Bitcoin Forum
September 22, 2018, 03:59:51 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: Hundreds of thousand of bitcointalk accounts hacked  (Read 8482 times)
rizzlarolla
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1001


View Profile
March 30, 2017, 08:05:45 PM
 #41

It looks like we may have a step in the right direction here:
https://bitcointalk.org/index.php?topic=1842839.0

Maybe someone saw your post and did something about it. Maybe it was a plan the whole time. Who knows since I can't seem to find an announcement of any sort.

Check out his trust profile.

Holy crap! Look how many brand new accounts from 2011-2013 are "waking up" this is insane!
https://bitcointalk.org/seclog.php

So now all can see, yet can do nothing.

The numbers are too vast for members to log/avoid/be wary of, and will clearly overrun the forum should they not be locked by default.
It should be clear by now how easy it is to identify these accounts, and locking could easily be automated.

Does anyone else think admin should let us know their plan of action, if they have a plan of action.
Or is it up to members to log and tag 100,000 accounts one by one, which is basically impossible without admin assistance.




Make a difference with your Ether.
Donate Ether for the greater good.
SPRING.WETRUST.IO
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537631991
Hero Member
*
Offline Offline

Posts: 1537631991

View Profile Personal Message (Offline)

Ignore
1537631991
Reply with quote  #2

1537631991
Report to moderator
Chris!
Legendary
*
Offline Offline

Activity: 1022
Merit: 1007



View Profile
March 30, 2017, 10:06:38 PM
 #42

It looks like we may have a step in the right direction here:
https://bitcointalk.org/index.php?topic=1842839.0

Maybe someone saw your post and did something about it. Maybe it was a plan the whole time. Who knows since I can't seem to find an announcement of any sort.

Check out his trust profile.

Holy crap! Look how many brand new accounts from 2011-2013 are "waking up" this is insane!
https://bitcointalk.org/seclog.php

So now all can see, yet can do nothing.

The numbers are too vast for members to log/avoid/be wary of, and will clearly overrun the forum should they not be locked by default.
It should be clear by now how easy it is to identify these accounts, and locking could easily be automated.

Does anyone else think admin should let us know their plan of action, if they have a plan of action.
Or is it up to members to log and tag 100,000 accounts one by one, which is basically impossible without admin assistance.






It just feels like too little too late. I'm sure there are days with way more than 237 accounts that are waking up (aka: hacked) so how the hell are we ever supposed to catch up to them and tag 200+ accounts a day with no automation? It's impossible for us. I don't know about you but I can't go through the seclog and manually tag thousands of accounts a day to catch up to a never ending stream of hacked accounts. You just know the hackers squeal with glee when they hack a high ranked account or better yet an account with green trust so they can scam. I highly doubt all of these accounts would be used to spam, Maybe some to shill but I'd have to assume you'd just create thousands of accounts rather than try to hack thousands of accounts for that.

What's going to happen when bitcointalk reaches it's 1 million member? Congratulations on 950,000 hacked accounts + 50,000 legit ones. Seems a lot like how the Chinese were trading bitcoins and fiat back and forth with no fees to show a huge volume on their exchanges. What to do now...
rizzlarolla
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1001


View Profile
March 31, 2017, 07:16:54 PM
 #43

It looks like we may have a step in the right direction here:
https://bitcointalk.org/index.php?topic=1842839.0

Maybe someone saw your post and did something about it. Maybe it was a plan the whole time. Who knows since I can't seem to find an announcement of any sort.

Check out his trust profile.

Holy crap! Look how many brand new accounts from 2011-2013 are "waking up" this is insane!
https://bitcointalk.org/seclog.php

So now all can see, yet can do nothing.

The numbers are too vast for members to log/avoid/be wary of, and will clearly overrun the forum should they not be locked by default.
It should be clear by now how easy it is to identify these accounts, and locking could easily be automated.

Does anyone else think admin should let us know their plan of action, if they have a plan of action.
Or is it up to members to log and tag 100,000 accounts one by one, which is basically impossible without admin assistance.

It just feels like too little too late. I'm sure there are days with way more than 237 accounts that are waking up (aka: hacked) so how the hell are we ever supposed to catch up to them and tag 200+ accounts a day with no automation? It's impossible for us. I don't know about you but I can't go through the seclog and manually tag thousands of accounts a day to catch up to a never ending stream of hacked accounts. You just know the hackers squeal with glee when they hack a high ranked account or better yet an account with green trust so they can scam. I highly doubt all of these accounts would be used to spam, Maybe some to shill but I'd have to assume you'd just create thousands of accounts rather than try to hack thousands of accounts for that.

What's going to happen when bitcointalk reaches it's 1 million member? Congratulations on 950,000 hacked accounts + 50,000 legit ones. Seems a lot like how the Chinese were trading bitcoins and fiat back and forth with no fees to show a huge volume on their exchanges. What to do now...

In my post on last page i exampled accounts logging-in in rota on Feb 19. I assume this was their "wake up"
If you take my random samples as an average, around 3000 accounts "woke up" on that day, all between u=0 and u=10,000.
i have previously posted instructions on how admin can preserve all necessary evidence for all time, or prove themselves negligent.
so admin should know the real figures and dates.
What other internet site would not even respond to "concerned" members on such a relevant topic.

What to do now? Like you said, not much we can do unaided.
Am i supposed to just STFU, again?

Chris, you seem like a genuine, seemingly rational individual. Why would admin not even respond, yet have time to start a thread about how many hits their farmed/hacked accounts are shilling on their list of scam coins?
Lauda
Legendary
*
Offline Offline

Activity: 1974
Merit: 1596


GUNBOT Licenses up to 70% OFF - 'GrumpyKitty'.


View Profile WWW
March 31, 2017, 07:59:35 PM
 #44

In my post on last page i exampled accounts logging-in in rota on Feb 19. I assume this was their "wake up"
I would argue that the "wake up" is actually useless and a 'fake' gesture. It doesn't do anything besides confirming what we already knew; it doesn't help the admins either as it is trivial for them to detect this.

What to do now? Like you said, not much we can do unaided.
Am i supposed to just STFU, again?
What did they tell you the last time, 'find a new hobby' or something?

Chris, you seem like a genuine, seemingly rational individual. Why would admin not even respond, yet have time to start a thread about how many hits their farmed/hacked accounts are shilling on their list of scam coins?
You're asking the real questions.

.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
not.you
Legendary
*
Offline Offline

Activity: 1703
Merit: 1017


View Profile
April 01, 2017, 12:46:10 AM
 #45

So when was this data breach?  I think I changed my password like a year ago or so, do I need to change it again?
Chris!
Legendary
*
Offline Offline

Activity: 1022
Merit: 1007



View Profile
April 01, 2017, 01:03:51 AM
 #46

It looks like we may have a step in the right direction here:
https://bitcointalk.org/index.php?topic=1842839.0

Maybe someone saw your post and did something about it. Maybe it was a plan the whole time. Who knows since I can't seem to find an announcement of any sort.

Check out his trust profile.

Holy crap! Look how many brand new accounts from 2011-2013 are "waking up" this is insane!
https://bitcointalk.org/seclog.php

So now all can see, yet can do nothing.

The numbers are too vast for members to log/avoid/be wary of, and will clearly overrun the forum should they not be locked by default.
It should be clear by now how easy it is to identify these accounts, and locking could easily be automated.

Does anyone else think admin should let us know their plan of action, if they have a plan of action.
Or is it up to members to log and tag 100,000 accounts one by one, which is basically impossible without admin assistance.

It just feels like too little too late. I'm sure there are days with way more than 237 accounts that are waking up (aka: hacked) so how the hell are we ever supposed to catch up to them and tag 200+ accounts a day with no automation? It's impossible for us. I don't know about you but I can't go through the seclog and manually tag thousands of accounts a day to catch up to a never ending stream of hacked accounts. You just know the hackers squeal with glee when they hack a high ranked account or better yet an account with green trust so they can scam. I highly doubt all of these accounts would be used to spam, Maybe some to shill but I'd have to assume you'd just create thousands of accounts rather than try to hack thousands of accounts for that.

What's going to happen when bitcointalk reaches it's 1 million member? Congratulations on 950,000 hacked accounts + 50,000 legit ones. Seems a lot like how the Chinese were trading bitcoins and fiat back and forth with no fees to show a huge volume on their exchanges. What to do now...
Chris, you seem like a genuine, seemingly rational individual. Why would admin not even respond, yet have time to start a thread about how many hits their farmed/hacked accounts are shilling on their list of scam coins?

*Adjusts tinfoil hat* I am seemly rational aren't I?

I don't know. I just don't understand it. I'm looking into that post you mentioned now to understand the context of your post.

So when was this data breach?  I think I changed my password like a year ago or so, do I need to change it again?

2015 so you should be fine.
kenesu
Full Member
***
Offline Offline

Activity: 262
Merit: 100


View Profile
April 01, 2017, 09:40:12 AM
 #47


Have you noticed the growing number of hacked accounts reported?

The hacker is asking fubly for bitcoin to return his account, saying he bought the account for twice the price he is asking from fubly, here
https://bitcointalk.org/index.php?topic=1702720.0
Where else have i seen that happen recently, oh yes, GreenBits account here,
https://bitcointalk.org/index.php?topic=1785972.40

Or ashapasa's account, turned into a slave account alongside nine other hacked accounts i identified here. (all wearing same sig, getting paid?)
https://bitcointalk.org/index.php?topic=1821083.msg18157257#msg18157257
One of those accounts is getting fake credibility here,
https://bitcointalk.org/index.php?topic=1823355.msg18174976#msg18174976

I even had a hacked account, JohnybBigs, troll me, giving trust to Lauda and Timelord2067 to endear itself to those members, hell, even the OP of that thread is probably hacked here
https://bitcointalk.org/index.php?topic=1733765

Thousands of accounts appear to have been hacked recently. Admin will know the true figure, i assume.
You can see for yourselves. Click on this member, https://bitcointalk.org/index.php?action=profile;u=9011 see the last active march 1st 2017.
Then click on u=9012, 9013, 9014,..... Try any u=number under 100000. More explanation here,
https://bitcointalk.org/index.php?topic=1702409.msg17974610#msg17974610

This hack has been anticipated for a while now, do admin have a planned response? Are admin doing anything about this problem?


OMG  Shocked
this is really serious problem and need to be attended. I guess they must add additional security here. example 4 combination of numbers to avoid hacking of account  Lips sealed
Chris!
Legendary
*
Offline Offline

Activity: 1022
Merit: 1007



View Profile
April 01, 2017, 02:30:56 PM
 #48

OMG  Shocked
this is really serious problem and need to be attended. I guess they must add additional security here. example 4 combination of numbers to avoid hacking of account  Lips sealed

I'm assuming you're talking about 2FA. The problem is that older accounts are getting hacked so 2FA still wouldn't be set up on them. It seems like a lot of emails must be hacked with the accounts too if you look at the seclog so essentially it'd be useless for this particular problem. It would be good for us though. I heard the new forum should have it.
alexius89-2
Full Member
***
Offline Offline

Activity: 201
Merit: 103



View Profile
April 03, 2017, 03:51:43 AM
 #49

Mine got hacked as well, any idea what to do? I do not receive any email to create a new password...

actual account: https://bitcointalk.org/index.php?action=profile;u=96934
Lauda
Legendary
*
Offline Offline

Activity: 1974
Merit: 1596


GUNBOT Licenses up to 70% OFF - 'GrumpyKitty'.


View Profile WWW
April 14, 2017, 09:58:56 AM
 #50

This is really annoying:
https://bitcointalk.org/index.php?action=profile;u=92798;sa=showPosts;start=40
https://bitcointalk.org/index.php?action=profile;u=162087;sa=showPosts;start=40
https://bitcointalk.org/index.php?action=profile;u=161195;sa=showPosts;start=40
https://bitcointalk.org/index.php?action=profile;u=90490;sa=showPosts;start=40
https://bitcointalk.org/index.php?action=profile;u=136967;sa=showPosts;start=0

It is very clear that the same person/group of people are behind these hacked accounts. It is also a possibility that they are using a bot to spam these one liners. However, Bitcointalk staff doesn't do anything. Maybe they will receive a 7 day ban. Roll Eyes

.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
Chris!
Legendary
*
Offline Offline

Activity: 1022
Merit: 1007



View Profile
April 15, 2017, 07:51:46 PM
 #51

It is very clear that the same person/group of people are behind these hacked accounts. It is also a possibility that they are using a bot to spam these one liners. However, Bitcointalk staff doesn't do anything. Maybe they will receive a 7 day ban. Roll Eyes

There are so many obvious things that should be done. Hacked accounts get banned until the original owner can prove it's theirs. All accounts that didn't change their passwords after 2015 get locked until confirmed (via a script obviously. Log in with the same IP = unlocked).

Why do the mods keep these massive spam threads open still? If there are 1000 answers over a month the OP obviously doesn't care if you think gambling is good or bad anymore or if you think satoshi will ever be found. I find that I see less spammers because I just don't look at those threads. They all flock to them because it's so easy to blend in and spam.

I'm sure there are better ideas too but that's what I've come up with off the top of my head.
cybermods1
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
April 16, 2017, 07:26:18 PM
 #52

my account was hacked just the other day with no password or email change notifications.

my original was cybermods

Iv contacted admins with zero response. I had no idea there was a breach in 2015. Im more of a casual lurker and posting maybe 1 or 2 times a month.

With this many accounts getting hacked and the utter clusterf@ck of account spamming on the forums you would think something would be done.

rizzlarolla
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1001


View Profile
April 18, 2017, 08:16:33 PM
 #53

my account was hacked just the other day with no password or email change notifications.

my original was cybermods

Iv contacted admins with zero response. I had no idea there was a breach in 2015. Im more of a casual lurker and posting maybe 1 or 2 times a month.
With this many accounts getting hacked and the utter clusterf@ck of account spamming on the forums you would think something would be done.

I see your account still posting today, scam selling thread. Couldn't call him out, thread is kept locked.
Your account is part of an admin lead hack, imo.

What other possible reason would they allow 100,000 hacked accounts - easily detectable as i previously explained - free to scam/shill/sig
(1000 of their farmed accounts were previously left in ruins https://bitcointalk.org/index.php?topic=1670807.0 )

Why else would "admin" allow 100,000 accounts to activate and not even respond to members on this issue!
(or the mass farmed account issue)


shirazteam110
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
July 19, 2017, 12:18:23 PM
 #54

My account also hack just few hour before !

https://bitcointalk.org/index.php?action=profile;u=878718

Lets see if Admin can help to recover it

nanfeiyan
Full Member
***
Offline Offline

Activity: 224
Merit: 100



View Profile
July 22, 2017, 01:54:18 PM
 #55

my main account wenwen has been hacked 07.20.2017,I can't find my old BTC wallet,now I have to wait for reply from administrator.
xtraelv
Sr. Member
****
Offline Offline

Activity: 462
Merit: 733



View Profile
August 17, 2018, 09:38:33 PM
 #56

I believe that this is the main cause of the hacked accounts (phished)

https://bitcointalk.org/index.php?topic=4426885.msg39499059#msg39499059

Warning - unsafe links mentioned --> thebitcointalk.net  and bitcointalk.to  are scam phishing sites <-- Warning - unsafe links mentioned 

We are surrounded by legends on this forum. Phenomenal successes and catastrophic failures. Then there are the scams. This forum is a digital museum.  
* The most iconic historic bitcointalk threads.* Satoshi * Cypherpunks*MtGox*Bitcointalk hacks*pHiShInG* Silk Road*Pirateat40*Knightmb*Miner shams*Forum scandals*BBCode*
hilariousetc
Legendary
*
Online Online

Activity: 980
Merit: 1356


highly educated moran


View Profile
August 18, 2018, 11:48:22 AM
 #57

I believe that this is the main cause of the hacked accounts (phished)

https://bitcointalk.org/index.php?topic=4426885.msg39499059#msg39499059

Warning - unsafe links mentioned --> thebitcointalk.net  and bitcointalk.to  are scam phishing sites <-- Warning - unsafe links mentioned 


The main cause has already been established and that's due to the forum being hacked. People have just brute-forced the leaked password hashes that can be bought online very cheaply now. Anyone who didn't change their password after the leak is susceptible to being hacked. If you had a weak password then that's how they lost their account. Any other lost accounts are usually lost to downloading malware from here in the forum of things infected alt coin wallets, bitcoin doublers and visiting dodgy bitcoin sites and so on, then the rest are probably due to falling victim to phishing.

mapuche33
Jr. Member
*
Offline Offline

Activity: 34
Merit: 10


View Profile
August 18, 2018, 02:15:32 PM
 #58

My account AvenG has also been hacked recently, I already started a thread following all the requirements here. Still waiting reply from Admins.


I believe that this is the main cause of the hacked accounts (phished)

https://bitcointalk.org/index.php?topic=4426885.msg39499059#msg39499059

Warning - unsafe links mentioned --> the[Suspicious link removed]  are scam phishing sites <-- Warning - unsafe links mentioned  


The main cause has already been established and that's due to the forum being hacked. People have just brute-forced the leaked password hashes that can be bought online very cheaply now. Anyone who didn't change their password after the leak is susceptible to being hacked. If you had a weak password then that's how they lost their account. Any other lost accounts are usually lost to downloading malware from here in the forum of things infected alt coin wallets, bitcoin doublers and visiting dodgy bitcoin sites and so on, then the rest are probably due to falling victim to phishing.

If the hacking cause has already been identified what the hell the Theymos / Cyrus are waiting for to address it then fix it ??. it is not a matter if we the users have a "weak password" it is a matter of how the admins store our passwords because they shouldn't store the passwords themselves, they could hire Google, Amazon or any other service to handle user authentication. If they dislike trusting 3rd parties then they should follow some tutorial about hashing + salting , this way the hacker couldn't brute force the database. Using a strong hashing algorithm combined with another complicated salting algorithm should be incredible difficult to hack, not to mention if they enable 2FA to all of us. This way even those phishing sites wouldn't catch us. Here some video about the subject: YouTube hope someone shares it to them.

edwardceng
Member
**
Offline Offline

Activity: 266
Merit: 42


View Profile
August 18, 2018, 02:46:06 PM
 #59

Quote
If the hacking cause has already been identified what the hell the Theymos / Cyrus are waiting for to address it then fix it ??.
I'm sure they are thinking about it and have a solution to overcome this, but the problem is the lack of communication.

Quote
it is not a matter if we the users have a "weak password"
it's a problem, members must have a strong password at least this makes hackers have difficulty in carrying out the action.

Quote
they could hire Google, Amazon or any other service to handle user authentication.
I think Theymos will not use their services because there is sensitive data that must be shared.

mapuche33
Jr. Member
*
Offline Offline

Activity: 34
Merit: 10


View Profile
August 18, 2018, 03:58:54 PM
 #60

I'm sure they are thinking about it and have a solution to overcome this, but the problem is the lack of communication.

What makes you so sure? +3 years from 2015 db leak, none solutions to this major problem yet except saying that they made announcements.. advising users to take precautions. Their role is not telling us what to do rather deliver the solution themselves. Sure they lack of communication because they suck, they should lead a team to perform the tasks they dislike or don''t have time for.

it's a problem, members must have a strong password at least this makes hackers have difficulty in carrying out the action.

Alright then tell them to create some basic script to check how strong the chosen password is!. I encourage you to register a new account picking a dumb password like '123456password' you'll see the system doesn't acknowledge it as a vulnerability.. it is a joke! I invite you to try it yourself. The hackers can recognize the same hashes of those users that picked the same password, try searching on google those hashes yourself you will realize how silly this is. Try this: https://hashkiller.co.uk/

I think Theymos will not use their services because there is sensitive data that must be shared.

ok, then they should become proficient at handling the user database themselves making it secure with the described method above. Which they already demonstrated are not even concerned, for them everything seems to be "fine" or "nothing can be done". They don't care about our requests nor suggestions neither, just take a look on the Meta board to realize how many proposals get ignored and even criticized by ignorant plebs.
Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!