Melbustus (OP)
Legendary
Offline
Activity: 1722
Merit: 1003
|
|
April 24, 2013, 10:03:25 PM |
|
I just received a number of emails saying that there was an attempt to log-in to my blockchain.info account (from IPs very far away from me). The email noted that someone may know my wallet identifier. No money has been moved, so I assume my PW is safe, but what are the possible ways someone other than myself can know my wallet identifier given that I've never posted it anywhere?
|
Bitcoin is the first monetary system to credibly offer perfect information to all economic participants.
|
|
|
casperorchids
Newbie
Offline
Activity: 17
Merit: 0
|
|
April 24, 2013, 10:11:00 PM |
|
the identifier can also be your account name, so maybe you used a name like I do casperorchids, it happened to me, but they couldn't get past the password
|
|
|
|
gILisH
Newbie
Offline
Activity: 31
Merit: 0
|
|
April 24, 2013, 10:16:30 PM |
|
I just got the same notifications
|
|
|
|
shibaji
|
|
April 24, 2013, 10:18:29 PM |
|
It is fine and usual if you use same username. It also tests your 2FA and gives you confidence - now may be I can go and type a few random forum user names and creep them out j/k
|
|
|
|
Melbustus (OP)
Legendary
Offline
Activity: 1722
Merit: 1003
|
|
April 24, 2013, 10:29:22 PM |
|
It is fine and usual if you use same username. It also tests your 2FA and gives you confidence - now may be I can go and type a few random forum user names and creep them out j/k Heh... Yeah. I do not have 2-factor on that wallet, though (it's just a "spending" wallet)... My question about 2-factor with blockchain: What happens if you lose your Yubikey and simultaneously blockchain.info disappears? They say somewhere in their FAQ that if you lose your Yubikey, you have to email them to get a "2 factor auth reset" or something, which sounds to me like you're dependent on either having your Yubikey, or Blockchain.info being alive and well. Personally, what I like about Blockchain is the convenience combined with NOT having to depend on them in any way. Seems like the 2-factor adds dependance. Is that correct?
|
Bitcoin is the first monetary system to credibly offer perfect information to all economic participants.
|
|
|
matthewh3
Legendary
Offline
Activity: 1372
Merit: 1003
|
|
April 24, 2013, 10:31:22 PM |
|
It is fine and usual if you use same username. It also tests your 2FA and gives you confidence - now may be I can go and type a few random forum user names and creep them out j/k Heh... Yeah. I do not have 2-factor on that wallet, though (it's just a "spending" wallet)... My question about 2-factor with blockchain: What happens if you lose your Yubikey and simultaneously blockchain.info disappears? They say somewhere in their FAQ that if you lose your Yubikey, you have to email them to get a "2 factor auth reset" or something, which sounds to me like you're dependent on either having your Yubikey, or Blockchain.info being alive and well. Personally, what I like about Blockchain is the convenience combined with NOT having to depend on them in any way. Seems like the 2-factor adds dependance. Is that correct? The wallet can be recreated from the backups they send you without 2FA. The 2FA is only on there website and not on the private keys they send you for backups.
|
|
|
|
Melbustus (OP)
Legendary
Offline
Activity: 1722
Merit: 1003
|
|
April 24, 2013, 10:32:55 PM |
|
It is fine and usual if you use same username. It also tests your 2FA and gives you confidence - now may be I can go and type a few random forum user names and creep them out j/k Heh... Yeah. I do not have 2-factor on that wallet, though (it's just a "spending" wallet)... My question about 2-factor with blockchain: What happens if you lose your Yubikey and simultaneously blockchain.info disappears? They say somewhere in their FAQ that if you lose your Yubikey, you have to email them to get a "2 factor auth reset" or something, which sounds to me like you're dependent on either having your Yubikey, or Blockchain.info being alive and well. Personally, what I like about Blockchain is the convenience combined with NOT having to depend on them in any way. Seems like the 2-factor adds dependance. Is that correct? The wallet can be recreated from the backups they send you without 2FA. The 2FA is only on there website and not on the private keys they send you for backups. Gotchya, thanks.
|
Bitcoin is the first monetary system to credibly offer perfect information to all economic participants.
|
|
|
greyhawk
|
|
April 24, 2013, 10:33:21 PM |
|
It is fine and usual if you use same username. It also tests your 2FA and gives you confidence - now may be I can go and type a few random forum user names and creep them out j/k Heh... Yeah. I do not have 2-factor on that wallet, though (it's just a "spending" wallet)... My question about 2-factor with blockchain: What happens if you lose your Yubikey and simultaneously blockchain.info disappears? They say somewhere in their FAQ that if you lose your Yubikey, you have to email them to get a "2 factor auth reset" or something, which sounds to me like you're dependent on either having your Yubikey, or Blockchain.info being alive and well. Personally, what I like about Blockchain is the convenience combined with NOT having to depend on them in any way. Seems like the 2-factor adds dependance. Is that correct? You really should enable 2FA. People have been reporting blockchain-accounts without 2FA being compromised for weeks. 3 weeks ago someone was trying to get into mine all day everyday for about a week.
|
|
|
|
shibaji
|
|
April 24, 2013, 11:17:41 PM |
|
... aaaaaaaand with that note, blockchain address lookup is down.
|
|
|
|
yokosan
|
|
April 27, 2013, 07:49:51 AM |
|
Have been getting a LOT of these recently.
Starting to think a database leak may have occurred and is doing the rounds somewhere.
|
|
|
|
shibaji
|
|
April 27, 2013, 07:52:50 AM |
|
There has been horrible hacks recently on blockchain.info while 2FA and 2 passwords were on. Suspects are android app and java/xss vulnerability, with more weight on the later. Turn off your java in browser pronto.
I have requested security feature increase in piuk's thread. Let's see what happens.
|
|
|
|
shawshankinmate37927
|
|
April 27, 2013, 10:23:30 AM |
|
There has been horrible hacks recently on blockchain.info while 2FA and 2 passwords were on. Suspects are android app and java/xss vulnerability, with more weight on the later. Turn off your java in browser pronto.
I have requested security feature increase in piuk's thread. Let's see what happens.
Doesn't have to be one or the other, it could be more than just one vulnerability that's been getting exploited. At this point, there doesn't seem to be a single common factor shared by all the victims.
|
"It is well enough that people of the nation do not understand our banking and monetary system, for if they did, I believe there would be a revolution before tomorrow morning." - Henry Ford
|
|
|
shibaji
|
|
April 27, 2013, 08:56:33 PM |
|
There has been horrible hacks recently on blockchain.info while 2FA and 2 passwords were on. Suspects are android app and java/xss vulnerability, with more weight on the later. Turn off your java in browser pronto.
I have requested security feature increase in piuk's thread. Let's see what happens.
Doesn't have to be one or the other, it could be more than just one vulnerability that's been getting exploited. At this point, there doesn't seem to be a single common factor shared by all the victims. Yes there is. Read piuk's last note. The common factor was java enabled browser.
|
|
|
|
|