Bitcoin Forum
November 10, 2024, 12:59:17 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Some Bitcoin related service was hacked and User/Pass are leaked  (Read 819 times)
adaseb (OP)
Legendary
*
Offline Offline

Activity: 3878
Merit: 1733


View Profile
May 20, 2017, 08:49:47 PM
 #1

Apparently a couple weeks ago some sites started noticing unusual activity where there have been many sign-in attempts made with thousands of usernames.

At first Safedice caught this and cautioned everyone. Safedice assumed Bitsler was the leaked site.

However I am getting alerts of unauthorized login attempts with my username with various sites, and I have never been a member of Bitsler which means the leak is coming from somewhere else.

Anyone know of any Bitcoin related site that was hacked recently?

I know Bitcointalk was hacked about 2 years ago but most likely its something new since those passwords were all most likely changed by now.

For the time being, MAKE SURE TO USE 2FA
Dude.Lebowski
Full Member
***
Offline Offline

Activity: 129
Merit: 101


View Profile
May 20, 2017, 09:16:26 PM
 #2

Apparently a couple weeks ago some sites started noticing unusual activity where there have been many sign-in attempts made with thousands of usernames.

At first Safedice caught this and cautioned everyone. Safedice assumed Bitsler was the leaked site.

However I am getting alerts of unauthorized login attempts with my username with various sites, and I have never been a member of Bitsler which means the leak is coming from somewhere else.

Anyone know of any Bitcoin related site that was hacked recently?

I know Bitcointalk was hacked about 2 years ago but most likely its something new since those passwords were all most likely changed by now.

For the time being, MAKE SURE TO USE 2FA

And in case it's not obvious, don't use the same password anywhere.

Okay. The old man told me to take any rug in the house.
franky1
Legendary
*
Offline Offline

Activity: 4396
Merit: 4760



View Profile
May 20, 2017, 09:36:22 PM
 #3

if you are not very good at remembering passwords then do something like

EaSyPassWord00/00/00website
(00/00/00=your date of birth or other meaningful thing you can remember that wont change in your life)
(website=the website your logging into)
and then hash it and use the hash as your password.

that way its always unique and has better entropy than
EaSyPassWord
or
EaSyPassWord00/00/00
or
EaSyPassWord00/00/00website




you will find that you can remember things better but have it

secondly websites need to start only storing passwords as their own salted hash.. not clear text. thats like ultimate noob error if sites are only storing passwords as cleartext

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
TheWallStreetCrew
Member
**
Offline Offline

Activity: 111
Merit: 100


View Profile
May 20, 2017, 10:11:18 PM
 #4

I have been getting these a lot lately. Got one on my bank account today. And it is only going to get worse. Audit passwords and email addresses every 30 days.

First Venture Capital backed Crypto | GetCLAMS-GCS | https://goo.gl/ER9djG
Pattberry
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


View Profile
May 20, 2017, 10:48:42 PM
 #5

I heard this issue from some of the peers in the trading platform as some are getting password reset request in their mail ID which means someone is trying hard to do something and i started hearing about this a couple of days back and i am not too sure what is happening right now,always enable 2fa if you want your accounts to be safe.
27QVUTZj8rgZP1
Full Member
***
Offline Offline

Activity: 152
Merit: 100



View Profile
May 20, 2017, 10:53:16 PM
Last edit: May 20, 2017, 11:09:14 PM by 27QVUTZj8rgZP1
 #6

    Apparently a couple weeks ago some sites started noticing unusual activity where there have been many sign-in attempts made with thousands of usernames.

    At first Safedice caught this and cautioned everyone. Safedice assumed Bitsler was the leaked site.

    However I am getting alerts of unauthorized login attempts with my username with various sites,
    Good password guidelines:
    ----------------------------------------
    • Never use same username:password combination for multiple sites.

    • Always use strong, random, composed by common characters passwords. Good examples of passwords are:
    • SLKrAz2d5zp9LM4bAF9D5NiqsefwncDz letters + numbers, 32 characters minimum
    • ]0=`Dn'r}WsGG(p7cs8CnW`a> letters + numbers + special chars, 25 characters minimum, use this one with caution, some sites improperly retrieve your password data and it end being different on their database then you cannot login back in some of them
    • very food develop quartz joke boil desk side dusk oak kid under butterfly arm door beloved 16 or more random words password, easier to remember but longer to type

    • Use a password manager software, like KeePassX. And a password generator, I have been using this: https://github.com/7ng3dk/passgen
    • Connect through internet by using a firewalled router, do not connect directly or through unknown networks.
    • Do not use Windows based operating systems. Do not type your passwords in public devices, nor print them using a printer.

    I had no problems so far by following those rules. Then I believe they are safe to follow.[/list]

    Bitcoin address: 1RepentJESUSisComingSoon777kqd54C

    And behold, I am coming quickly, and My reward is with Me, to give to every one according to his work. - Revelation 22:12
    Victorycoin
    Hero Member
    *****
    Offline Offline

    Activity: 1134
    Merit: 517



    View Profile
    May 20, 2017, 11:15:28 PM
     #7

    Apparently a couple weeks ago some sites started noticing unusual activity where there have been many sign-in attempts made with thousands of usernames.

    At first Safedice caught this and cautioned everyone. Safedice assumed Bitsler was the leaked site.

    However I am getting alerts of unauthorized login attempts with my username with various sites, and I have never been a member of Bitsler which means the leak is coming from somewhere else.

    Anyone know of any Bitcoin related site that was hacked recently?

    I know Bitcointalk was hacked about 2 years ago but most likely its something new since those passwords were all most likely changed by now.

    For the time being, MAKE SURE TO USE 2FA
    I think you did not get this, couple of weeks ago, there was this report that Cloud Flare was compromised and many sites actually advised their members to change their password and introduce  further security measures. That leakage must be the source of the rampant hacking lately. 

    https://www.wordfence.com/blog/2017/02/cloudflare-data-leak/
    Sniper44
    Hero Member
    *****
    Offline Offline

    Activity: 714
    Merit: 501


    View Profile
    May 21, 2017, 01:30:53 PM
     #8

    the problem is using the same Email address in many different places. i have seen so many people join a lot of these random website's newsletters with the same email, so it is obvious they are going to "sell" their list of emails! and then you get attempts like this and it is mostly a try to find someone who was dumb enough to use a password like "123" Smiley

    i don't think it is cloudflare thing though, because it wasn't really serious and from what i have read it was just a tiny possibility to affect a tiny portion of sites.

    p.s. i have not received any of these warnings about login attempts yet!

    to the moon with bitcoin...
    Mometaskers
    Hero Member
    *****
    Offline Offline

    Activity: 1764
    Merit: 584



    View Profile
    May 21, 2017, 03:46:45 PM
     #9

    I am yet to receive any of these email notifications. Then again, I don't live in the US and hackers probably target those in 1st world countries first if they have the chance to sort out.

    the problem is using the same Email address in many different places. i have seen so many people join a lot of these random website's newsletters with the same email, so it is obvious they are going to "sell" their list of emails! and then you get attempts like this and it is mostly a try to find someone who was dumb enough to use a password like "123" Smiley

    i don't think it is cloudflare thing though, because it wasn't really serious and from what i have read it was just a tiny possibility to affect a tiny portion of sites.

    p.s. i have not received any of these warnings about login attempts yet!

    I am one of those guilty with using an email for registering to multiple service and sites. I just don't have the memory to remember a lot of passwords. I've had several emails in the past but end up forgetting the passwords as well as the security answer. I currently have two and this probably would be the most I can handle.

    I've learned and don't subscribe to newsletters anymore. They just make a mess of my inbox and as you said, they might sell their mailing list.
    PokerFace3
    Hero Member
    *****
    Offline Offline

    Activity: 700
    Merit: 500



    View Profile
    May 21, 2017, 04:01:17 PM
    Last edit: May 21, 2017, 06:55:25 PM by PokerFace3
     #10

    There are alerts from crypto magazines about possible more hackers activity on coming Monday onward as weekends are off to most of business world wide. I am afraid we may face/hear some more miserable hacking activities in coming days as they are on intensive hunting. As bitcoin is reaching huge value, we need to be more conscious to stay secured.

    Anyone know of any Bitcoin related site that was hacked recently?
    Day before yesterday, I got email alert from liqui.io exchange for trying to reset password but actually I was sleeping at those times.

    skyline_king
    Sr. Member
    ****
    Offline Offline

    Activity: 602
    Merit: 250



    View Profile
    May 21, 2017, 04:03:10 PM
     #11

    last week or so i have veen getting emails saying to many log in attempts ata couple casinos seams one the casinos has been leaking or hacked emails
    Pages: [1]
      Print  
     
    Jump to:  

    Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!