Bitcoin Forum
December 10, 2016, 07:06:02 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 5 6 7 »  All
  Print  
Author Topic: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)  (Read 33729 times)
IlbiStarz
Full Member
***
Offline Offline

Activity: 224


View Profile
June 19, 2011, 09:52:00 PM
 #41

Maybe this file is actually a virus/keylogger that will steal your wallet.dat or find your new password once Mt.Gox comes up again? That's the only thing from preventing me from downloading this file.

Really tempted tho...

Or maybe im just stupid/paranoid.

It's better to be pissed off, than to be pissed on.
BTC : 1UgM1rqL9mFtH4PHF8TgvAaceymaKmhmP         LTC : LgCGw2WrRphr94RYS1qXHj2PUuYrTap4vk
FC : 6jc9PEmqxpMSxydfepHtshE4f2jMom1dAJ
1481353562
Hero Member
*
Offline Offline

Posts: 1481353562

View Profile Personal Message (Offline)

Ignore
1481353562
Reply with quote  #2

1481353562
Report to moderator
1481353562
Hero Member
*
Offline Offline

Posts: 1481353562

View Profile Personal Message (Offline)

Ignore
1481353562
Reply with quote  #2

1481353562
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481353562
Hero Member
*
Offline Offline

Posts: 1481353562

View Profile Personal Message (Offline)

Ignore
1481353562
Reply with quote  #2

1481353562
Report to moderator
Chick
Member
**
Offline Offline

Activity: 70


View Profile
June 19, 2011, 09:54:07 PM
 #42

Maybe this file is actually a virus/keylogger that will steal your wallet.dat or find your new password once Mt.Gox comes up again? That's the only thing from preventing me from downloading this file.

Really tempted tho...

Or maybe im just stupid/paranoid.

Dude, its a fucking CSV file. Check the extension, open the URL up in Google Docs if you're too scared. Tongue

WiseOldOwl
Full Member
***
Offline Offline

Activity: 224



View Profile
June 19, 2011, 10:02:53 PM
 #43

I am not able to get the file, has it been removed or am i just having problems on my end

http://cryptoswap.com
XRP/BTC/LTC/BTE
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
June 19, 2011, 10:04:58 PM
 #44

is there a way to "search" this csv list for my username instead of scrolling 60K names?
killer2021
Member
**
Offline Offline

Activity: 84


View Profile
June 19, 2011, 10:07:04 PM
 #45

I changed my password the other day when someone said the account was hacked.

Anonymous Cash-By-Mail Exchange: https://www.bitcoin2cash.com
1H6mqgB6UcqKt2SrCmhjxUp9np1Xrbkdj7
Chick
Member
**
Offline Offline

Activity: 70


View Profile
June 19, 2011, 10:08:13 PM
 #46

is there a way to "search" this csv list for my username instead of scrolling 60K names?

Ctrl + Find. I opened it up in Google Docs.

airdata
Sr. Member
****
Offline Offline

Activity: 406


View Profile
June 19, 2011, 10:10:01 PM
 #47

Oh... nice.. so much for anonymity

how easy is that password hash to crack?
 
MeowMixer
Jr. Member
*
Offline Offline

Activity: 47


View Profile
June 19, 2011, 10:12:11 PM
 #48

is there a way to "search" this csv list for my username instead of scrolling 60K names?
ctrl+f

What would you do for a bitcoin? http://forbitcoin.com
bullox
Member
**
Offline Offline

Activity: 112


View Profile
June 19, 2011, 10:19:30 PM
 #49

so obviously its md5, and the salt is contained within db entry, but what method are they using to get the unicode characters back into hex strings that most password crackers utilize for reversing md5?
Chick
Member
**
Offline Offline

Activity: 70


View Profile
June 19, 2011, 10:23:57 PM
 #50

so obviously its md5, and the salt is contained within db entry, but what method are they using to get the unicode characters back into hex strings that most password crackers utilize for reversing md5?

I don't think they're salting their passwords.

I'm using John The Ripper to crack these worthless "123456" md5-crypt passwords.

TheBitMan
Sr. Member
****
Offline Offline

Activity: 280



View Profile
June 19, 2011, 10:26:11 PM
 #51

I'm a member but I couldn't find mine Huh
Batouzo
Member
**
Offline Offline

Activity: 70


View Profile
June 19, 2011, 10:30:07 PM
 #52

Which is why we salt passwords before hashing them. It might take seconds to find "monkey" but it'll take ages to find "monkeyefweug#%_#Tsafwef24g" and the user doesn't have to remember that second part. Really if the database is compromised the salt is in there with the hash so it doesn't help much but it DOES at least make it so that two people using the same password won't both be compromised by simply compromising one of them. It also makes "rainbow tables" (giant tables of common passwords and what they hash to) ineffective.

It depends - if (if, I'm not sure how this is in case of mtgox) entire users database was leaked, then usually you also have the salts for each user right there in the database.

On the other hand, if they coded is smartly, they also used extra salt that is only in the source code and not in database  - that one should help indeed.
DeiBellum
Newbie
*
Offline Offline

Activity: 22


View Profile
June 19, 2011, 10:34:21 PM
 #53

So, WTF happened to websites being responsible and hashing emails as well?

Just my .02btc

If you like what I have posted please donate Smiley
1J5cNFGrTZPAWXhGDDkESWRQwtR5k5KbLw
Otoh
Donator
Legendary
*
Offline Offline

Activity: 1918



View Profile
June 19, 2011, 10:35:11 PM
 #54

I do not know if this is real or fake. However, this is an direct download link that I hosted. Please comment...

http://bit.ly/kE3Q4D

[Edit: Holy shit, this is real. I found my email & password in the CSV. Shit just got real...]

I cant believe that.

This is completely against every privacy consideration that this file is openly distributed.


Sig:
>12y experience in trading.
Donations accepted: 14TeeHy4igXUgfnjXmCFG5MwkcRKZRkprS

Please always do your own due diligence, and consult your financial advisor. Never invest unless you can afford to lose your entire investment.

http://twitter.com/BitcoinAnalyst

lols @ Sig irony

Node40.com is a leader in DASH hosting, dedicated exclusively to fully managed masternode hosting. Professional, organized, and responsive. I have many dozens of nodes with them.    
BTC = $c²     BTC = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc      DASH, Digital Cash = www.dash.org   
   CHARITY | MY REP | DICE
TheBitMan
Sr. Member
****
Offline Offline

Activity: 280



View Profile
June 19, 2011, 10:35:35 PM
 #55

is there a way to "search" this csv list for my username instead of scrolling 60K names?
control+f and type in Smiley
Batouzo
Member
**
Offline Offline

Activity: 70


View Profile
June 19, 2011, 10:36:54 PM
 #56

so obviously its md5, and the salt is contained within db entry, but what method are they using to get the unicode characters back into hex strings that most password crackers utilize for reversing md5?

Mother of god...

I'm usually coding a web game page (no money) more securely...
Caesium
Hero Member
*****
Offline Offline

Activity: 548


View Profile
June 19, 2011, 10:37:53 PM
 #57

On the other hand, if they coded is smartly, they also used extra salt that is only in the source code and not in database  - that one should help indeed.

They didn't. My details are in there and I reproduced the hash for my password with the following perl:

#! /usr/bin/perl
$salt = '$1$SALT$'; # this is the at the start of the salted password in the accounts.csv, it's 8 alphanumeric characters
$pw = 'MY_PLAIN_PASSWORD'; # do this on a secure box, you're entering your password into a text editor.
$encpw = crypt($pw, $salt);
print "Encrypted password: $encpw\n";

Observe how the printed hash equals the bit after the salt in the accounts.csv. Thus no hidden salt or trickery.

Tired of annoying signature ads? Ad block for signatures
snowboard789
Sr. Member
****
Offline Offline

Activity: 322


View Profile
June 19, 2011, 10:38:20 PM
 #58

i changed my pass also yesterday, can someone confirm the hack date???
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
June 19, 2011, 10:40:48 PM
 #59

I should point out that the site made a change to improve password security at least several months ago.  Any passwords set after that time are secure.

Their biggest fault was not forcing users to update their passwords at that time.

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
F104
Newbie
*
Offline Offline

Activity: 26



View Profile
June 19, 2011, 10:43:19 PM
 #60

I am not as computer literate as most of you. I have some dumb questions. Please be patient with me.

1. Is the *only* data that has been lost the user names, email and hashed password? Is there any way these people can get at my wallet? (I had nothing at Mt. Gox so I have no worries about that)

2. Can they get at the account from which I sent money to Mt Gox?

3. How could this have happened? I expected a person handling this kind of money would be secured like my bank website. On the other hand, why did everyone trust him?

4. Is Mt. Gox giving any accountability such as taking steps to secure what information has not been lost yet?

5. Luckily I used my Mt Gox password only there. What steps should I take to secure other data I have?

thanks
Pages: « 1 2 [3] 4 5 6 7 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!