What mtgox number are you? (from DB leak)

[grue]

from accounts.csv (you know which one)

4856,gruez,free.133ch@gmail.com,$1$ZyEFTEke$cWSfcMkc7pjPmHLzMt7dv0

ps. this idea was stolen off of someone else.

Actually, aren't you

56   grue   grue@joshua.in   9d7c5870687bd54118663f5422ea2b9c

?

that was someone else.

[1714020033]

1714020033

[1714020033]

1714020033

[1714020033]

1714020033

[imperi]

from accounts.csv (you know which one)

4856,gruez,free.133ch@gmail.com,$1$ZyEFTEke$cWSfcMkc7pjPmHLzMt7dv0

ps. this idea was stolen off of someone else.

Actually, aren't you

56   grue   grue@joshua.in   9d7c5870687bd54118663f5422ea2b9c

?

I think he knows what his own email is?

[Astro]

I'm under 2000 but above 1000.

[Quantumplation]

Wait, that means... There are MULTIPLE grues around these parts?  I get the feeling I'm about to be eaten...

[The Script]

Hey anyone want to do me a favor and look "The Script" up on the list? I'm on my iPad at home, 3G Internet and I can't download the csv file but I'm curious what number I am at. I'm guessing less than 3000

[BtcNmcMiner]

I'm

51319   roebuck85   roebuck85@gmail.com   $1$Qc8worl4$dhGEsjtdKyEX9VS0C8Xko0


I signed up June 14th

[franzl]

I'm 100 

I think I've registered on 2010-07-29, that's when I first sent coins to mtgox.

[Timo Y]

Y'know, those < 3100 are all easily crackable?

looks like somebody already cracked mine.

(Mine is < 400)

When I tried to log into my gmail account that was registered on mtgox I got this message from gmail: "suspicious activity reported. please change your password".

Good thing I had a unique password just for mtgox!  

[scribe]

I'm #604 (same username as here), but not logged in for months so my password is in the old hash form - I'm assuming it's been cracked, but would love to have confirmation. Anyone that's run Jack on the file able to PM or e-mail me or something if they have?

Paranoia mode on.

[Inedible]

To make the game more interesting, if you could also post the last IP address that accessed the account, your email address (bonus points if you can provide that password too), account name your old password (as that's now useless) and your full physical address, age, date of birth and your mother's maiden name, we can make a nice graph out of that. What do you say chaps?





(For those without a sense of humour or sense that is common: DO NOT TAKE THIS POST SERIOUSLY!)

[killer2021]

well ... i know companies that don't give sequential numbers starting at 1 just to hide real numbers.

You mean companies that care about their customers and don't use amateur college-level PHP coding full of security holes?

Is that message implying that PHP is insecure, or am I misreading it?

PS: College-level? I was 13 and I released a perfectly secure Club Penguin Private Server, with multi-pass SHA256...

PPS: Don't do the above unless you like angry Disney lawyers

I'm saying  (current) college-level PHP coding is unsecure. It's a curse of the software industry, that nobody adds security unless it's been proven to be required. Usually the proof of requirement is pretty damaging. I suppose the quality level of mtgox coding is on par with their ability on html/css/graphic output.

Does nobody consider that some (PHP/Web) CMS projects have millions of lines of code and years of user testing on millions of installations and still identify and fix security holes? And people never use those (in this community), instead they cowboy-code their own low complexity implementations?

True but there is a cost to everything. Not everyone can afford to hire 15 php master coders with 20+ years experience and PHDs in computer science, ya know!

[killer2021]

Y'know, those < 3100 are all easily crackable?

I was able to find 640 passwords belonging to users 1 through 3036... and i know absolutely nothing about Cryptography (Which also means they could be wrong) just by feeding them into some gammy online hash cracker yokie

329,Mahkul,p.makulski@gmail.com,$1$e1u03TlV$wGLXQ8ynWjXib5E4qj0fm.

Did you manage to crack my password? I thought it was pretty good. You can post it here, I never use the same password for more than one site anyway.

Its 123456789.

Pretty good, eh?

[joepie91]

well ... i know companies that don't give sequential numbers starting at 1 just to hide real numbers.

You mean companies that care about their customers and don't use amateur college-level PHP coding full of security holes?

Is that message implying that PHP is insecure, or am I misreading it?

PS: College-level? I was 13 and I released a perfectly secure Club Penguin Private Server, with multi-pass SHA256...

PPS: Don't do the above unless you like angry Disney lawyers

I'm saying  (current) college-level PHP coding is unsecure. It's a curse of the software industry, that nobody adds security unless it's been proven to be required. Usually the proof of requirement is pretty damaging. I suppose the quality level of mtgox coding is on par with their ability on html/css/graphic output.

Does nobody consider that some (PHP/Web) CMS projects have millions of lines of code and years of user testing on millions of installations and still identify and fix security holes? And people never use those (in this community), instead they cowboy-code their own low complexity implementations?

True but there is a cost to everything. Not everyone can afford to hire 15 php master coders with 20+ years experience and PHDs in computer science, ya know!

You don't realize how many fees Mt. Gox has been raking in?

[allinvain]

400,000 BTC can buy a boat load of coders...

[speeder]

well ... i know companies that don't give sequential numbers starting at 1 just to hide real numbers.

You mean companies that care about their customers and don't use amateur college-level PHP coding full of security holes?

Is that message implying that PHP is insecure, or am I misreading it?

PS: College-level? I was 13 and I released a perfectly secure Club Penguin Private Server, with multi-pass SHA256...

PPS: Don't do the above unless you like angry Disney lawyers

I'm saying  (current) college-level PHP coding is unsecure. It's a curse of the software industry, that nobody adds security unless it's been proven to be required. Usually the proof of requirement is pretty damaging. I suppose the quality level of mtgox coding is on par with their ability on html/css/graphic output.

Does nobody consider that some (PHP/Web) CMS projects have millions of lines of code and years of user testing on millions of installations and still identify and fix security holes? And people never use those (in this community), instead they cowboy-code their own low complexity implementations?

True but there is a cost to everything. Not everyone can afford to hire 15 php master coders with 20+ years experience and PHDs in computer science, ya know!

You don't realize how many fees Mt. Gox has been raking in?

You don't realize WHEN the fees were raked in?

MtGox went from nothing to everything in 2 months, MagicalTux more than once mentioned desperately trying to hire workers and not working so well. It is not much of a money issue, but also time issue.

[goodlord666]

To make the game more interesting, if you could also post the last IP address that accessed the account, your email address (bonus points if you can provide that password too), account name your old password (as that's now useless) and your full physical address, age, date of birth and your mother's maiden name, we can make a nice graph out of that. What do you say chaps?

THAT's the spirit!   

[grue]

To make the game more interesting, if you could also post the last IP address that accessed the account, your email address (bonus points if you can provide that password too), account name your old password (as that's now useless) and your full physical address, age, date of birth and your mother's maiden name, we can make a nice graph out of that. What do you say chaps?

last ip: 127.0.0.1
email: in original post
email pass: same as mtgox pass