Bitcoin Forum
November 19, 2018, 09:03:48 PM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: Hundreds of thousand of bitcointalk accounts hacked  (Read 8492 times)
rizzlarolla
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1001


View Profile
March 14, 2017, 07:32:06 PM
 #1


Have you noticed the growing number of hacked accounts reported?

The hacker is asking fubly for bitcoin to return his account, saying he bought the account for twice the price he is asking from fubly, here
https://bitcointalk.org/index.php?topic=1702720.0
Where else have i seen that happen recently, oh yes, GreenBits account here,
https://bitcointalk.org/index.php?topic=1785972.40

Or ashapasa's account, turned into a slave account alongside nine other hacked accounts i identified here. (all wearing same sig, getting paid?)
https://bitcointalk.org/index.php?topic=1821083.msg18157257#msg18157257
One of those accounts is getting fake credibility here,
https://bitcointalk.org/index.php?topic=1823355.msg18174976#msg18174976

I even had a hacked account, JohnybBigs, troll me, giving trust to Lauda and Timelord2067 to endear itself to those members, hell, even the OP of that thread is probably hacked here
https://bitcointalk.org/index.php?topic=1733765

Thousands of accounts appear to have been hacked recently. Admin will know the true figure, i assume.
You can see for yourselves. Click on this member, https://bitcointalk.org/index.php?action=profile;u=9011 see the last active march 1st 2017.
Then click on u=9012, 9013, 9014,..... Try any u=number under 100000. More explanation here,
https://bitcointalk.org/index.php?topic=1702409.msg17974610#msg17974610

This hack has been anticipated for a while now, do admin have a planned response? Are admin doing anything about this problem?

1542661428
Hero Member
*
Offline Offline

Posts: 1542661428

View Profile Personal Message (Offline)

Ignore
1542661428
Reply with quote  #2

1542661428
Report to moderator
1542661428
Hero Member
*
Offline Offline

Posts: 1542661428

View Profile Personal Message (Offline)

Ignore
1542661428
Reply with quote  #2

1542661428
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1542661428
Hero Member
*
Offline Offline

Posts: 1542661428

View Profile Personal Message (Offline)

Ignore
1542661428
Reply with quote  #2

1542661428
Report to moderator
1542661428
Hero Member
*
Offline Offline

Posts: 1542661428

View Profile Personal Message (Offline)

Ignore
1542661428
Reply with quote  #2

1542661428
Report to moderator
0xfff
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
March 14, 2017, 07:42:44 PM
 #2

This is a very serious issue. Admins should tell us how these people get hacked.
hilariousandco
Cupper Member
Global Moderator
Legendary
*
Offline Offline

Activity: 1834
Merit: 1364


everithyng will be ok


View Profile
March 14, 2017, 07:47:28 PM
 #3

As far as I'm aware people are getting their accounts hacked because they didn't change their account passwords after the data breach and unfortunately there's not much that can be done about it if they don't. There will be several forms of 2-factor auth on the new forum so helpfully that will prevent future issues if people use it.

      ▄▄████████▄▄
   ▄████████████████▄
 ▄█████▀▀       ▀▀████                              
▄████▀            ████      ████                  ████
█████           ▄████▀     ████▌                 ▐████
█████           ▀▀▀▀      ▐████                  ████▌    ▄▄
 █████▄                  ▄█████████▀            ▐████   ▄███▀
   ▀█████▄▄        ▄▄███████████▀▀   ▄▄▄▄       ████  ▄███▀     ▄▄▄▄
      ▀███████▄    ▀████▀████▀     ▄████▀███   ▐███████▀▀    ▄███▀ ██▌
         ▀▀██████▄▄     ▐████    ▄████  ▐██▌   ███████     ▄███▀  ▄██▌
    ▄▄▄▄     ▀▀█████    ████    ▄███▀   ███   ▐███▌███    ▐████▄▄███▀
  █████▀▀      ▀████▌  ▐████    ████   ▄███   ████ ▐███   ████
 ████▀          ████▌  ▐████▄▄██████▄▄█████▄▄█████  ▀███  ▀████▄▄▄▄██           ▄████▄  ▄████▄  ██▄██▄██▄
████▌          █████    ▀████▀▀  ▀████▀  ▀██▀ ███▀   ▀███   ▀▀████▀▀           ██▀     ██▀  ▀██ ██  ██  ██
████▄       ▄▄████▀                                   ▀███▄▄      ▄▄██  ▄████▄ ██▄     ██▄  ▄██ ██  ██  ██
 ██████████████▀▀                                       ▀▀█████████▀▀   ▀████▀  ▀████▀  ▀████▀  ██  ██  ██
   ▀██████▀▀▀



▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
The Bitcoin Casino
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█                         █
█       ██                █
█      █▄▄█               █
█     █▀  ▀█              █
█                         █
█       ▄▄                █
█     ▄████▄              █
█   ▄████████▄            █
█   ▀████████▀            █
█     ▀████▀              █
█       ▀▀                █
█                         █
█                         █
█                         █
█                         █
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
Provably fair
Free faucet

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
12 exclusive games
And many more...

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬



                ▄▄
               ▄▀▀
               ▀█
      █▀▄  ▄▄▄▄█▀▀█▄▄ ▄▀█
      █  ▀▀          ▀  █
      █▌        ██▌ █   █▌
      ▐█       ▐█████   ▐█ ▄▄ ▄▄▄
      █▌        ▀▀▀▀     █ █ ▀   █
      █       ▀▄▄▄▄▄▀     ▀    ▄▀
      █         ▀▀           ▄▀
     ▄▀                    ▄▀
   ▄▀                     █
 ▄▀                       █
█   █▄█                   █
 ▀▀▀  █       ▄▄▄▄▄       █
      █       █   █       █
      ▀▄▄▄▄▄▄▄▀   ▀▄▄▄▄▄▄▄▀
rizzlarolla
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1001


View Profile
March 14, 2017, 07:56:12 PM
 #4

As far as I'm aware people are getting their accounts hacked because they didn't change their account passwords after the data breach and unfortunately there's not much that can be done about it if they don't. There will be several forms of 2-factor auth on the new forum so helpfully that will prevent future issues if people use it.

Obviously, dormant or unused accounts will likely not have changed their passwords.
That is why i ask "This hack has been anticipated for a while now, do admin have a planned response?"

The standard answer, nothing can be done.
There is plenty that could be done, even at this late stage.

Do you have any figures or guesstimates on hacked account numbers?
hilariousandco
Cupper Member
Global Moderator
Legendary
*
Offline Offline

Activity: 1834
Merit: 1364


everithyng will be ok


View Profile
March 14, 2017, 08:07:46 PM
 #5

I have no idea how many accounts have been compromised but I don't think it's as bad as you're claiming. I suppose certain accounts could be locked but people weep like widows when their accounts are auto locked as a precautionary measure when someone tries to reset the password via the security question and they cry even more when they have to wait for it to be restored. Also, if the account hasn't posted an address or they can no longer sign a message from one then they're screwed that way and they would then blame the forum for that so we're damned if we do and damned if we don't.

      ▄▄████████▄▄
   ▄████████████████▄
 ▄█████▀▀       ▀▀████                              
▄████▀            ████      ████                  ████
█████           ▄████▀     ████▌                 ▐████
█████           ▀▀▀▀      ▐████                  ████▌    ▄▄
 █████▄                  ▄█████████▀            ▐████   ▄███▀
   ▀█████▄▄        ▄▄███████████▀▀   ▄▄▄▄       ████  ▄███▀     ▄▄▄▄
      ▀███████▄    ▀████▀████▀     ▄████▀███   ▐███████▀▀    ▄███▀ ██▌
         ▀▀██████▄▄     ▐████    ▄████  ▐██▌   ███████     ▄███▀  ▄██▌
    ▄▄▄▄     ▀▀█████    ████    ▄███▀   ███   ▐███▌███    ▐████▄▄███▀
  █████▀▀      ▀████▌  ▐████    ████   ▄███   ████ ▐███   ████
 ████▀          ████▌  ▐████▄▄██████▄▄█████▄▄█████  ▀███  ▀████▄▄▄▄██           ▄████▄  ▄████▄  ██▄██▄██▄
████▌          █████    ▀████▀▀  ▀████▀  ▀██▀ ███▀   ▀███   ▀▀████▀▀           ██▀     ██▀  ▀██ ██  ██  ██
████▄       ▄▄████▀                                   ▀███▄▄      ▄▄██  ▄████▄ ██▄     ██▄  ▄██ ██  ██  ██
 ██████████████▀▀                                       ▀▀█████████▀▀   ▀████▀  ▀████▀  ▀████▀  ██  ██  ██
   ▀██████▀▀▀



▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
The Bitcoin Casino
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█                         █
█       ██                █
█      █▄▄█               █
█     █▀  ▀█              █
█                         █
█       ▄▄                █
█     ▄████▄              █
█   ▄████████▄            █
█   ▀████████▀            █
█     ▀████▀              █
█       ▀▀                █
█                         █
█                         █
█                         █
█                         █
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
Provably fair
Free faucet

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
12 exclusive games
And many more...

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬



                ▄▄
               ▄▀▀
               ▀█
      █▀▄  ▄▄▄▄█▀▀█▄▄ ▄▀█
      █  ▀▀          ▀  █
      █▌        ██▌ █   █▌
      ▐█       ▐█████   ▐█ ▄▄ ▄▄▄
      █▌        ▀▀▀▀     █ █ ▀   █
      █       ▀▄▄▄▄▄▀     ▀    ▄▀
      █         ▀▀           ▄▀
     ▄▀                    ▄▀
   ▄▀                     █
 ▄▀                       █
█   █▄█                   █
 ▀▀▀  █       ▄▄▄▄▄       █
      █       █   █       █
      ▀▄▄▄▄▄▄▄▀   ▀▄▄▄▄▄▄▄▀
NOP@SSWORD
Member
**
Offline Offline

Activity: 64
Merit: 10


View Profile
March 14, 2017, 08:12:08 PM
 #6

Some of those dormants accounts could have been reactivated by real owners who happen to have heard the recent news and getting interested in bitcoin again.

Edit:
Quote
Thousands of accounts appear to have been hacked recently. Admin will know the true figure, i assume.
You can see for yourselves. Click on this member, https://bitcointalk.org/index.php?action=profile;u=9011 see the last active march 1st 2017.
Then click on u=9012, 9013, 9014,..... Try any u=number under 100000. More explanation here,
https://bitcointalk.org/index.php?topic=1702409.msg17974610#msg17974610

Most of those accounts are newbies. What are the benefits of hacking newbies?
Lauda
Legendary
*
Offline Offline

Activity: 2030
Merit: 1652


GUNBOT Licenses up to 50% OFF - 'GrumpyKitty'.


View Profile WWW
March 14, 2017, 08:33:50 PM
 #7

I have no idea how many accounts have been compromised but I don't think it's as bad as you're claiming.
I've noticed a surge of dormant accounts joining in Bitmixer, all of them shitposting and most of them having the same/similar posting patterns (e.g. inactive since X month, start posting after Y date). I think the OP is at least somewhat correct with his statement.

Some of those dormants accounts could have been reactivated by real owners who happen to have heard the recent news and getting interested in bitcoin again.
Doubtful that account farmers activate only when there is Bitcoin news around. Roll Eyes

.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
NOP@SSWORD
Member
**
Offline Offline

Activity: 64
Merit: 10


View Profile
March 14, 2017, 08:56:36 PM
 #8

I have no idea how many accounts have been compromised but I don't think it's as bad as you're claiming.
I've noticed a surge of dormant accounts joining in Bitmixer, all of them shitposting and most of them having the same/similar posting patterns (e.g. inactive since X month, start posting after Y date). I think the OP is at least somewhat correct with his statement.

Some of those dormants accounts could have been reactivated by real owners who happen to have heard the recent news and getting interested in bitcoin again.
Doubtful that account farmers activate only when there is Bitcoin news around. Roll Eyes

I mean the bitcoin price is enough to motivate them to posts again.
rizzlarolla
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1001


View Profile
March 14, 2017, 10:14:49 PM
 #9

Some of those dormants accounts could have been reactivated by real owners who happen to have heard the recent news and getting interested in bitcoin again.

Edit:
Quote
Thousands of accounts appear to have been hacked recently. Admin will know the true figure, i assume.
You can see for yourselves. Click on this member, https://bitcointalk.org/index.php?action=profile;u=9011 see the last active march 1st 2017.
Then click on u=9012, 9013, 9014,..... Try any u=number under 100000. More explanation here,
https://bitcointalk.org/index.php?topic=1702409.msg17974610#msg17974610

Most of those accounts are newbies. What are the benefits of hacking newbies?

No. real owners do not log in in rota.
When hacking, you take what you get?

Did you read this thread from op, https://bitcointalk.org/index.php?topic=1702409.msg17974610#msg17974610
Then did you spend more than 5 minutes looking into this?
Added - I'll bring the link here for clarity,

https://bitcointalk.org/index.php?action=profile;u=9000  jakeroxs               0 post    November 24, 2016, 08:47:41 AM
https://bitcointalk.org/index.php?action=profile;u=9003  Micro333              0 post    February 19, 2017, 01:18:36 PM
https://bitcointalk.org/index.php?action=profile;u=9005  Qrr                       2 post    February 19, 2017, 01:28:59 PM
https://bitcointalk.org/index.php?action=profile;u=9009  Trance555             0 post    February 19, 2017, 01:28:07 PM
https://bitcointalk.org/index.php?action=profile;u=9011  twadsworth            0 post   February 19, 2017, 01:16:27 PM
https://bitcointalk.org/index.php?action=profile;u=9012  FictionWobbles333  0 post   February 19, 2017, 01:27:05 PM
https://bitcointalk.org/index.php?action=profile;u=9013  MoodFool333          0 post   February 19, 2017, 01:28:08 PM
https://bitcointalk.org/index.php?action=profile;u=9014  marish                   0 post   February 19, 2017, 01:38:06 PM
https://bitcointalk.org/index.php?action=profile;u=9015  BlackRunner111      0 post   February 19, 2017, 01:15:55 PM
https://bitcointalk.org/index.php?action=profile;u=9016  jhallsworth             0 post    February 19, 2017, 01:28:12 PM
https://bitcointalk.org/index.php?action=profile;u=9020  carter                     0 post   February 19, 2017, 01:20:13 PM

Funny how the price drove 10 of 20 consecutive, really old accounts, who have never posted in years, to all log in on Feb 19, all at 1 o'clock, then not since, don't you think?
You will find many, many more Feb 19 hacked accounts, if you have the time to look.

Did you see https://bitcointalk.org/index.php?action=profile;u=9183
A nice moving avatar, that will have some value.

I hope you give me some credit for my account analysis. I have studied many more than you. many orders of magnitude.
Try 9119, 9142, 9158, 9163, 9171, 9190, 9194.
You will either have to do more study or take my word for it.

Hundreds of thousands of accounts have recently been hacked. Until we hear otherwise from admin.
NOP@SSWORD
Member
**
Offline Offline

Activity: 64
Merit: 10


View Profile
March 15, 2017, 12:35:00 AM
 #10

Some of those dormants accounts could have been reactivated by real owners who happen to have heard the recent news and getting interested in bitcoin again.

Edit:
Quote
Thousands of accounts appear to have been hacked recently. Admin will know the true figure, i assume.
You can see for yourselves. Click on this member, https://bitcointalk.org/index.php?action=profile;u=9011 see the last active march 1st 2017.
Then click on u=9012, 9013, 9014,..... Try any u=number under 100000. More explanation here,
https://bitcointalk.org/index.php?topic=1702409.msg17974610#msg17974610

Most of those accounts are newbies. What are the benefits of hacking newbies?

No. real owners do not log in in rota.
When hacking, you take what you get?

Did you read this thread from op, https://bitcointalk.org/index.php?topic=1702409.msg17974610#msg17974610
Then did you spend more than 5 minutes looking into this?
Added - I'll bring the link here for clarity,

https://bitcointalk.org/index.php?action=profile;u=9000  jakeroxs               0 post    November 24, 2016, 08:47:41 AM
https://bitcointalk.org/index.php?action=profile;u=9003  Micro333              0 post    February 19, 2017, 01:18:36 PM
https://bitcointalk.org/index.php?action=profile;u=9005  Qrr                       2 post    February 19, 2017, 01:28:59 PM
https://bitcointalk.org/index.php?action=profile;u=9009  Trance555             0 post    February 19, 2017, 01:28:07 PM
https://bitcointalk.org/index.php?action=profile;u=9011  twadsworth            0 post   February 19, 2017, 01:16:27 PM
https://bitcointalk.org/index.php?action=profile;u=9012  FictionWobbles333  0 post   February 19, 2017, 01:27:05 PM
https://bitcointalk.org/index.php?action=profile;u=9013  MoodFool333          0 post   February 19, 2017, 01:28:08 PM
https://bitcointalk.org/index.php?action=profile;u=9014  marish                   0 post   February 19, 2017, 01:38:06 PM
https://bitcointalk.org/index.php?action=profile;u=9015  BlackRunner111      0 post   February 19, 2017, 01:15:55 PM
https://bitcointalk.org/index.php?action=profile;u=9016  jhallsworth             0 post    February 19, 2017, 01:28:12 PM
https://bitcointalk.org/index.php?action=profile;u=9020  carter                     0 post   February 19, 2017, 01:20:13 PM

Funny how the price drove 10 of 20 consecutive, really old accounts, who have never posted in years, to all log in on Feb 19, all at 1 o'clock, then not since, don't you think?
You will find many, many more Feb 19 hacked accounts, if you have the time to look.

Did you see https://bitcointalk.org/index.php?action=profile;u=9183
A nice moving avatar, that will have some value.

I hope you give me some credit for my account analysis. I have studied many more than you. many orders of magnitude.
Try 9119, 9142, 9158, 9163, 9171, 9190, 9194.
You will either have to do more study or take my word for it.

Hundreds of thousands of accounts have recently been hacked. Until we hear otherwise from admin.

In your example above seems it is own by one owner, I think he is checking his accounts. Look at the pattern of 3 numbers after the word and the "worth" word added at the end. It is not coincidence.

Micro333
Trance555
FictionWobbles333
MoodFool333
BlackRunner111

twadsworth
 jhallsworth
BTCBLOGGER
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


View Profile
March 15, 2017, 01:56:28 AM
 #11

I remember there was an incident happened when a Ponzi mining site cloudminr leaked its data [username, password] for btc at that time many accounts were hacked and I'm able to restore few of them and the grtthegreat was the one of them. someone is trying to sell it but before that i logged into that account and helped him to get his account back at that time I also takeover some accounts but no one claimed that back from me.
I still have those accounts and waiting for their owners to get them back.

https://bitcointalk.org/index.php?topic=1120107.msg11864925#msg11864925
https://bitcointalk.org/index.php?topic=1120052.msg11864392#msg11864392

can i sell them if no one claims them back? Grin
DomainMagnate
Hero Member
*****
Offline Offline

Activity: 602
Merit: 500



View Profile WWW
March 15, 2017, 11:09:25 AM
 #12

As far as I'm aware people are getting their accounts hacked because they didn't change their account passwords after the data breach and unfortunately there's not much that can be done about it if they don't. There will be several forms of 2-factor auth on the new forum so helpfully that will prevent future issues if people use it.
The feature that displays message "This user has recently changed his password" prevents me and many like me to change password periodically for safety purpose.
This message keeps people away from trading with such users.
I hope this feature is not available in new forum.
minifrij
Legendary
*
Offline Offline

Activity: 1764
Merit: 1067



View Profile WWW
March 15, 2017, 11:15:59 AM
 #13

The feature that displays message "This user has recently changed his password" prevents me and many like me to change password periodically for safety purpose.
This message keeps people away from trading with such users.
I hope this feature is not available in new forum.
It doesn't stop you doing anything. So long as you can sign a message from an old staked address there is no reason why you shouldn't be able to change your password.
BitHodler
Legendary
*
Offline Offline

Activity: 1078
Merit: 1078


View Profile
March 15, 2017, 02:09:12 PM
 #14

The feature that displays message "This user has recently changed his password" prevents me and many like me to change password periodically for safety purpose.
This message keeps people away from trading with such users.
I hope this feature is not available in new forum.
It doesn't stop you doing anything. So long as you can sign a message from an old staked address there is no reason why you shouldn't be able to change your password.
In cases of hacked accounts, a signed message from an old staked address is more than enough, that's right. But in case of account sales, nowadays accounts get sold with the private keys connected to the staked address.

From there it will be very difficult to know whether or not you're really dealing with the person you are supposed to deal with. Especially when the account has been kept active in the exact same manner it was before the sale.

erpbridge
Legendary
*
Offline Offline

Activity: 956
Merit: 1000


View Profile
March 15, 2017, 10:33:07 PM
 #15

As far as I'm aware people are getting their accounts hacked because they didn't change their account passwords after the data breach and unfortunately there's not much that can be done about it if they don't. There will be several forms of 2-factor auth on the new forum so helpfully that will prevent future issues if people use it.

Was this because of the cloudfare breach or the breach that happened last year ? I remember seeing a list of accounts that was hacked last year, was there another one after that ?
minifrij
Legendary
*
Offline Offline

Activity: 1764
Merit: 1067



View Profile WWW
March 15, 2017, 10:57:15 PM
 #16

But in case of account sales, nowadays accounts get sold with the private keys connected to the staked address.
From there it will be very difficult to know whether or not you're really dealing with the person you are supposed to deal with. Especially when the account has been kept active in the exact same manner it was before the sale.
That's a problem with the forum's policy on account sales. There is little else you can do other than ask for some other information only the original owner would know (E.G a dox). This relies on the previous owner being something other than an account farmer though, which could prove to be difficult.

Was this because of the cloudfare breach or the breach that happened last year ? I remember seeing a list of accounts that was hacked last year, was there another one after that ?
No. The breach on Bitcointalk happened in May 2015 IIRC, and was a result of an internal problem with the hosting provider. I don't believe that Bitcointalk has ever used Cloudflare.
achow101
Staff
Legendary
*
Offline Offline

Activity: 1582
Merit: 1751


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
March 16, 2017, 12:09:02 AM
 #17

It's possible that someone got their hands on the old hacked database from May 2015 and decided to actually attempt to get into accounts with info that they gathered from that database.

Another possibility is that some site Bitcoin related was hacked and people got their hands on their databases and are checking to see if there are reused passwords to get into bitcointalk accounts. For example, recently a database dump from 2014 of btc-e's database reached HaveIBeenPwned so it is likely that that database was floating around publicly for a bit of time beforehand and is still available. So people might be using that to match accounts on btc-e to accounts on the forum and then trying passwords to see if there is any reuse.

Unfortunately the forum can't really do much. If the admins lock accounts which have not changed their passwords and then send password reset emails to all of those accounts, a lot of people will be locked out because emails aren't validated and a lot are either invalid, or just point back to bitcointalk.

rizzlarolla
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1001


View Profile
March 18, 2017, 01:17:19 PM
 #18

Most of those accounts are newbies. What are the benefits of hacking newbies?

Take a look at this thread where these newbie hacked accounts are used for trust farming/false trading.
https://bitcointalk.org/index.php?topic=1793966.msg18067586#msg18067586

No. real owners do not log in in rota
https://bitcointalk.org/index.php?action=profile;u=9000  jakeroxs               0 post    November 24, 2016, 08:47:41 AM
https://bitcointalk.org/index.php?action=profile;u=9003  Micro333              0 post    February 19, 2017, 01:18:36 PM
https://bitcointalk.org/index.php?action=profile;u=9005  Qrr                       2 post    February 19, 2017, 01:28:59 PM
https://bitcointalk.org/index.php?action=profile;u=9009  Trance555             0 post    February 19, 2017, 01:28:07 PM
https://bitcointalk.org/index.php?action=profile;u=9011  twadsworth            0 post   February 19, 2017, 01:16:27 PM
https://bitcointalk.org/index.php?action=profile;u=9012  FictionWobbles333  0 post   February 19, 2017, 01:27:05 PM
https://bitcointalk.org/index.php?action=profile;u=9013  MoodFool333          0 post   February 19, 2017, 01:28:08 PM
https://bitcointalk.org/index.php?action=profile;u=9014  marish                   0 post   February 19, 2017, 01:38:06 PM
https://bitcointalk.org/index.php?action=profile;u=9015  BlackRunner111      0 post   February 19, 2017, 01:15:55 PM
https://bitcointalk.org/index.php?action=profile;u=9016  jhallsworth             0 post    February 19, 2017, 01:28:12 PM
https://bitcointalk.org/index.php?action=profile;u=9020  carter                     0 post   February 19, 2017, 01:20:13 PM

Hundreds of thousands of accounts have recently been hacked. Until we hear otherwise from admin.

In your example above seems it is own by one owner, I think he is checking his accounts. Look at the pattern of 3 numbers after the word and the "worth" word added at the end. It is not coincidence.

Micro333
Trance555
FictionWobbles333
MoodFool333
BlackRunner111

twadsworth
 jhallsworth

I agree this example does possibly show a bunch of farmed accounts, However they are still hacked.
If you continue clicking through u=# from 9020, you will keep finding time rota Feb 19 log-in accounts.
What of " https://bitcointalk.org/index.php?action=profile;u=9183 A nice moving avatar" is he no hacked, just "the farmer checking in"?

Did you read/understand this previous link  https://bitcointalk.org/index.php?topic=1702409.msg17974610#msg17974610

Quote
All Feb 19 accounts (shown here) "reactivated" within 25 minutes.
(there is a shed load of other feb 19 "reactivations" elsewhere, look at u=2000 - 2020 @11.00am, or u=3000 onward @11.30am, or u=4000 onward @11.45am, or u=7000 onward @ 12.00pm, or u=8000 onward @1.15pm for example, a clear timeline pattern) - edited for more clarity.

Can you see the connection to all these other accounts log-in in time rota? (you will have to do some clicking)

----------------

It's possible that someone got their hands on the old hacked database from May 2015 and decided to actually attempt to get into accounts with info that they gathered from that database.

Another possibility is that some site Bitcoin related was hacked and people got their hands on their databases and are checking to see if there are reused passwords to get into bitcointalk accounts. For example, recently a database dump from 2014 of btc-e's database reached HaveIBeenPwned so it is likely that that database was floating around publicly for a bit of time beforehand and is still available. So people might be using that to match accounts on btc-e to accounts on the forum and then trying passwords to see if there is any reuse.

Unfortunately the forum can't really do much. If the admins lock accounts which have not changed their passwords and then send password reset emails to all of those accounts, a lot of people will be locked out because emails aren't validated and a lot are either invalid, or just point back to bitcointalk.

Either someone has "got their hands on the old hacked database from May 2015 and decided to actually attempt to get into accounts " or it is an inside job.

"Another possibility is that some site Bitcoin related was hacked.." that is highly unlikely to account for the mass "systemic hack" we are seeing here.

"Unfortunately the forum can't really do much" Same as hilarious said.
Several hundred thousand accounts "systemically hacked" - admin do not even respond.



hilariousandco
Cupper Member
Global Moderator
Legendary
*
Offline Offline

Activity: 1834
Merit: 1364


everithyng will be ok


View Profile
March 18, 2017, 01:43:01 PM
 #19

Most of those accounts are newbies. What are the benefits of hacking newbies?

Take a look at this thread where these newbie hacked accounts are used for trust farming/false trading.
https://bitcointalk.org/index.php?topic=1793966.msg18067586#msg18067586



That boomin guy is the latest (caught) alt of MariusTi aka steamproject aka tberty aka Dorkslayz etc etc who uses an army of dozens of alts to fake vouch or spam bump his threads of torrent invites (and he's probably had around a 100 banned). He either has a massive stockpile of them or buys them from account sellers but I'm more inclined to believe that he has just farmed/created them himself as there's a lot that were just used to make one or two posts to bump/vouch for his thread then discarded, though some of the older ones recently came back to life and started selling the torrent invites when a lot of his other accounts got found out and banned. This behaviour with him has been going on for years with him and not just on this forum either as he's been banned from numerous forums and never learns.


      ▄▄████████▄▄
   ▄████████████████▄
 ▄█████▀▀       ▀▀████                              
▄████▀            ████      ████                  ████
█████           ▄████▀     ████▌                 ▐████
█████           ▀▀▀▀      ▐████                  ████▌    ▄▄
 █████▄                  ▄█████████▀            ▐████   ▄███▀
   ▀█████▄▄        ▄▄███████████▀▀   ▄▄▄▄       ████  ▄███▀     ▄▄▄▄
      ▀███████▄    ▀████▀████▀     ▄████▀███   ▐███████▀▀    ▄███▀ ██▌
         ▀▀██████▄▄     ▐████    ▄████  ▐██▌   ███████     ▄███▀  ▄██▌
    ▄▄▄▄     ▀▀█████    ████    ▄███▀   ███   ▐███▌███    ▐████▄▄███▀
  █████▀▀      ▀████▌  ▐████    ████   ▄███   ████ ▐███   ████
 ████▀          ████▌  ▐████▄▄██████▄▄█████▄▄█████  ▀███  ▀████▄▄▄▄██           ▄████▄  ▄████▄  ██▄██▄██▄
████▌          █████    ▀████▀▀  ▀████▀  ▀██▀ ███▀   ▀███   ▀▀████▀▀           ██▀     ██▀  ▀██ ██  ██  ██
████▄       ▄▄████▀                                   ▀███▄▄      ▄▄██  ▄████▄ ██▄     ██▄  ▄██ ██  ██  ██
 ██████████████▀▀                                       ▀▀█████████▀▀   ▀████▀  ▀████▀  ▀████▀  ██  ██  ██
   ▀██████▀▀▀



▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
The Bitcoin Casino
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█                         █
█       ██                █
█      █▄▄█               █
█     █▀  ▀█              █
█                         █
█       ▄▄                █
█     ▄████▄              █
█   ▄████████▄            █
█   ▀████████▀            █
█     ▀████▀              █
█       ▀▀                █
█                         █
█                         █
█                         █
█                         █
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
Provably fair
Free faucet

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
12 exclusive games
And many more...

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬



                ▄▄
               ▄▀▀
               ▀█
      █▀▄  ▄▄▄▄█▀▀█▄▄ ▄▀█
      █  ▀▀          ▀  █
      █▌        ██▌ █   █▌
      ▐█       ▐█████   ▐█ ▄▄ ▄▄▄
      █▌        ▀▀▀▀     █ █ ▀   █
      █       ▀▄▄▄▄▄▀     ▀    ▄▀
      █         ▀▀           ▄▀
     ▄▀                    ▄▀
   ▄▀                     █
 ▄▀                       █
█   █▄█                   █
 ▀▀▀  █       ▄▄▄▄▄       █
      █       █   █       █
      ▀▄▄▄▄▄▄▄▀   ▀▄▄▄▄▄▄▄▀
rizzlarolla
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1001


View Profile
March 18, 2017, 03:26:34 PM
 #20

Most of those accounts are newbies. What are the benefits of hacking newbies?
Take a look at this thread where these newbie hacked accounts are used for trust farming/false trading.
https://bitcointalk.org/index.php?topic=1793966.msg18067586#msg18067586
That boomin guy is the latest (caught) alt of MariusTi aka steamproject aka tberty aka Dorkslayz etc etc who uses an army of dozens of alts to fake vouch or spam bump his threads of torrent invites (and he's probably had around a 100 banned). He either has a massive stockpile of them or buys them from account sellers but I'm more inclined to believe that he has just farmed/created them himself as there's a lot that were just used to make one or two posts to bump/vouch for his thread then discarded, though some of the older ones recently came back to life and started selling the torrent invites when a lot of his other accounts got found out and banned. This behaviour with him has been going on for years with him and not just on this forum either as he's been banned from numerous forums and never learns.

So you basically just agree that hacking (old) newbie accounts do have benefits for scammer's, and illustrating those benefits to scammer's.

Steamproject ran his thread nearly 2 years on bct. What exactly was he supposed to "learn" from that?
If he "just farmed/created them himself" he must have been around since July 31, 2010, 07:44:15 PM https://bitcointalk.org/index.php?action=profile;u=657

Weather or not Steamproject farmed those accounts himself or hacked them or bought them is a different topic, probably known alts thread.
The fact remains that hundred's of thousands of accounts are "hacked" by someone.
bct members are left in the dark over the scale of this, while mods say there is nothing that can be done, admin haven't even responded.

------added before any reply after 1 reply i just spotted next page, sorry!------

I have no idea how many accounts have been compromised but I don't think it's as bad as you're claiming. I suppose certain accounts could be locked but people weep like widows when their accounts are auto locked as a precautionary measure when someone tries to reset the password via the security question and they cry even more when they have to wait for it to be restored. Also, if the account hasn't posted an address or they can no longer sign a message from one then they're screwed that way and they would then blame the forum for that so we're damned if we do and damned if we don't.

I should respond here too.
You have no idea how many accounts have been compromised, Yet somehow "auto conclude" i'm wrong?

You compare "auto locked" accounts with "systemically hacked" account's, but they are not hacked in the same way. (afaik)
Security question accounts are by default "locked out" till staff action, while systemically (password) hacked accounts are by default "allowed in" until staff action?

You go on about those "auto locked" members weeping like widows, when many have clear proof but still have to wait for months for any action to be taken, then use the damnation of your (staff/admin) inaction's on restoring those few "auto locked" accounts as reason why you can't do anything about 100,000's of completely differently identifiable "systemically (password) hacked" accounts. Correct?

Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!