ShakeIt (OP)
Newbie
Offline
Activity: 21
Merit: 0
|
|
August 10, 2017, 03:15:04 PM |
|
My account StewieG https://bitcointalk.org/index.php?action=profile;u=133434 was hacked, the hacker even changed the Avatar. Is this a coincident that there is another thread where someones account was hacked? My guess is that the attacker got the password from the bitcointalk hack. I had a BTC address on it which was now deleted by the attacker, the address is a few years old and was attached to my account for years. If you can tell me the address, because I don't remember it, I can find the key to it and sign a message. Would I then be able to recover the account? PLZ help
|
|
|
|
hilariousetc
Legendary
Offline
Activity: 2912
Merit: 3050
Join the world-leading crypto sportsbook NOW!
|
|
August 10, 2017, 03:40:35 PM |
|
Contact theymos or Cyrus. They can restore deleted posts so if you can still sign a message from the address you should be fine.
|
|
|
|
ShakeIt (OP)
Newbie
Offline
Activity: 21
Merit: 0
|
|
August 10, 2017, 04:00:15 PM |
|
Contact theymos or Cyrus. They can restore deleted posts so if you can still sign a message from the address you should be fine.
I contacted theymos and also contacted Cyrus now, thanks.
|
|
|
|
|
ShakeIt (OP)
Newbie
Offline
Activity: 21
Merit: 0
|
|
August 10, 2017, 06:03:27 PM |
|
I have found my key, is there any admin I can talk to? Until now no admin answered me.
|
|
|
|
DreamweaverVCC
Jr. Member
Offline
Activity: 56
Merit: 10
|
|
August 10, 2017, 06:59:03 PM |
|
same too :/ my account got hacked too :/ Username : jylee1997123
|
|
|
|
TetraFugolini
Member
Offline
Activity: 78
Merit: 10
Linux Geek
|
|
August 10, 2017, 07:10:43 PM |
|
Hello guys, how did your accounts get hacked? Sorry for your loss, I hope everything gets resolved quickly.
|
|
|
|
ShakeIt (OP)
Newbie
Offline
Activity: 21
Merit: 0
|
|
August 10, 2017, 07:32:12 PM Last edit: August 10, 2017, 08:09:46 PM by ShakeIt |
|
Question, bitcointalk got hacked in 2015. Did you guys change your password afterwards? I am not sure if I did... Maybe I did not. But still, as far as I can see the passwords were hashed with sha256 and my password is not exactly easily guessable and was 17 characters long. So I kind of doubt someone cracked the password.... So how did he get my account? I am 100% sure my computer is not infected with any kind of malware. Also I can see my avatar was changed and my personal infos like signature and BTC address was deleted. I am not sure what to make of it but I would rather say this was a personal attack as I have made some enemies here. Still I am not sure how my account got hacked. Also theymos is not answering on my request to change my email so I can recover my account. Maybe he can tell me if there were multiple login tries into my account. Also the ip address used for the login of the attacker would be helpful, maybe in case they save the html header we can find out if the attacker is using an automated script or not. The user agent would be at least an indicator for how he is doing it. Update: My password does not appear to have been reused somewhere else according to https://haveibeenpwned.com/Passwords
|
|
|
|
BitcoinSupremo
|
|
August 10, 2017, 08:10:38 PM |
|
You need to sign a message from your old btc address you did have on your profile from a long time. Sign a message through your wallet and contact some forum administration staff. hilariousandco https://bitcointalk.org/index.php?action=profile;u=164822 can recover your account I believe. Theymos is too busy and recovering accounts is not one of his priorities he has explained before. Sorry that your account got hacked.
|
|
|
|
ShakeIt (OP)
Newbie
Offline
Activity: 21
Merit: 0
|
|
August 10, 2017, 08:15:12 PM |
|
You need to sign a message from your old btc address you did have on your profile from a long time. Sign a message through your wallet and contact some forum administration staff. hilariousandco https://bitcointalk.org/index.php?action=profile;u=164822 can recover your account I believe. Theymos is too busy and recovering accounts is not one of his priorities he has explained before. Sorry that your account got hacked. I did that already, so far I have not received a reply. I really want to figure out how this happened. This is so strange... I almost suspect someone on the forum with higher privileges changed my account. I am not saying this is what happened but this is the most likely explanation I can come up with right now.
|
|
|
|
BitcoinSupremo
|
|
August 10, 2017, 08:21:41 PM |
|
You need to sign a message from your old btc address you did have on your profile from a long time. Sign a message through your wallet and contact some forum administration staff. hilariousandco https://bitcointalk.org/index.php?action=profile;u=164822 can recover your account I believe. Theymos is too busy and recovering accounts is not one of his priorities he has explained before. Sorry that your account got hacked. I did that already, so far I have not received a reply. I really want to figure out how this happened. This is so strange... I almost suspect someone on the forum with higher privileges changed my account. I am not saying this is what happened but this is the most likely explanation I can come up with right now. That is highly unlikely that someone with higher privileges changed your account, that has never happened before. Post here the message and signature you signed from your wallet and then contact hilariousandco like I said above. I am not seeing any signed message here from the address you say you had from a long time.
|
|
|
|
ShakeIt (OP)
Newbie
Offline
Activity: 21
Merit: 0
|
|
August 10, 2017, 08:29:57 PM |
|
This is the message i sent to hilariousandco : --------------------------------------------------------------------------------------------------------- Hey man I see you are online and I have an urgent request. My account got hacked and I created this thread: https://bitcointalk.org/index.php?topic=2078374.0I already sent this message to theymos but he is not responding: ------------------------------------------------ My account StewieG has been hacked/lost. Please reset the email to xxxx The current date is 10.08.2017 I have signed the text above with the following key. Address: 19YnGfADyDQpzVHTjR5Zh1uL8uhSfiofU7 Signature: xxx The Address was listed on my account for years and has only been changed after my account was hacked yesterday or today. You can find the proof that I had attached the address to my account here: https://web.archive.org/web/20140406104608/https://bitcointalk.org/index.php?action=profile;u=133434------------------------------------------------ Please recover my account or help me out somehow, it is really urgent ------------------------------------------------------------------------------------------------------------ I edited the email and signature due to privacy concerns, here is a valid signature with the same key: Text: https://bitcointalk.org/index.php?topic=2078374.msg20770023#msg20770023Signature: IK9zdz9a5ie3MV7bBYqcBA/ZUs98W5FXLrm14EjrGhpRbGzXWQlg7rTGCEpsrUT8iwk/UwDaioao9yOWPXo4+jU=
|
|
|
|
BitcoinSupremo
|
|
August 10, 2017, 08:35:39 PM |
|
If the signed message is correct you just have to wait now and hope for the best. I am sure the forum administration will help anyone in your position as long as they can sign a message from an old and staked address of theirs.
|
|
|
|
ShakeIt (OP)
Newbie
Offline
Activity: 21
Merit: 0
|
|
August 10, 2017, 08:42:07 PM |
|
Rcovering the account is not even my main priority. I want to know how the attacker got control over it. Since I doubt my computer is infected and I only login via one computer this is a pretty scary situation. So yeah I would need the cooperation of an admin in order to find out how this happened.
|
|
|
|
BitcoinSupremo
|
|
August 10, 2017, 08:46:05 PM |
|
Rcovering the account is not even my main priority. I want to know how the attacker got control over it. Since I doubt my computer is infected and I only login via one computer this is a pretty scary situation. So yeah I would need the cooperation of an admin in order to find out how this happened.
I am afraid the forum administration can only help you to recover your account and it is out of their control to help you find out how your account got hacked. Probably it was when the database of the forum was hacked about 2 years ago. Based on your facts that your PC is clean and you log in via only one computer it is the leaked database of the forum that made your account hacked, this database was being sold in the dark web, accessible through TOR browser in different black markets there.
|
|
|
|
ShakeIt (OP)
Newbie
Offline
Activity: 21
Merit: 0
|
|
August 10, 2017, 08:51:29 PM |
|
Yes but the password was 17 char long and the password was sha256 hashed and I don't think the attacker cracked it, at least it is not likely.... The admin could tell me if the attacker knew the password and just logged in, he could give the ip addresses of the attacker and he could look if the account was overtaken by the password recovery function. Then I would if the attacker maybe has access to the email address or if he knew the secret recovery question/answer...
|
|
|
|
BitcoinSupremo
|
|
August 10, 2017, 08:55:01 PM |
|
Yes but the password was 17 char long and the password was sha256 hashed and I don't think the attacker cracked it, at least it is not likely.... The admin could tell me if the attacker knew the password and just logged in, he could give the ip addresses of the attacker and he could look if the account was overtaken by the password recovery function. Then I would if the attacker maybe has access to the email address or if he knew the secret recovery question/answer...
You are not understanding. That leaked database was sold several times on darkweb, it had all the passwords exposed so the guy who hacked your account probably bought that list in the darkweb. He didn't need anything to crack, he got the password from the list, he just logged in into your account and changed email password and everything. This happened to many accounts but they were recovered with a signed message.
|
|
|
|
ShakeIt (OP)
Newbie
Offline
Activity: 21
Merit: 0
|
|
August 10, 2017, 09:00:55 PM |
|
The passwords were in cleartext?! WTF?! Okay still the admin could tell me if I changed my password after the hack occured. If you could pm me where I can find the database so I can lookup if the password is exposed or not and still the same, i would be thankful. And the ipaddress would be nice to have, also the http header on login if available. Funny thing is the attacker changed the avatar. It shows part of the mad hatter hat now. Anybody else has seen this behaviour before? Has this any meaning? Is this his "signature"?
|
|
|
|
BitcoinSupremo
|
|
August 10, 2017, 09:06:37 PM |
|
The passwords were in cleartext?! WTF?! Okay still the admin could tell me if I changed my password after the hack occured. If you could pm me where I can find the database so I can lookup if the password is exposed or not and still the same, i would be thankful. And the ipaddress would be nice to have, also the http header on login if available. Funny thing is the attacker changed the avatar. It shows part of the mad hatter hat now. Anybody else has seen this behaviour before? Has this any meaning? Is this his "signature"? Yes it was in cleartext, thats what a leaked database means. Admin has no responsibility for your account, only you are responsible for your account and for safeguarding it. The database is from long gone now but you might give a shot and try to search in the black markets using TOR browser (for how to do that use google ,it is very long for me to explain it to you here). Its past 11 pm here in Italy so I am going to sleep. Take your time and be patient.
|
|
|
|
ShakeIt (OP)
Newbie
Offline
Activity: 21
Merit: 0
|
|
August 10, 2017, 09:14:41 PM |
|
The passwords were in cleartext?! WTF?! Okay still the admin could tell me if I changed my password after the hack occured. If you could pm me where I can find the database so I can lookup if the password is exposed or not and still the same, i would be thankful. And the ipaddress would be nice to have, also the http header on login if available. Funny thing is the attacker changed the avatar. It shows part of the mad hatter hat now. Anybody else has seen this behaviour before? Has this any meaning? Is this his "signature"? Yes it was in cleartext, thats what a leaked database means. Admin has no responsibility for your account, only you are responsible for your account and for safeguarding it. The database is from long gone now but you might give a shot and try to search in the black markets using TOR browser (for how to do that use google ,it is very long for me to explain it to you here). Its past 11 pm here in Italy so I am going to sleep. Take your time and be patient. A leaked database doesn't necessarily mean that the passwords are in cleartext, it only means that the Database is leaked. Normally the passwords are hashed and you need to crack them first. Just FYI^^ Good night and thx for support.
|
|
|
|
|