Bitcoin Forum
November 19, 2024, 12:12:29 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: Gmail unusual activity  (Read 18371 times)
EricJ2190
Full Member
***
Offline Offline

Activity: 134
Merit: 102


View Profile
June 19, 2011, 10:50:21 PM
 #41

I got it too, and I use a completely different (and stronger) password for Gmail than my password from MtGox. Gmail's logs show no access from unusual IPs, so I assume somebody was just trying to use my MtGox password on Gmail.
imperi
Full Member
***
Offline Offline

Activity: 196
Merit: 101


View Profile
June 19, 2011, 10:51:47 PM
 #42

I thought someone was just entering random stuff into my Gmail, because both my Mtgox and Gmail are pretty strong. Guess not apparently.
Dansker
Hero Member
*****
Offline Offline

Activity: 740
Merit: 500


Hello world!


View Profile
June 19, 2011, 10:53:51 PM
 #43

Yeah, it's a bit misleading to say there had been suspicious activity with the accounts, since they have simply shown up on the list, and no log-in attempts may have been made what so ever.

Although It's much appreciated that google cares for the safety of their users so much. We need it, and you need it too.

CharlieContent
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
June 19, 2011, 11:09:19 PM
 #44

Hi guys,

The reason your Google accounts have been required to change the password is that you appeared in a list of public MtGox accounts. We do understand that you may not have been sharing your passwords, unfortunately as they were leaked in hashed form it is hard to know which ones will be found to be sharing passwords and which won't - this will be found out by brute forcers over the next 24-48 hours.

Again, apologies for the inconvenience, we know that choosing new passwords is a pain. Requiring password rotations is not a decision we take lightly. However this is standard procedure for credentials leaks. It is to avoid accounts showing up in the black market for hacked passwords, as Gmail account access can be used to obtain access at other sites (PayPal, Facebook, etc).

thanks,

Mike
Google abuse/anti-hijack team

Thanks Mike! Really appreciate it. Maybe Google could set up a BitCoin exchange?

MagicalTux: You are an idiot son. You've gone from respected by the community to despised just because you're too stupid, or too lazy to secure your website. I sincerely hope Mt. Gox doesn't come back from this. It was so stupid to have so much trade centralised in a website that used to be for trading pieces of card to be used in a children's game.

Go back to trading Magic the Gathering Cards, you fucking amateur.
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1134


View Profile
June 19, 2011, 11:15:26 PM
 #45

Yes, we should have a message for when password leaks occur specifically. I will add this to our todo list.
grod
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
June 19, 2011, 11:21:51 PM
 #46

Siiigh.  That gmail address of mine was one I use for 'serious' stuff having to do with money and registration on sites I actually care about (as opposed to all the freebie service ones, where I don't give a rat's behind if someone hijacks).  It was not widely available in the spammer circles.

Now it's out there for spammers and scammers to do their thing to.

Luckily I don't re-use usernames, never mind passwords, so other email and other services shouldn't be horribly impacted.

Thanks mtgox!  Seriously.  And if you couldn't fix your code after all the reports of being compromised there's 0 chance you'll fix it in the future.  Buhbye.
scooter
Member
**
Offline Offline

Activity: 100
Merit: 10


View Profile
June 19, 2011, 11:37:50 PM
 #47

Just verified mine too...

I will never use mtgox again, any website that doesn't protect my email adress can go fuck itself.

You should stop using every website then.
The fact that nearly every website uses an email address username/password combination for authentication and the fact that nearly 3/4ths of all people use the same password for everything means that all it takes is for one website to get hacked and people have a way in to almost every other site you are part of.

No security is 100%, but the number of hacks that have happened in recent months is incredible.
We need to rethink the whole way we do authentication on the internet.

Funny thing is.. I was in the middle of writing an article on this topic when I got the news.
seeARMS @ Bit-Bank
Copper Member
Newbie
*
Offline Offline

Activity: 62
Merit: 0


View Profile WWW
June 19, 2011, 11:44:26 PM
 #48

Just wanted to say: my account on this site got hacked, my Steam account got hacked (with over $500+ worth of games on it), and who knows what else got hacked.

Suffice to say I'm fucking pissed.
AllYourBase
Full Member
***
Offline Offline

Activity: 138
Merit: 100


View Profile
June 19, 2011, 11:53:40 PM
 #49

I use gmail for some things, but luckily not for this.  If I did, I'd be super pissed at Google right now.  I use different passwords at different sites, so there'd be zero chance of a hacker getting into my gmail account because of knowing a hash of my mtgox password.  The inconvenience and condescending nature of involuntarily locking my account when I am fully aware it won't be compromised is monumental.  Plus, it's freakin' creepy.  Every day I like gmail less and less.
bitcoinaddict
Member
**
Offline Offline

Activity: 75
Merit: 10


View Profile
June 20, 2011, 12:17:40 AM
 #50

I use gmail for some things, but luckily not for this.  If I did, I'd be super pissed at Google right now.  I use different passwords at different sites, so there'd be zero chance of a hacker getting into my gmail account because of knowing a hash of my mtgox password.  The inconvenience and condescending nature of involuntarily locking my account when I am fully aware it won't be compromised is monumental.  Plus, it's freakin' creepy.  Every day I like gmail less and less.

How is google supposed to know if you use the same password or not?  If they didn't lock it and you got hacked, you'd be complaining that they didn't lock it when they know your email address had been listed with other details that could lead to your account being compromised.

IMO google locking the accounts is a good thing.  You can't have icing on both sides of your cake.

https://bitcoinmonkey.com/images/btcmonkey_ub.png
Join https://www.bitcoinmonkey.com mining pool!  0% Fees for life, LP, super low stales, API, SSL (with a real cert!), growing fast!
Clipse
Hero Member
*****
Offline Offline

Activity: 504
Merit: 502


View Profile
June 20, 2011, 12:27:20 AM
 #51

I use gmail for some things, but luckily not for this.  If I did, I'd be super pissed at Google right now.  I use different passwords at different sites, so there'd be zero chance of a hacker getting into my gmail account because of knowing a hash of my mtgox password.  The inconvenience and condescending nature of involuntarily locking my account when I am fully aware it won't be compromised is monumental.  Plus, it's freakin' creepy.  Every day I like gmail less and less.

HAHA such a load of cocktardism, they effectively did a huge favour/service for everyone but you would find some sort of problem with it and badmouth the shit out of them.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
aral
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
June 20, 2011, 12:29:54 AM
 #52

I got it too, and I use a completely different (and stronger) password for Gmail than my password from MtGox. Gmail's logs show no access from unusual IPs, so I assume somebody was just trying to use my MtGox password on Gmail.

Or maybe google have just been on the fucking ball on this.  I use a different password on google. I've just been made to change it though. Now I'm gonna have to change the password on a lot of other sites too.  Fucking great work guys.

Get fucked mtgox, this is massively damaging to bitcoin and frankly, inexcusable incompetence.  
done
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
June 20, 2011, 12:31:39 AM
 #53

I find it to be quite interesting that government run gmail was so quick to react to this situation
Basiley
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
June 20, 2011, 12:33:53 AM
 #54

same shit.
but what interesting, not only mtgox account-related e-mail was compromised, but e-mail, related to THIS forum, was too.
in result of e-mail-related leakage, some people, make some phonecalls[in Russian lang], in terms, related to e-mail[pretend to b careful/cunning ?].for anyone related to law Russian enforcement, can provide phone numbers.
scooter
Member
**
Offline Offline

Activity: 100
Merit: 10


View Profile
June 20, 2011, 12:35:53 AM
 #55

I use gmail for some things, but luckily not for this.  If I did, I'd be super pissed at Google right now.  I use different passwords at different sites, so there'd be zero chance of a hacker getting into my gmail account because of knowing a hash of my mtgox password.  The inconvenience and condescending nature of involuntarily locking my account when I am fully aware it won't be compromised is monumental.  Plus, it's freakin' creepy.  Every day I like gmail less and less.

I feel completely different. Forcing a password change only takes a few seconds. Just because YOU didnt use the same password elsewhere means that you are only one of the 25% who do that.. 75% of people share the same password everywhere.
This means that if google knows there is a big password breech by NOT forcing a password change they are knowingly letting people have their accounts compromised and could probably even get set up for a nasty lawsuit.

elelegzet
Hero Member
*****
Offline Offline

Activity: 749
Merit: 501


🌟 COMSA ICO: 10/02/17 🌟


View Profile
June 20, 2011, 12:39:35 AM
 #56

 No more MtGOX for 3 weeks Smiley. Hope that TH will stand this mass migration wave (two hours ago it was hot as hell and as fast as snail because of overload).
 BTW, I didn't receive any messages or notifications from Google as far as my account was compromised as well. Am I doing something wrong  Tongue? So, probably Gmail is smart enough to mention that I've changed my password just after seen strange activities on Mtgox recently (ten minutes before the final crush)...  


                               ,,,,╓╖µpp╖╖,,,,
                         ,╓g▄▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▄µ╖          ,╖
                     ,╓@▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓Ñ╖    ,@▓▌
                  ,á▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓µ╫▓▓▓▌
                ╓@▓▓▓▓▓▓▓▓▓█▓▀╜╙            '╙▀▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
              ╓▓▓▓▓▓▓▓▓█▓▀`                       ╙▀▓▓▓███████▌
             @▓▓▓▓▓▓▓█▀`            ,,,,,         ,g▓███████▀`
           ╓▓▓▓▓▓▓██▀         ,µ▄▓▓▓▓▓▓▓█▓▓▓▄@, ,@▓███████▀
          ]▓▓▓▓███▓`       ╓▄▓█▓▓▓▓▓▓▓▓▓▓▓█████████████▓╜
         ]▓▓▓▓█▓█╝       ╓▓█████▓▓▓▓▓▓▓▓▓████████████▀╜
         ▓▓▓▓███▌       ╙▓███████▓▒       "▀▓██████▀`
        ╫▓▓▓███▌          "▀████████▄        '▓██▀
        ▓█▓███▓▒            `▀████████▄,       `
       ]▓█████▌                ╙████████▓,
       ]▓█████▌                  ╙▓█▓█▓▓▓█▓╖
       ]▓█████▌                    ╙▀█▓▓▓▓▓▓▓╖
        ▓█████▓[            ,,       `▀▓▓▓▓▓▓▓▓▄
        ▓██████[            ╓@        ╙▓▓▓▓▓▓▓▓▓╖
        ╠██████▓          ╓▓▓▓▓m        ╙▓█▓▓▓▓▓█▓@
         ▓█████╜       ,g▓▓▓▓▓▓▓▓▓▄╖╖,,,╓╖▓▓██▓▓▓▓▓▓
         └▓█▓╜       ,@▓▓▓▓▓▓▓▓▓▓▓▓████████████▓▓█▀
          '"       ╓@▓▓▓▓▓▓▓▓▀▓▓▓▓█████████████▀╙        ,
                 ╓▓▓▓▓▓▓▓▓▓╜    ╙▀▀▀▀▓▓▓▀▀▀▀╜          ╓▓▓▓╖
               g▓█▓▓▓▓▓▓▓`                          ,g▓▓▓▓▓▓▓w
            ,g▓██████████▓▄,                    ,╓@▓▓█▓▓▓█▓██╜
            ▓████████████████▓▄▄p╖,,     ,,╓µ▄▄▓██████████▓╜
            ▓█████╜╙▀███████████████████████████████████▀`
            ▓██▓╜     "▀▀███████████████████████████▀╜`
            ▓▀`            ╙▀▀▀███████████████▀▀▀"
. COMSA
ICO: Oct 2 - Nov 6
█████
▄▄▄
███
███
▀▀▀
███
███
███
▀▀▀
███
███
███
█████
█████
▄▄▄▄▄
█████
█████
▀▀▀▀▀
█████
█████
█████
▀▀▀▀▀
█████
█████
█████
█████
Ramokk
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
June 20, 2011, 12:43:35 AM
 #57

I appreciate that Google is being proactive on this.

One question, though...I noticed it because my phone couldn't connect to e-mail.  When I logged in from the web site, it told me about the "suspicious activity" and had me change my password.  Had I not noticed and done this, and had someone hacked my password (not possible, since I didn't use the same password for MtGox as I did on Gmail, both were independently generated random strings), wouldn't they have just gotten to pick my "new" Gmail password when they logged in with the old one?
CorruptDropbear
Newbie
*
Offline Offline

Activity: 19
Merit: 0


View Profile
June 20, 2011, 12:44:01 AM
Last edit: June 20, 2011, 01:10:21 AM by CorruptDropbear
 #58

I can't log back into my account after changing my password.  Undecided  Thanks for Google recognizing that my account may be breached (I'm pretty sure it is, I'm having trouble logging into Facebook). Sent a "stolen account" inquiry, hopefully I'll get my account back. Oddly enough, due to cookies I can still sign into YouTube.  Grin


EDIT: And after all this time I work out that the password leaked is the one that I made using KeePass, not my "ehh put in a password" password. Yay! I think.
AllYourBase
Full Member
***
Offline Offline

Activity: 138
Merit: 100


View Profile
June 20, 2011, 01:17:26 AM
 #59

I use gmail for some things, but luckily not for this.  If I did, I'd be super pissed at Google right now.  I use different passwords at different sites, so there'd be zero chance of a hacker getting into my gmail account because of knowing a hash of my mtgox password.  The inconvenience and condescending nature of involuntarily locking my account when I am fully aware it won't be compromised is monumental.  Plus, it's freakin' creepy.  Every day I like gmail less and less.

I feel completely different. Forcing a password change only takes a few seconds. Just because YOU didnt use the same password elsewhere means that you are only one of the 25% who do that.. 75% of people share the same password everywhere.
This means that if google knows there is a big password breech by NOT forcing a password change they are knowingly letting people have their accounts compromised and could probably even get set up for a nasty lawsuit.


Well you're probably right that 75% or more of people reuse passwords across sites.  However, I resent suffering just because a bunch of people have the same locks on their house, car, and work, and hung their keys up on the outside of their cubicle.  I guess gmail is just for people who need the hand holding since they are too lazy to use basic security.   
nereer
Member
**
Offline Offline

Activity: 84
Merit: 10


Why settle for the lesser evil?


View Profile
June 20, 2011, 01:33:14 AM
 #60

I would just like to say thanks to Mike and the google people for doing this. I didn't have the same password for google, so I was fine but I am glad you had the sense to take the necessary steps to mitigate the danger of a wider breach.

edit: oh and super pissed with mtgox right now. what kind of a dog and pony show are they running over there?

If you agree that Bitcoin needs a dedicated Q & A site please sign up for the Bitcoin StackExchange site!
Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!