rizzlarolla (OP)
|
|
March 30, 2017, 08:05:45 PM |
|
So now all can see, yet can do nothing. The numbers are too vast for members to log/avoid/be wary of, and will clearly overrun the forum should they not be locked by default. It should be clear by now how easy it is to identify these accounts, and locking could easily be automated. Does anyone else think admin should let us know their plan of action, if they have a plan of action. Or is it up to members to log and tag 100,000 accounts one by one, which is basically impossible without admin assistance.
|
|
|
|
Chris!
Legendary
Offline
Activity: 1382
Merit: 1123
|
|
March 30, 2017, 10:06:38 PM |
|
So now all can see, yet can do nothing. The numbers are too vast for members to log/avoid/be wary of, and will clearly overrun the forum should they not be locked by default. It should be clear by now how easy it is to identify these accounts, and locking could easily be automated. Does anyone else think admin should let us know their plan of action, if they have a plan of action. Or is it up to members to log and tag 100,000 accounts one by one, which is basically impossible without admin assistance. It just feels like too little too late. I'm sure there are days with way more than 237 accounts that are waking up (aka: hacked) so how the hell are we ever supposed to catch up to them and tag 200+ accounts a day with no automation? It's impossible for us. I don't know about you but I can't go through the seclog and manually tag thousands of accounts a day to catch up to a never ending stream of hacked accounts. You just know the hackers squeal with glee when they hack a high ranked account or better yet an account with green trust so they can scam. I highly doubt all of these accounts would be used to spam, Maybe some to shill but I'd have to assume you'd just create thousands of accounts rather than try to hack thousands of accounts for that. What's going to happen when bitcointalk reaches it's 1 million member? Congratulations on 950,000 hacked accounts + 50,000 legit ones. Seems a lot like how the Chinese were trading bitcoins and fiat back and forth with no fees to show a huge volume on their exchanges. What to do now...
|
|
|
|
rizzlarolla (OP)
|
|
March 31, 2017, 07:16:54 PM |
|
So now all can see, yet can do nothing. The numbers are too vast for members to log/avoid/be wary of, and will clearly overrun the forum should they not be locked by default. It should be clear by now how easy it is to identify these accounts, and locking could easily be automated. Does anyone else think admin should let us know their plan of action, if they have a plan of action. Or is it up to members to log and tag 100,000 accounts one by one, which is basically impossible without admin assistance. It just feels like too little too late. I'm sure there are days with way more than 237 accounts that are waking up (aka: hacked) so how the hell are we ever supposed to catch up to them and tag 200+ accounts a day with no automation? It's impossible for us. I don't know about you but I can't go through the seclog and manually tag thousands of accounts a day to catch up to a never ending stream of hacked accounts. You just know the hackers squeal with glee when they hack a high ranked account or better yet an account with green trust so they can scam. I highly doubt all of these accounts would be used to spam, Maybe some to shill but I'd have to assume you'd just create thousands of accounts rather than try to hack thousands of accounts for that. What's going to happen when bitcointalk reaches it's 1 million member? Congratulations on 950,000 hacked accounts + 50,000 legit ones. Seems a lot like how the Chinese were trading bitcoins and fiat back and forth with no fees to show a huge volume on their exchanges. What to do now... In my post on last page i exampled accounts logging-in in rota on Feb 19. I assume this was their "wake up" If you take my random samples as an average, around 3000 accounts "woke up" on that day, all between u=0 and u=10,000. i have previously posted instructions on how admin can preserve all necessary evidence for all time, or prove themselves negligent. so admin should know the real figures and dates. What other internet site would not even respond to "concerned" members on such a relevant topic. What to do now? Like you said, not much we can do unaided. Am i supposed to just STFU, again? Chris, you seem like a genuine, seemingly rational individual. Why would admin not even respond, yet have time to start a thread about how many hits their farmed/hacked accounts are shilling on their list of scam coins?
|
|
|
|
Lauda
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
March 31, 2017, 07:59:35 PM |
|
In my post on last page i exampled accounts logging-in in rota on Feb 19. I assume this was their "wake up"
I would argue that the "wake up" is actually useless and a 'fake' gesture. It doesn't do anything besides confirming what we already knew; it doesn't help the admins either as it is trivial for them to detect this. What to do now? Like you said, not much we can do unaided. Am i supposed to just STFU, again?
What did they tell you the last time, 'find a new hobby' or something? Chris, you seem like a genuine, seemingly rational individual. Why would admin not even respond, yet have time to start a thread about how many hits their farmed/hacked accounts are shilling on their list of scam coins?
You're asking the real questions.
|
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion)
|
|
|
not.you
Legendary
Offline
Activity: 1726
Merit: 1018
|
|
April 01, 2017, 12:46:10 AM |
|
So when was this data breach? I think I changed my password like a year ago or so, do I need to change it again?
|
|
|
|
Chris!
Legendary
Offline
Activity: 1382
Merit: 1123
|
|
April 01, 2017, 01:03:51 AM |
|
So now all can see, yet can do nothing. The numbers are too vast for members to log/avoid/be wary of, and will clearly overrun the forum should they not be locked by default. It should be clear by now how easy it is to identify these accounts, and locking could easily be automated. Does anyone else think admin should let us know their plan of action, if they have a plan of action. Or is it up to members to log and tag 100,000 accounts one by one, which is basically impossible without admin assistance. It just feels like too little too late. I'm sure there are days with way more than 237 accounts that are waking up (aka: hacked) so how the hell are we ever supposed to catch up to them and tag 200+ accounts a day with no automation? It's impossible for us. I don't know about you but I can't go through the seclog and manually tag thousands of accounts a day to catch up to a never ending stream of hacked accounts. You just know the hackers squeal with glee when they hack a high ranked account or better yet an account with green trust so they can scam. I highly doubt all of these accounts would be used to spam, Maybe some to shill but I'd have to assume you'd just create thousands of accounts rather than try to hack thousands of accounts for that. What's going to happen when bitcointalk reaches it's 1 million member? Congratulations on 950,000 hacked accounts + 50,000 legit ones. Seems a lot like how the Chinese were trading bitcoins and fiat back and forth with no fees to show a huge volume on their exchanges. What to do now... Chris, you seem like a genuine, seemingly rational individual. Why would admin not even respond, yet have time to start a thread about how many hits their farmed/hacked accounts are shilling on their list of scam coins? *Adjusts tinfoil hat* I am seemly rational aren't I? I don't know. I just don't understand it. I'm looking into that post you mentioned now to understand the context of your post. So when was this data breach? I think I changed my password like a year ago or so, do I need to change it again?
2015 so you should be fine.
|
|
|
|
kenesu
|
|
April 01, 2017, 09:40:12 AM |
|
Have you noticed the growing number of hacked accounts reported? The hacker is asking fubly for bitcoin to return his account, saying he bought the account for twice the price he is asking from fubly, here https://bitcointalk.org/index.php?topic=1702720.0Where else have i seen that happen recently, oh yes, GreenBits account here, https://bitcointalk.org/index.php?topic=1785972.40Or ashapasa's account, turned into a slave account alongside nine other hacked accounts i identified here. (all wearing same sig, getting paid?) https://bitcointalk.org/index.php?topic=1821083.msg18157257#msg18157257One of those accounts is getting fake credibility here, https://bitcointalk.org/index.php?topic=1823355.msg18174976#msg18174976I even had a hacked account, JohnybBigs, troll me, giving trust to Lauda and Timelord2067 to endear itself to those members, hell, even the OP of that thread is probably hacked here https://bitcointalk.org/index.php?topic=1733765Thousands of accounts appear to have been hacked recently. Admin will know the true figure, i assume. You can see for yourselves. Click on this member, https://bitcointalk.org/index.php?action=profile;u=9011 see the last active march 1st 2017. Then click on u=9012, 9013, 9014,..... Try any u=number under 100000. More explanation here, https://bitcointalk.org/index.php?topic=1702409.msg17974610#msg17974610This hack has been anticipated for a while now, do admin have a planned response? Are admin doing anything about this problem? OMG this is really serious problem and need to be attended. I guess they must add additional security here. example 4 combination of numbers to avoid hacking of account
|
|
|
|
Chris!
Legendary
Offline
Activity: 1382
Merit: 1123
|
|
April 01, 2017, 02:30:56 PM |
|
OMG this is really serious problem and need to be attended. I guess they must add additional security here. example 4 combination of numbers to avoid hacking of account I'm assuming you're talking about 2FA. The problem is that older accounts are getting hacked so 2FA still wouldn't be set up on them. It seems like a lot of emails must be hacked with the accounts too if you look at the seclog so essentially it'd be useless for this particular problem. It would be good for us though. I heard the new forum should have it.
|
|
|
|
|
Lauda
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
April 14, 2017, 09:58:56 AM |
|
|
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion)
|
|
|
Chris!
Legendary
Offline
Activity: 1382
Merit: 1123
|
|
April 15, 2017, 07:51:46 PM |
|
It is very clear that the same person/group of people are behind these hacked accounts. It is also a possibility that they are using a bot to spam these one liners. However, Bitcointalk staff doesn't do anything. Maybe they will receive a 7 day ban. There are so many obvious things that should be done. Hacked accounts get banned until the original owner can prove it's theirs. All accounts that didn't change their passwords after 2015 get locked until confirmed (via a script obviously. Log in with the same IP = unlocked). Why do the mods keep these massive spam threads open still? If there are 1000 answers over a month the OP obviously doesn't care if you think gambling is good or bad anymore or if you think satoshi will ever be found. I find that I see less spammers because I just don't look at those threads. They all flock to them because it's so easy to blend in and spam. I'm sure there are better ideas too but that's what I've come up with off the top of my head.
|
|
|
|
cybermods1
Newbie
Offline
Activity: 9
Merit: 0
|
|
April 16, 2017, 07:26:18 PM Last edit: April 16, 2017, 11:18:17 PM by cybermods1 |
|
my account was hacked just the other day with no password or email change notifications.
my original was cybermods
Iv contacted admins with zero response. I had no idea there was a breach in 2015. Im more of a casual lurker and posting maybe 1 or 2 times a month.
With this many accounts getting hacked and the utter clusterf@ck of account spamming on the forums you would think something would be done.
|
|
|
|
rizzlarolla (OP)
|
|
April 18, 2017, 08:16:33 PM |
|
my account was hacked just the other day with no password or email change notifications.
my original was cybermods
Iv contacted admins with zero response. I had no idea there was a breach in 2015. Im more of a casual lurker and posting maybe 1 or 2 times a month. With this many accounts getting hacked and the utter clusterf@ck of account spamming on the forums you would think something would be done.
I see your account still posting today, scam selling thread. Couldn't call him out, thread is kept locked. Your account is part of an admin lead hack, imo. What other possible reason would they allow 100,000 hacked accounts - easily detectable as i previously explained - free to scam/shill/sig (1000 of their farmed accounts were previously left in ruins https://bitcointalk.org/index.php?topic=1670807.0 ) Why else would "admin" allow 100,000 accounts to activate and not even respond to members on this issue! (or the mass farmed account issue)
|
|
|
|
|
nanfeiyan
|
|
July 22, 2017, 01:54:18 PM |
|
my main account wenwen has been hacked 07.20.2017,I can't find my old BTC wallet,now I have to wait for reply from administrator.
|
|
|
|
|
hilariousetc
Legendary
Offline
Activity: 2954
Merit: 3057
Join the world-leading crypto sportsbook NOW!
|
|
August 18, 2018, 11:48:22 AM |
|
The main cause has already been established and that's due to the forum being hacked. People have just brute-forced the leaked password hashes that can be bought online very cheaply now. Anyone who didn't change their password after the leak is susceptible to being hacked. If you had a weak password then that's how they lost their account. Any other lost accounts are usually lost to downloading malware from here in the forum of things infected alt coin wallets, bitcoin doublers and visiting dodgy bitcoin sites and so on, then the rest are probably due to falling victim to phishing.
|
|
|
|
mapuche33
Jr. Member
Offline
Activity: 55
Merit: 15
|
|
August 18, 2018, 02:15:32 PM |
|
My account AvenG has also been hacked recently, I already started a thread following all the requirements here. Still waiting reply from Admins. The main cause has already been established and that's due to the forum being hacked. People have just brute-forced the leaked password hashes that can be bought online very cheaply now. Anyone who didn't change their password after the leak is susceptible to being hacked. If you had a weak password then that's how they lost their account. Any other lost accounts are usually lost to downloading malware from here in the forum of things infected alt coin wallets, bitcoin doublers and visiting dodgy bitcoin sites and so on, then the rest are probably due to falling victim to phishing. If the hacking cause has already been identified what the hell the Theymos / Cyrus are waiting for to address it then fix it ??. it is not a matter if we the users have a "weak password" it is a matter of how the admins store our passwords because they shouldn't store the passwords themselves, they could hire Google, Amazon or any other service to handle user authentication. If they dislike trusting 3rd parties then they should follow some tutorial about hashing + salting , this way the hacker couldn't brute force the database. Using a strong hashing algorithm combined with another complicated salting algorithm should be incredible difficult to hack, not to mention if they enable 2FA to all of us. This way even those phishing sites wouldn't catch us. Here some video about the subject: YouTube hope someone shares it to them.
|
|
|
|
edwardceng
Member
Offline
Activity: 266
Merit: 50
|
|
August 18, 2018, 02:46:06 PM |
|
If the hacking cause has already been identified what the hell the Theymos / Cyrus are waiting for to address it then fix it ??.
I'm sure they are thinking about it and have a solution to overcome this, but the problem is the lack of communication.it is not a matter if we the users have a "weak password"
it's a problem, members must have a strong password at least this makes hackers have difficulty in carrying out the action. they could hire Google, Amazon or any other service to handle user authentication.
I think Theymos will not use their services because there is sensitive data that must be shared.
|
|
|
|
mapuche33
Jr. Member
Offline
Activity: 55
Merit: 15
|
|
August 18, 2018, 03:58:54 PM Last edit: August 18, 2018, 04:19:46 PM by mapuche33 |
|
I'm sure they are thinking about it and have a solution to overcome this, but the problem is the lack of communication. What makes you so sure? +3 years from 2015 db leak, none solutions to this major problem yet except saying that they made announcements.. advising users to take precautions. Their role is not telling us what to do rather deliver the solution themselves. Sure they lack of communication because they suck, they should lead a team to perform the tasks they dislike or don''t have time for. it's a problem, members must have a strong password at least this makes hackers have difficulty in carrying out the action. Alright then tell them to create some basic script to check how strong the chosen password is!. I encourage you to register a new account picking a dumb password like '123456password' you'll see the system doesn't acknowledge it as a vulnerability.. it is a joke! I invite you to try it yourself. The hackers can recognize the same hashes of those users that picked the same password, try searching on google those hashes yourself you will realize how silly this is. Try this: https://hashkiller.co.uk/I think Theymos will not use their services because there is sensitive data that must be shared.
ok, then they should become proficient at handling the user database themselves making it secure with the described method above. Which they already demonstrated are not even concerned, for them everything seems to be "fine" or "nothing can be done". They don't care about our requests nor suggestions neither, just take a look on the Meta board to realize how many proposals get ignored and even criticized by ignorant plebs.
|
|
|
|
|