Bitcoin Forum
December 03, 2016, 01:44:12 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 [5] 6 7 »  All
  Print  
Author Topic: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)  (Read 33698 times)
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
June 20, 2011, 12:12:18 AM
 #81

It's clean data. Just a CSV file. Open in Google docs if you're paranoid.

Edit: Too much Starcraft.

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
1480772652
Hero Member
*
Offline Offline

Posts: 1480772652

View Profile Personal Message (Offline)

Ignore
1480772652
Reply with quote  #2

1480772652
Report to moderator
1480772652
Hero Member
*
Offline Offline

Posts: 1480772652

View Profile Personal Message (Offline)

Ignore
1480772652
Reply with quote  #2

1480772652
Report to moderator
1480772652
Hero Member
*
Offline Offline

Posts: 1480772652

View Profile Personal Message (Offline)

Ignore
1480772652
Reply with quote  #2

1480772652
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480772652
Hero Member
*
Offline Offline

Posts: 1480772652

View Profile Personal Message (Offline)

Ignore
1480772652
Reply with quote  #2

1480772652
Report to moderator
TheBitMan
Sr. Member
****
Offline Offline

Activity: 280



View Profile
June 20, 2011, 12:13:49 AM
 #82

Anybody check that csv file for viruses? Or did we just get compromised again?
I don't have excel so opened it in notepad it's clean
optionstalker
Newbie
*
Offline Offline

Activity: 23



View Profile
June 20, 2011, 12:31:22 AM
 #83

My Gmail account reported suspicious activity and I had to reset my password there. I'm using http://howsecureismypassword.net/ to determine the strength. >600yrs to crack on a normal PC it says. So maybe 60 yrs on a mining rig, good enough for now!
hoo2jalu
Member
**
Offline Offline

Activity: 70



View Profile
June 20, 2011, 12:31:52 AM
 #84

MTGOX BREAKING NEWS

We will do one hour with the TradeHill guys LIVE via Skype.... ... BLAH BLAH BLAH

I'm trying to figure out why you think it is acceptable to keep posting this in every thread.  Did you get dropped on your head a lot as a child?

Media whore'ing opportunities like this happen once a lifetim^H^H^Hmonth in bitcoin land!  Gotta make every second and eyeball count!
scooter
Member
**
Offline Offline

Activity: 100


View Profile
June 20, 2011, 12:37:16 AM
 #85

My Gmail account reported suspicious activity and I had to reset my password there. I'm using http://howsecureismypassword.net/ to determine the strength. >600yrs to crack on a normal PC it says. So maybe 60 yrs on a mining rig, good enough for now!

Mine says 7 decillion years
Chick
Member
**
Offline Offline

Activity: 70


View Profile
June 20, 2011, 12:41:11 AM
 #86

My Gmail account reported suspicious activity and I had to reset my password there. I'm using http://howsecureismypassword.net/ to determine the strength. >600yrs to crack on a normal PC it says. So maybe 60 yrs on a mining rig, good enough for now!

Mine says 7 decillion years

Repeated asdf over & over!

About 7 septendecillion years.

Batouzo
Member
**
Offline Offline

Activity: 70


View Profile
June 20, 2011, 12:53:53 AM
 #87

My Gmail account reported suspicious activity and I had to reset my password there. I'm using http://howsecureismypassword.net/ to determine the strength. >600yrs to crack on a normal PC it says. So maybe 60 yrs on a mining rig, good enough for now!

You are using http://howsecureismypassword.net/ and entering your password there?

Let's keep finger crossed the admin of that site is not logging the requests anywhere!  Or his hosting, or possible his and your ISP and all ISP in between if this checker is in http instead https. And people able to buy forged SSL certs for MITM attacks even if it is https.

Chick
Member
**
Offline Offline

Activity: 70


View Profile
June 20, 2011, 01:00:54 AM
 #88

My Gmail account reported suspicious activity and I had to reset my password there. I'm using http://howsecureismypassword.net/ to determine the strength. >600yrs to crack on a normal PC it says. So maybe 60 yrs on a mining rig, good enough for now!

You are using http://howsecureismypassword.net/ and entering your password there?

Let's keep finger crossed the admin of that site is not logging the requests anywhere!  Or his hosting, or possible his and your ISP and all ISP in between if this checker is in http instead https. And people able to buy forged SSL certs for MITM attacks even if it is https.



Chill, its all server-side. Look at the js. Smiley

martinw79
Member
**
Offline Offline

Activity: 93


View Profile
June 20, 2011, 01:03:34 AM
 #89

It would take
About 14 sextillion years
for a desktop PC to crack your password

lol, sexy...


___________________
MW79
TurboK
Full Member
***
Offline Offline

Activity: 137



View Profile
June 20, 2011, 01:15:54 AM
 #90

Does anyone with perhaps a hair more experience than myself recognize the format of these hashes? I can recognize base 64 encoded fields with "$" as a delimiter easily enough, but I haven't taken the time to explicitly generate various hashes from my known password, b64 encode them and compare the results. I can do this later today if I've got the time but I'm kind of hoping that someone else already has Smiley

The above exercise, if nothing matches, could also prove whether Mt. Gox was actually salting their hashes, which seems doubtful looking at the CSV.

Really though I'm with speeder, let's at least identify enough people and their signup dates in this list to imply some good network growth numbers that we might otherwise not have access to.
Input the salt and the password here and check under md5(unix).
http://www.insidepro.com/hashes.php?lang=eng

the format in the csv is $1$salt$password.

12zJNWtM2HknS2EPLkT9QPSuSq1576aKx7

Tradehill viral bullshit code: TH-R114411
Nescio
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 20, 2011, 01:20:32 AM
 #91

Yeah that's smart, going to some website to check your password LOL. You can bet your ass some people will have referrers pointing back to here and the site will connect the dots, find the password file, tie hash to entered pass, look up email address in file, hack mail and fish for balance when Mt.Gox comes back.
saqwe
Full Member
***
Offline Offline

Activity: 224



View Profile WWW
June 20, 2011, 01:29:16 AM
 #92


Incorrect. The amount of time it takes is related to the complexity of the password. "monkey" will be found in seconds, but something like "efweug#%_#Tsafwef24g" will take years.

Wow, glad I changed my password to "efweug#%_#Tsafwef24g" just 2 days ago!

hehe 12390ßqweuio789456 was mine

Samantha2011
Newbie
*
Offline Offline

Activity: 14


View Profile
June 20, 2011, 01:37:55 AM
 #93

My Gmail account reported suspicious activity and I had to reset my password there. I'm using http://howsecureismypassword.net/ to determine the strength. >600yrs to crack on a normal PC it says. So maybe 60 yrs on a mining rig, good enough for now!

You are using http://howsecureismypassword.net/ and entering your password there?

Let's keep finger crossed the admin of that site is not logging the requests anywhere!  Or his hosting, or possible his and your ISP and all ISP in between if this checker is in http instead https. And people able to buy forged SSL certs for MITM attacks even if it is https.



Why would you enter your actual passwords into it anyway? At least use a substitution cipher on your password. And if that enhances the security of your password because it contains dictionary words, you're just an idiot.  Tongue

Obligatory begging address:

1F6aMYyqy95itC88okx85FXwPvuQref8ZF
semarjt
Newbie
*
Offline Offline

Activity: 27


View Profile
June 20, 2011, 01:57:15 AM
 #94

Isn't it ironic that bitcoin mining is essentially also cracking a hash?

No, because that is not at all what bitcoin mining is.
haydent
Full Member
***
Offline Offline

Activity: 154



View Profile
June 20, 2011, 02:16:59 AM
 #95

Quote
[Update - 2:06 GMT] What we know and what is being done.

    It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked.
    Two months ago we migrated from MD5 hashing to freeBSD MD5 salted hashing. The unsalted user accounts in the wild are ones that haven't been accessed in over 2 months and are considered idle. Once we are back up we will have implemented SHA-512 multi-iteration salted hashing and all users will be required to update to a new strong password.
    We have been working with Google to ensure any gmail accounts associated with Mt.Gox user accounts have been locked and need to be reverified.
    Mt.Gox will continue to be offline as we continue our investigation, at this time we are pushing it to 8:00am GMT.
    When Mt.Gox comes back online, we will be putting all users through a new security measure to authenticate the users. This will be a mix of matching the last IP address that accessed the account, verifying their email address, account name and old password. Users will then be prompted to enter in a new strong password.

https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback

2x Gigabyte 6950 OC @ 920/450 w/ ati tray tools (1 shader modded) - 760Mhs on ozco.in 0% fee aus pool
btc: 1HS5Brzcsh7XkJn566XYbvfpa2JuBRBdss
JonathanHiggins
Newbie
*
Offline Offline

Activity: 18


View Profile
June 20, 2011, 02:36:02 AM
 #96

Is it possible to get the list of names etc in alphabetical order?
Quantumplation
Member
**
Offline Offline

Activity: 84


View Profile
June 20, 2011, 02:57:14 AM
 #97

If they cant get the passwords because they're hashed, then... ummm, how did they do it?

What do you think Bitcoin miners are doing? Cracking hashes.

What do you think the passwords are protected with? Hashes.

So it's easy to crack hashes passwords, takes a few minutes per password, as long as it takes to crack a new Bitcoin block (about 10 minutes) is how long it takes to crack a hashed password.

That's not quite accurate.  Miners are tweaking one value in a block of data in order to find any password WITHIN THE DIFFICULTY.  Finding a hash that is lower than a set value is far easier than finding a very specific existing password.  Essentially, cracking the password would be solving the highest difficulty block possible.  (Also, Miners are working on SHA256, much harder to crack than simple MD5...)

Against my better judgement... 1ADjszXMSRuAUjyy3ShFRy54SyRVrNDgDc
haydent
Full Member
***
Offline Offline

Activity: 154



View Profile
June 20, 2011, 02:57:43 AM
 #98

Quote
Is it possible to get the list of names etc in alphabetical order?

just import said csv into spreadsheet program and sort that column

2x Gigabyte 6950 OC @ 920/450 w/ ati tray tools (1 shader modded) - 760Mhs on ozco.in 0% fee aus pool
btc: 1HS5Brzcsh7XkJn566XYbvfpa2JuBRBdss
Chick
Member
**
Offline Offline

Activity: 70


View Profile
June 20, 2011, 03:42:53 AM
 #99

LOL @ someone messaging me and wanting this removed. Even if this thread was removed, the file has already been leaked.

If it's out there, you might as well let it be.

finnthecelt
Full Member
***
Offline Offline

Activity: 140


View Profile
June 20, 2011, 03:54:25 AM
 #100

I hope you guys are interested in buying Viagra and increasing the size of your penis.

Now that's funny shit. I don't care who you are!!!! Already spammed from a Tradehill promoter. Thrice!!!
Pages: « 1 2 3 4 [5] 6 7 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!