Bitcoin Forum
December 05, 2016, 08:55:21 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Hacker Had Access for 3 Days?!  (Read 3383 times)
Shinobi
Full Member
***
Offline Offline

Activity: 196


View Profile
June 19, 2011, 09:48:23 PM
 #1

According to @sirus on Twitter:

"hacker asking for hash cracks from the mtgox user db since the 16th had access for at least 3 days: http://t.co/c8FEfAu"





_______
Thinking of using a cheap, yet reliable VPN? Go with PrivateInternetAccess. Not a referral link. Just a satisfied customer!
1480971321
Hero Member
*
Offline Offline

Posts: 1480971321

View Profile Personal Message (Offline)

Ignore
1480971321
Reply with quote  #2

1480971321
Report to moderator
1480971321
Hero Member
*
Offline Offline

Posts: 1480971321

View Profile Personal Message (Offline)

Ignore
1480971321
Reply with quote  #2

1480971321
Report to moderator
1480971321
Hero Member
*
Offline Offline

Posts: 1480971321

View Profile Personal Message (Offline)

Ignore
1480971321
Reply with quote  #2

1480971321
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480971321
Hero Member
*
Offline Offline

Posts: 1480971321

View Profile Personal Message (Offline)

Ignore
1480971321
Reply with quote  #2

1480971321
Report to moderator
bitcoinconnection
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 19, 2011, 09:54:32 PM
 #2

I wonder how much damage has been done. Maybe we will find out tomorrow?






Lookie Here 1MXgbEABic6Up7e3SzHrmkdQTTSRpuUAxY

Get 10% discount for Life and up to 5% for referral
BitcoinConnection.com for the latest news on Bitcoins
Durr
Newbie
*
Offline Offline

Activity: 28


View Profile
June 19, 2011, 09:56:03 PM
 #3

Sucks for all those that got hacked anyway. It won't get rollbacked 3 days will it? Nope.

Help this puppy survive: http://larrycorreia.files.wordpress.com/2011/06/mr-snuggles.jpg

Donate to 1Gvzk3L3oLjeK5m6y4B82kFvLEZbqQnUWs
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 19, 2011, 09:57:44 PM
 #4

Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
EconomicOracle
Member
**
Offline Offline

Activity: 71

I can predict the future! Bitcoin will success!!!!


View Profile
June 19, 2011, 09:58:33 PM
 #5

So it was George Clooney all along. You'd think he has more money than he needs. But I guess not...

GOOOOOOOOOOO BITCOINS!!!!!!!!!!!!!!!
Edit: Oops. Just fixed a typo. It should be GO (like GO TEAM!) and not GOOB
Edit2: Just checked the dictionary and goob is not a word
MyFarm
Hero Member
*****
Offline Offline

Activity: 840


View Profile
June 19, 2011, 10:00:08 PM
 #6

Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.
detroit
Member
**
Offline Offline

Activity: 70


View Profile
June 19, 2011, 10:01:59 PM
 #7

Where's that?

Tradehill.com referral code: TH-R1494
Please consider using it if I've said something useful!
dust
Hero Member
*****
Offline Offline

Activity: 840



View Profile WWW
June 19, 2011, 10:03:54 PM
 #8

Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.
Source?  I find this hard to believe.  I have only seen a file with around ~400 passwords cracked (only the few that were using unsalted md5)

Cryptocoin Mining Info | OTC | PGP | Twitter | freenode: dust-otc | BTC: 1F6fV4U2xnpAuKtmQD6BWpK3EuRosKzF8U
proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
June 19, 2011, 10:04:35 PM
 #9

Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.

Link to it please.  I'd really like to see if they got my password right.
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 19, 2011, 10:05:23 PM
 #10

Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.

BS
Source?
Proof?

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
tito13kfm
Jr. Member
*
Offline Offline

Activity: 42



View Profile
June 19, 2011, 10:05:47 PM
 #11

Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.

The vast majority of unsafe passwords are certainly cracked.  Not all of them have been.  It's simply not feasible to crack mine in any reasonable length of time.

speeder
Hero Member
*****
Offline Offline

Activity: 546



View Profile
June 19, 2011, 10:06:45 PM
 #12

Someone PMed me my two passwords.

Both were salted, and both were long and a mix of nondict words with numbers.

Uzza
Jr. Member
*
Offline Offline

Activity: 35


View Profile
June 19, 2011, 10:25:20 PM
 #13

I find it hard to believe they brute-forced my password, along with all the rest, as it is long and secure.
A good password should be at least 15 alphanumeric characters, which at 1 billion comparisons a seconds takes 7 million years to test all combinations. It would take a humongous amount of computing power to crack that in a few days, even if you split it up amongst tens of millions of machines.
And that's just for one 15 character length password, and each character adds 36 times the number of combinations.
If you're using non-alphanumeric characters, like @,$ etc it takes exponentially longer to crack.

Bitcoin Address: 1NuGyFgVsNk3pcbUcExvqhHxtLY6QTyHUd
tito13kfm
Jr. Member
*
Offline Offline

Activity: 42



View Profile
June 19, 2011, 10:56:00 PM
 #14

The funny/scary part about this.  Until 3 days ago my mtgox password was short and easy to crack (9 characters, dict word+numbers).  I don't know why I changed it.. I just did.  This DB leak is from after that password change.  I can verify that my new password + listed salt md5'd is the hash listed.

It had to be from 56 hours ago or sooner.  I installed google chrome after the CSRF scare, and the first thing I did with it was change my password.  This was exactly 56 hours ago.

DeiBellum
Newbie
*
Offline Offline

Activity: 22


View Profile
June 19, 2011, 11:01:06 PM
 #15

Well, a 10length password (mix alpha-num-special) @ 33.1 BPS (Billion passwords a second) will take 226 hrs on 1000 machines running my password. ALSO, to get this speed, each machine needs 4 ATI 5970's.

I think mine is safe for a while.

If you like what I have posted please donate Smiley
1J5cNFGrTZPAWXhGDDkESWRQwtR5k5KbLw
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
June 19, 2011, 11:15:06 PM
 #16

Someone PMed me my two passwords.

Both were salted, and both were long and a mix of nondict words with numbers.

This simply isn't possible to have happened because of the leaked password file.  If someone found a way to reverse md5_crypt, or the quickly search the keyspace for non-trivial passwords, they would use it to make some real money, or maybe earn their PHD in mathematics.

Do you use the same passwords on any other sites?

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
mr-sk
Member
**
Offline Offline

Activity: 67



View Profile WWW
June 19, 2011, 11:50:07 PM
 #17

Quote
This simply isn't possible to have happened because of the leaked password file.  If someone found a way to reverse md5_crypt, or the quickly search the keyspace for non-trivial passwords, they would use it to make some real money, or maybe earn their PHD in mathematics.

Do you use the same passwords on any other sites?

If md5 is broke the planet would implode. heh. Yeah, I don't think anyone cracked your one-way hashed number+non-dict password. I call impossible.

Botcoin - An Open Source PHP Bitcoin bot for retrieving market data.
Enjoy it, please donate: 1K2JWmpd75ehXxco1SWtGLaceQsRytpyEv
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
June 19, 2011, 11:55:39 PM
 #18

Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.
I call lies.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!