Bitcoin Forum
December 03, 2016, 07:05:10 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 7 »  All
  Print  
Author Topic: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)  (Read 33689 times)
Yeti
Member
**
Offline Offline

Activity: 112

Firstbits: 1yetiax


View Profile
June 19, 2011, 08:48:14 PM
 #21

PHP crypt, CRYPT_MD5: http://php.net/crypt

1YetiaXeuRzX9QJoQNUW84oX2EiXnHgp3 or http://payb.tc/yeti

Since Bitcoin Randomizer is dead, join the Bitcoin Pyramid (referrer id #203)! Be quick, be on top! Instant payout as soon as one of your referrals deposits!
1480748710
Hero Member
*
Offline Offline

Posts: 1480748710

View Profile Personal Message (Offline)

Ignore
1480748710
Reply with quote  #2

1480748710
Report to moderator
1480748710
Hero Member
*
Offline Offline

Posts: 1480748710

View Profile Personal Message (Offline)

Ignore
1480748710
Reply with quote  #2

1480748710
Report to moderator
1480748710
Hero Member
*
Offline Offline

Posts: 1480748710

View Profile Personal Message (Offline)

Ignore
1480748710
Reply with quote  #2

1480748710
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480748710
Hero Member
*
Offline Offline

Posts: 1480748710

View Profile Personal Message (Offline)

Ignore
1480748710
Reply with quote  #2

1480748710
Report to moderator
Chick
Member
**
Offline Offline

Activity: 70


View Profile
June 19, 2011, 08:48:36 PM
 #22

I am around 4k!

And I joined in april


Now can someone take that data and calculate how fast bitcoin is growing? (common, let's at least make something useful with the data :/ like, seeing the good side of bad things)

This.

Also, it's pretty scary to see my username, email address and password hash in the big list too but there are still a few questions that remain.

Does anyone with perhaps a hair more experience than myself recognize the format of these hashes? I can recognize base 64 encoded fields with "$" as a delimiter easily enough, but I haven't taken the time to explicitly generate various hashes from my known password, b64 encode them and compare the results. I can do this later today if I've got the time but I'm kind of hoping that someone else already has Smiley

The above exercise, if nothing matches, could also prove whether Mt. Gox was actually salting their hashes, which seems doubtful looking at the CSV.

Really though I'm with speeder, let's at least identify enough people and their signup dates in this list to imply some good network growth numbers that we might otherwise not have access to.

This is really bad... I cracked a few passwords using JohnTheRipper...

cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
June 19, 2011, 08:49:13 PM
 #23

If they cant get the passwords because they're hashed, then... ummm, how did they do it?

What do you think Bitcoin miners are doing? Cracking hashes.

What do you think the passwords are protected with? Hashes.

So it's easy to crack hashes passwords, takes a few minutes per password, as long as it takes to crack a new Bitcoin block (about 10 minutes) is how long it takes to crack a hashed password.

thats bullshit you ass.  miners are bruteforcing to attempt to come up with a number below the target hash.  hashes are unbreakable and cannot be reconstructed back into the original password.
enmaku
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
June 19, 2011, 08:51:06 PM
 #24

If they cant get the passwords because they're hashed, then... ummm, how did they do it?
So it's easy to crack hashes passwords, takes a few minutes per password
Incorrect. The amount of time it takes is related to the complexity of the password. "monkey" will be found in seconds, but something like "efweug#%_#Tsafwef24g" will take years.

Which is why we salt passwords before hashing them. It might take seconds to find "monkey" but it'll take ages to find "monkeyefweug#%_#Tsafwef24g" and the user doesn't have to remember that second part. Really if the database is compromised the salt is in there with the hash so it doesn't help much but it DOES at least make it so that two people using the same password won't both be compromised by simply compromising one of them. It also makes "rainbow tables" (giant tables of common passwords and what they hash to) ineffective.

myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
June 19, 2011, 08:55:49 PM
 #25

This is really bad... I cracked a few passwords using JohnTheRipper...

I have never been so glad to be broke.

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
kseistrup
Hero Member
*****
Offline Offline

Activity: 565


Unselfish actions pay back better


View Profile WWW
June 19, 2011, 08:56:19 PM
 #26


I am curious, how did they get that DB in the first place?

+1


Klaus Alexander Seistrup
http://about.me/kseistrup
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
June 19, 2011, 09:04:07 PM
 #27


I am curious, how did they get that DB in the first place?

+1


Turns out:
SQL Injection.

Sanitize your inputs, kiddies!

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
NO_SLAVE
Jr. Member
*
Offline Offline

Activity: 56


DEBT IS SLAVERY


View Profile
June 19, 2011, 09:10:46 PM
 #28


Incorrect. The amount of time it takes is related to the complexity of the password. "monkey" will be found in seconds, but something like "efweug#%_#Tsafwef24g" will take years.

Wow, glad I changed my password to "efweug#%_#Tsafwef24g" just 2 days ago!
bitcoinminer
Sr. Member
****
Offline Offline

Activity: 322



View Profile
June 19, 2011, 09:11:12 PM
 #29

wow.  Talk about fucked.  I second the previous notion of "glad im broke".

Be fearful when others are greedy, and greedy when others are fearful.

-Warren Buffett
hiVe
Member
**
Offline Offline

Activity: 102


View Profile
June 19, 2011, 09:12:11 PM
 #30

Nice one, its legit! Smiley im surprised. Gotta give it to them, btw where did the OP find this? google? Cheesy
gigitrix
Sr. Member
****
Offline Offline

Activity: 476


Bitcoins finest!!!


View Profile
June 19, 2011, 09:14:53 PM
 #31

Interesting to note the malformed records which suggest SQL injection attacks of such simplicity, that an 8 year old 4channer with an automated pentest program could get in. I have only once traded using mtgox, but I'm seriously ticked off right now. I'm seriously angry that MtGox was trusted with so many people's money, was so central to bitcoin itself. As a fellow PHP developer I feel ashamed that people like MtGox bring the rest of us down, making us look like 14 year old script kiddies. I'm ashamed that they have not learned the rudimentary techniques that would be the first lesson in how to successfully secure any website. I'm astounded that a website trading 30 million dollars of value every month is less secure than a web game I built when I was 15.

In particular, see these rows (pasted from OpenOfficed CSV so it's turned into tab separation (I will add to this as I find more):



12558hehehe\'000)waitfor delay\'0:$1$ldybUNj/$jZ5XJRWM8DsOTM3FU9TyN0
12557hehehe\'00)waitfor delay\'0:0:$1$TVk6yuVk$IKj5636wmFDwul0J2mtw8.
30306yui9&^&%$1$tRf6y.pr$EWaJXMzwRfyXvq5zI3.y..
bitclown
Full Member
***
Offline Offline

Activity: 186


View Profile
June 19, 2011, 09:16:25 PM
 #32

Stopped trading on Empty Gox two weeks ago due to the increasing reports of compromised accounts. I certainly can't see myself going back to trusting Magical Tux' PHP skills with my money after this.
jondecker76
Full Member
***
Offline Offline

Activity: 238


View Profile
June 19, 2011, 09:18:06 PM
 #33

There is a good number of us (meaning good, honest bitcoin users and supporters) that have been reporting that we had BTC stolen for a while now, but they kept denying our claims and blaming us.

I sincerely hope they plan on reimbursing us (I mean come on,  its only 20.19 BTC in my case)


RollerBot Advanced Trading Platform
https://bitcointalk.org/index.php?topic=447727.0
BTC Donations for development: 1H36oTJsi3adFh68wwzz95tPP2xoAoTmhC
CharlieContent
Full Member
***
Offline Offline

Activity: 210


View Profile
June 19, 2011, 09:23:37 PM
 #34

These fucking clowns should have stuck to selling magic the gathering cards.
Durr
Newbie
*
Offline Offline

Activity: 28


View Profile
June 19, 2011, 09:25:25 PM
 #35

These fucking clowns should have stuck to selling magic the gathering cards.

true that Cheesy

Help this puppy survive: http://larrycorreia.files.wordpress.com/2011/06/mr-snuggles.jpg

Donate to 1Gvzk3L3oLjeK5m6y4B82kFvLEZbqQnUWs
Bazil
Full Member
***
Offline Offline

Activity: 126


View Profile
June 19, 2011, 09:28:09 PM
 #36

I don't know I'd be more likely to trust mtgox after this.  At least there problems are now known and will be fixed, who knows what the vulnerabilities of the other trade sites are?  The only thing that annoys me about this is it publicizes everyone's email addys.  Although once upon a time I made a blog from scratch, and I made better PW security than mtgox has, now that is sad.

17Bo9a6YpXN2SbwY8mXLCD43Wup9ZE4rwm
frozen
Full Member
***
Offline Offline

Activity: 196



View Profile WWW
June 19, 2011, 09:36:00 PM
 #37

The good news about this event is that I believe it will lead to a more decentralized exchange setup.

skerit
Newbie
*
Offline Offline

Activity: 20


View Profile WWW
June 19, 2011, 09:38:49 PM
 #38

I'm number 905. Don't remember when I signed up really, but I only got into bitcoin once you could get bitcoins from europe. Which was pretty late in the game.

Buy beer, snacks and candy with your bitcoins over at BelgianFlavours.com (http://www.belgianflavours.com)
Chick
Member
**
Offline Offline

Activity: 70


View Profile
June 19, 2011, 09:39:41 PM
 #39

These guys deserved their accounts to be hacked...


abcde:abcde
endeavormac:endeavormac
jallen:jallen
shecnu3:shecnu3
edocasper:edocasper
demodash:demodash
niky89:niky89
hehehe\':NO PASSWORD:$1$ZJVxD1Xi$8MuO2/IEK2ITAOiRVH8nD/::::::
bubbles:bubbles
kendomastr:kendomastr
BenCardwell1:bencardwell1
test23:test23
test2323:test2323
gibberish:gibberish
themandarax:themandarax
goodbrod:goodbrod
5FDERZ$:NO PASSWORD:$1$WV1exL20$LGjDyermelSynowyWSjaW0::::::
Pete Butter:butter
feefeefeefee:feefeefeefee
daniellobel:daniellobel
Phantom_Knight:phantom
25toro:25toro
sheef1:sheef1
yui9:NO PASSWORD:$1$tRf6y.pr$EWaJXMzwRfyXvq5zI3.y..::::::
Johnster:johnster
loppyer:loppyer
Amaresh:amaresh
MeinSeins@gmx.de:meinseins
faceb:faceb
mueller:mueller
heatherington:Heatherington
stupid!:stupid!
mintslice:mintslice
sfhdusfhd:sfhdusfhd
Qba-da-Intrepid:intrepid
monkeys:monkeys
robot:robot
twatty:twatty
Mr.LKS:Mr.LKS
xxxxx:xxxxx
xxxxxxxxx:xxxxx
1qayxcvbnm:1qayxcvbnm

myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
June 19, 2011, 09:49:44 PM
 #40

Give mine a shot. User ID 11195

I consider the account compromised anyway, and it's empty, regardless... But I would like a difficulty test on my password. Which, to be clear, is unique to Mt. Gox.

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
Pages: « 1 [2] 3 4 5 6 7 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!