Bitcoin Forum
December 08, 2016, 06:19:33 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 »  All
  Print  
Author Topic: Gmail unusual activity  (Read 17276 times)
mjsbuddha
Sr. Member
****
Offline Offline

Activity: 336


yung lean


View Profile
June 19, 2011, 10:00:39 PM
 #21

got the same. thought i wasnt using the same passwords across sites, i changed them all anyway. just to be safe
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481177973
Hero Member
*
Offline Offline

Posts: 1481177973

View Profile Personal Message (Offline)

Ignore
1481177973
Reply with quote  #2

1481177973
Report to moderator
1481177973
Hero Member
*
Offline Offline

Posts: 1481177973

View Profile Personal Message (Offline)

Ignore
1481177973
Reply with quote  #2

1481177973
Report to moderator
1481177973
Hero Member
*
Offline Offline

Posts: 1481177973

View Profile Personal Message (Offline)

Ignore
1481177973
Reply with quote  #2

1481177973
Report to moderator
jatajuta
Sr. Member
****
Offline Offline

Activity: 365



View Profile
June 19, 2011, 10:01:48 PM
 #22

Had received the code and my gmail account is fine.

It can be gmail security for this leak event or just suspicious acticity on the web trying to access my account.
jibjabz
Jr. Member
*
Offline Offline

Activity: 59


View Profile
June 19, 2011, 10:05:50 PM
 #23

Same here.  Good luck cracking my password.

I'll give you a headstart.

Listed salt $1$ZBJdbkqZ$
Listed hash MD/Ln/Ro/cOFIPpWYMHpA.

My password starts with a letter, ends with a number, has a symbol, and more than 15 characters.

If you crack it and post it here I'll send you the remainder of my mtgox funds ($500)

1. Where'd you download/get this info?

2. Assuming I know my password is one of two things can I figure out what it is using this?

Not sure why but my IP was banned yesterday so I logged in from a different location (worked fine) and changed my password. I'm not sure if my old password or new one is in the data that was stolen. Either one is ~18 characters. Am I pretty safe either way or is it true that these aren't as well salted as mtgox claims?

Don't go broke while you're out having fun. Check out Coin Watcher.

Free trial until 6/14. Just add yourself to this group to start receiving e-mail alerts.
Maged
Legendary
*
Offline Offline

Activity: 1260


View Profile
June 19, 2011, 10:06:02 PM
 #24

I told Mike about this thread, but he hasn't responded yet.

Anyway, our resident Google employee is currently locking every account on the MtGox list.

<TD> yep, sorry folks
<TD> there's no way to know which passwords will get reversed and found to be shared over the next 24 hours or so
<TD> this is a standard procedure when faced with password leaks

tabshift
Newbie
*
Offline Offline

Activity: 23


View Profile
June 19, 2011, 10:06:53 PM
 #25

I just had this happen to my account too..  frozen out of Gmail when trying to login. I had to verify my identity via a SMS.
ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
June 19, 2011, 10:09:06 PM
 #26

Google froze my Gmail account until I revalidated it by SMS. I guess someone is trying the cracked MtGox passwords against the corresponding Gmail accounts. Luckily my passwords are both very strong, and are different.
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 19, 2011, 10:12:48 PM
 #27

I told Mike about this thread, but he hasn't responded yet.

Anyway, our resident Google employee is currently locking every account on the MtGox list.

<TD> yep, sorry folks
<TD> there's no way to know which passwords will get reversed and found to be shared over the next 24 hours or so
<TD> this is a standard procedure when faced with password leaks

The fact that gmail, of all places, responded within an hour of mt gox, just goes to show how awesome they are on security.

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526


View Profile
June 19, 2011, 10:14:57 PM
 #28

Hi guys,

The reason your Google accounts have been required to change the password is that you appeared in a list of public MtGox accounts. We do understand that you may not have been sharing your passwords, unfortunately as they were leaked in hashed form it is hard to know which ones will be found to be sharing passwords and which won't - this will be found out by brute forcers over the next 24-48 hours.

Again, apologies for the inconvenience, we know that choosing new passwords is a pain. Requiring password rotations is not a decision we take lightly. However this is standard procedure for credentials leaks. It is to avoid accounts showing up in the black market for hacked passwords, as Gmail account access can be used to obtain access at other sites (PayPal, Facebook, etc).

thanks,

Mike
Google abuse/anti-hijack team
tabshift
Newbie
*
Offline Offline

Activity: 23


View Profile
June 19, 2011, 10:17:26 PM
 #29

My respect for Google has only increased due to this quick response. Thank you!

Hi guys,

The reason your Google accounts have been required to change the password is that you appeared in a list of public MtGox accounts. We do understand that you may not have been sharing your passwords, unfortunately as they were leaked in hashed form it is hard to know which ones will be found to be sharing passwords and which won't - this will be found out by brute forcers over the next 24-48 hours.

Again, apologies for the inconvenience, we know that choosing new passwords is a pain. Requiring password rotations is not a decision we take lightly. However this is standard procedure for credentials leaks. It is to avoid accounts showing up in the black market for hacked passwords, as Gmail account access can be used to obtain access at other sites (PayPal, Facebook, etc).

thanks,

Mike
Google abuse/anti-hijack team
rdonohoe
Jr. Member
*
Offline Offline

Activity: 37


View Profile
June 19, 2011, 10:18:05 PM
 #30

Hi guys,

The reason your Google accounts have been required to change the password is that you appeared in a list of public MtGox accounts. We do understand that you may not have been sharing your passwords, unfortunately as they were leaked in hashed form it is hard to know which ones will be found to be sharing passwords and which won't - this will be found out by brute forcers over the next 24-48 hours.

Again, apologies for the inconvenience, we know that choosing new passwords is a pain. Requiring password rotations is not a decision we take lightly. However this is standard procedure for credentials leaks. It is to avoid accounts showing up in the black market for hacked passwords, as Gmail account access can be used to obtain access at other sites (PayPal, Facebook, etc).

thanks,

Mike
Google abuse/anti-hijack team

Thank you Google for your diligence.
TheSocialHermit
Jr. Member
*
Offline Offline

Activity: 42


View Profile
June 19, 2011, 10:18:17 PM
 #31

Yea same happened with my secondary gmail account. Mt Gox is in the shit now. I'm lucky I haven't done any business with them so I haven't lost anything other than trust in their systems.
justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
June 19, 2011, 10:21:40 PM
 #32

Situations like this are why I'm glad all of my passwords are different and random.
Herodes
Hero Member
*****
Offline Offline

Activity: 868


View Profile
June 19, 2011, 10:26:04 PM
 #33

All passwords should be different and random. Use something like keepass to keep track of your passwords.

The reason you get the g-mail warning "Unusual acitivity detected" or something similar is because your e-mail is on the list on leaked e-mails from the mtGox db compromise. So If you have used the same password for mtGox and gmail for instance, this is used to protect the users so that in the event someone bruteforces the password hash in that leaked list, they will not have access to your gmail-account. Of course if you used the same password for both mtgox.com and gmail, you should stop doing something like that in the future.

The source of confusion is that google has only given a generic message, and not a specific one, perhaps this is just their policy, I don't know, but I think it would be better to give a more detailed explanation to keep people from getting worried.

Most likely your gmail account is not compromised at all.
palmertech
Newbie
*
Offline Offline

Activity: 22


View Profile
June 19, 2011, 10:30:31 PM
 #34

I just got this notification, too, so I guess someone must be going through all the accounts that got leaked.  Undecided  Had to do a phone verification, and I also got notification from eBay, to boot!  Luckily, I use different passwords.

I think I am done with MtGox.
Bunghole
Member
**
Offline Offline

Activity: 64



View Profile
June 19, 2011, 10:31:23 PM
 #35

I'm in the CSV file and my email account now appears to be suspended.  For privacy reasons, I don't want to name the email provider, but I will say that it is a smaller one that most have probably never heard of.  I'm guessing that someone is trying to brute-force their way in - the email provider noticed it and suspended my account for now.  But strangely, I can still log into my provider's website - just can't receive mail.
Slab Squathrust
Full Member
***
Offline Offline

Activity: 171


View Profile
June 19, 2011, 10:33:10 PM
 #36

Still waiting on mine.  I changed all passwords as a precaution just because.  Its a shame that the email address is out there though.  I'm looking forward to cheap viagra and other dick enhancement offers. 
Bunghole
Member
**
Offline Offline

Activity: 64



View Profile
June 19, 2011, 10:43:45 PM
 #37

I want to point out that my email account is NOT gmail yet was suspended shortly after the CSV file was published.  So, that couldn't be due to the Google employee's help.  Someone must be trying to brute-force their way into my account.

Quote
I'm in the CSV file and my email account now appears to be suspended.  For privacy reasons, I don't want to name the email provider, but I will say that it is a smaller one that most have probably never heard of.  I'm guessing that someone is trying to brute-force their way in - the email provider noticed it and suspended my account for now.  But strangely, I can still log into my provider's website - just can't receive mail.
Litt
Sr. Member
****
Offline Offline

Activity: 350


View Profile
June 19, 2011, 10:43:53 PM
 #38

Hi guys,

The reason your Google accounts have been required to change the password is that you appeared in a list of public MtGox accounts. We do understand that you may not have been sharing your passwords, unfortunately as they were leaked in hashed form it is hard to know which ones will be found to be sharing passwords and which won't - this will be found out by brute forcers over the next 24-48 hours.

Again, apologies for the inconvenience, we know that choosing new passwords is a pain. Requiring password rotations is not a decision we take lightly. However this is standard procedure for credentials leaks. It is to avoid accounts showing up in the black market for hacked passwords, as Gmail account access can be used to obtain access at other sites (PayPal, Facebook, etc).

thanks,

Mike
Google abuse/anti-hijack team

Preemptive actions before things really get out of hand. Now that is a sound business practice right here.  
Dansker
Hero Member
*****
Offline Offline

Activity: 740


Hello world!


View Profile
June 19, 2011, 10:44:41 PM
 #39

Just verified mine too...

I will never use mtgox again, any website that doesn't protect my email adress can go fuck itself.

interfect
Full Member
***
Offline Offline

Activity: 139


View Profile
June 19, 2011, 10:48:20 PM
 #40

Hi guys,

The reason your Google accounts have been required to change the password is that you appeared in a list of public MtGox accounts. We do understand that you may not have been sharing your passwords, unfortunately as they were leaked in hashed form it is hard to know which ones will be found to be sharing passwords and which won't - this will be found out by brute forcers over the next 24-48 hours.

Again, apologies for the inconvenience, we know that choosing new passwords is a pain. Requiring password rotations is not a decision we take lightly. However this is standard procedure for credentials leaks. It is to avoid accounts showing up in the black market for hacked passwords, as Gmail account access can be used to obtain access at other sites (PayPal, Facebook, etc).

thanks,

Mike
Google abuse/anti-hijack team

Thanks!

It would be nice to get a better message than "unusual activity", though, seeing as how, in this instance, there was (presumably) no actual activity on the account that led to the lock. Maybe something like "A password for an account at <site> associated with this e-mail address has been leaked. Your Google password has been invalidated to protect your account" or some such.
Pages: « 1 [2] 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!