Hacker. Owns a big botnet.

• "Joepie91" – Website admin.

• "Avunit" - No more detail.

From hacker discussion forums, it seems they might get arrested as soon as many "real world" details on their identities get revealed, suggests Tal Be'ery.

I'm outraged they capitalized Joepie's handle, when clearly it isn't. This will be resolved, I swear!