Bitcoin Forum
November 09, 2024, 05:40:12 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Hacker Had Access for 3 Days?!  (Read 3619 times)
Shinobi (OP)
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
June 19, 2011, 09:48:23 PM
 #1

According to @sirus on Twitter:

"hacker asking for hash cracks from the mtgox user db since the 16th had access for at least 3 days: http://t.co/c8FEfAu"





_______
Thinking of using a cheap, yet reliable VPN? Go with PrivateInternetAccess. Not a referral link. Just a satisfied customer!
bitcoinconnection
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
June 19, 2011, 09:54:32 PM
 #2

I wonder how much damage has been done. Maybe we will find out tomorrow?






Lookie Here 1MXgbEABic6Up7e3SzHrmkdQTTSRpuUAxY

Get 10% discount for Life and up to 5% for referral
BitcoinConnection.com for the latest news on Bitcoins
Durr
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
June 19, 2011, 09:56:03 PM
 #3

Sucks for all those that got hacked anyway. It won't get rollbacked 3 days will it? Nope.
Bit_Happy
Legendary
*
Offline Offline

Activity: 2114
Merit: 1040


A Great Time to Start Something!


View Profile
June 19, 2011, 09:57:44 PM
 #4

Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...

EconomicOracle
Member
**
Offline Offline

Activity: 71
Merit: 10

I can predict the future! Bitcoin will success!!!!


View Profile
June 19, 2011, 09:58:33 PM
 #5

So it was George Clooney all along. You'd think he has more money than he needs. But I guess not...

GOOOOOOOOOOO BITCOINS!!!!!!!!!!!!!!!
Edit: Oops. Just fixed a typo. It should be GO (like GO TEAM!) and not GOOB
Edit2: Just checked the dictionary and goob is not a word
MyFarm
Hero Member
*****
Offline Offline

Activity: 854
Merit: 1000


View Profile
June 19, 2011, 10:00:08 PM
 #6

Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.
detroit
Member
**
Offline Offline

Activity: 69
Merit: 10


View Profile
June 19, 2011, 10:01:59 PM
 #7

Where's that?

Tradehill.com referral code: TH-R1494
Please consider using it if I've said something useful!
dust
Hero Member
*****
Offline Offline

Activity: 840
Merit: 1000



View Profile WWW
June 19, 2011, 10:03:54 PM
 #8

Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.
Source?  I find this hard to believe.  I have only seen a file with around ~400 passwords cracked (only the few that were using unsalted md5)

Cryptocoin Mining Info | OTC | PGP | Twitter | freenode: dust-otc | BTC: 1F6fV4U2xnpAuKtmQD6BWpK3EuRosKzF8U
proudhon
Legendary
*
Offline Offline

Activity: 2198
Merit: 1311



View Profile
June 19, 2011, 10:04:35 PM
 #9

Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.

Link to it please.  I'd really like to see if they got my password right.

Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
Bit_Happy
Legendary
*
Offline Offline

Activity: 2114
Merit: 1040


A Great Time to Start Something!


View Profile
June 19, 2011, 10:05:23 PM
 #10

Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.

BS
Source?
Proof?

tito13kfm
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
June 19, 2011, 10:05:47 PM
 #11

Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.

The vast majority of unsafe passwords are certainly cracked.  Not all of them have been.  It's simply not feasible to crack mine in any reasonable length of time.
speeder
Hero Member
*****
Offline Offline

Activity: 994
Merit: 501


PredX - AI-Powered Prediction Market


View Profile
June 19, 2011, 10:06:45 PM
 #12

Someone PMed me my two passwords.

Both were salted, and both were long and a mix of nondict words with numbers.

Uzza
Newbie
*
Offline Offline

Activity: 35
Merit: 0


View Profile
June 19, 2011, 10:25:20 PM
Last edit: June 19, 2011, 11:05:57 PM by Uzza
 #13

I find it hard to believe they brute-forced my password, along with all the rest, as it is long and secure.
A good password should be at least 15 alphanumeric characters, which at 1 billion comparisons a seconds takes 7 million years to test all combinations. It would take a humongous amount of computing power to crack that in a few days, even if you split it up amongst tens of millions of machines.
And that's just for one 15 character length password, and each character adds 36 times the number of combinations.
If you're using non-alphanumeric characters, like @,$ etc it takes exponentially longer to crack.
tito13kfm
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
June 19, 2011, 10:56:00 PM
 #14

The funny/scary part about this.  Until 3 days ago my mtgox password was short and easy to crack (9 characters, dict word+numbers).  I don't know why I changed it.. I just did.  This DB leak is from after that password change.  I can verify that my new password + listed salt md5'd is the hash listed.

It had to be from 56 hours ago or sooner.  I installed google chrome after the CSRF scare, and the first thing I did with it was change my password.  This was exactly 56 hours ago.
DeiBellum
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
June 19, 2011, 11:01:06 PM
 #15

Well, a 10length password (mix alpha-num-special) @ 33.1 BPS (Billion passwords a second) will take 226 hrs on 1000 machines running my password. ALSO, to get this speed, each machine needs 4 ATI 5970's.

I think mine is safe for a while.
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1026



View Profile
June 19, 2011, 11:15:06 PM
 #16

Someone PMed me my two passwords.

Both were salted, and both were long and a mix of nondict words with numbers.

This simply isn't possible to have happened because of the leaked password file.  If someone found a way to reverse md5_crypt, or the quickly search the keyspace for non-trivial passwords, they would use it to make some real money, or maybe earn their PHD in mathematics.

Do you use the same passwords on any other sites?

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
mr-sk
Member
**
Offline Offline

Activity: 117
Merit: 10


View Profile
June 19, 2011, 11:50:07 PM
 #17

Quote
This simply isn't possible to have happened because of the leaked password file.  If someone found a way to reverse md5_crypt, or the quickly search the keyspace for non-trivial passwords, they would use it to make some real money, or maybe earn their PHD in mathematics.

Do you use the same passwords on any other sites?

If md5 is broke the planet would implode. heh. Yeah, I don't think anyone cracked your one-way hashed number+non-dict password. I call impossible.

Telegram
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
June 19, 2011, 11:55:39 PM
 #18

Secure hashes cannot be cracked. You cannot login with the info being spread on Rapidshare.
The trolls are back in town...
There is already a file going around with every email and plain text password.  They have ALL already been cracked.
I call lies.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!