Bitcoin Forum
November 19, 2017, 02:41:20 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: My Account was hacked too  (Read 1673 times)
ShakeIt
Newbie
*
Offline Offline

Activity: 21


View Profile
August 10, 2017, 03:15:04 PM
 #1

My account StewieG https://bitcointalk.org/index.php?action=profile;u=133434 was hacked, the hacker even changed the Avatar. Is this a coincident that there is another thread where someones account was hacked? My guess is that the attacker got the password from the bitcointalk hack.
I had a BTC address on it which was now deleted by the attacker, the address is a few years old and was attached to my account for years. If you can tell me the address, because I don't remember it, I can find the key to it and sign a message. Would I then be able to recover the account?  PLZ help
1511102480
Hero Member
*
Offline Offline

Posts: 1511102480

View Profile Personal Message (Offline)

Ignore
1511102480
Reply with quote  #2

1511102480
Report to moderator
1511102480
Hero Member
*
Offline Offline

Posts: 1511102480

View Profile Personal Message (Offline)

Ignore
1511102480
Reply with quote  #2

1511102480
Report to moderator
1511102480
Hero Member
*
Offline Offline

Posts: 1511102480

View Profile Personal Message (Offline)

Ignore
1511102480
Reply with quote  #2

1511102480
Report to moderator
Join ICO Now Coinlancer is Disrupting the Freelance marketplace!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511102480
Hero Member
*
Offline Offline

Posts: 1511102480

View Profile Personal Message (Offline)

Ignore
1511102480
Reply with quote  #2

1511102480
Report to moderator
hilariousetc
Hero Member
*****
Offline Offline

Activity: 672


Need a Campaign Manager? --> https://goo.gl/RCaXQk


View Profile
August 10, 2017, 03:40:35 PM
 #2

Contact theymos or Cyrus. They can restore deleted posts so if you can still sign a message from the address you should be fine.

ShakeIt
Newbie
*
Offline Offline

Activity: 21


View Profile
August 10, 2017, 04:00:15 PM
 #3

Contact theymos or Cyrus. They can restore deleted posts so if you can still sign a message from the address you should be fine.

I contacted theymos and also contacted Cyrus now, thanks.
ShakeIt
Newbie
*
Offline Offline

Activity: 21


View Profile
August 10, 2017, 04:37:16 PM
 #4

Okay here is proof of the address I had on my profile:

https://web.archive.org/web/20170114091900/https://bitcointalk.org/index.php?action=profile;u=133434

I have had it there for years as you can see. I will try to find the key to the address and post a signature here. I hope an admin can reset my password then... Until now no admin replied to my messages.  Undecided
ShakeIt
Newbie
*
Offline Offline

Activity: 21


View Profile
August 10, 2017, 06:03:27 PM
 #5

I have found my key, is there any admin I can talk to? Until now no admin answered me.
DreamweaverVCC
Member
**
Offline Offline

Activity: 109


View Profile
August 10, 2017, 06:59:03 PM
 #6

same too :/ my account got hacked too :/ Username : jylee1997123

1FEDiK5X9KyZdyNm3PNsWe75igypiY79df
TetraFugolini
Member
**
Offline Offline

Activity: 77

Linux Geek


View Profile
August 10, 2017, 07:10:43 PM
 #7

Hello guys, how did your accounts get hacked? Sorry for your loss, I hope everything gets resolved quickly.
ShakeIt
Newbie
*
Offline Offline

Activity: 21


View Profile
August 10, 2017, 07:32:12 PM
 #8

Question, bitcointalk got hacked in 2015. Did you guys change your password afterwards? I am not sure if I did... Maybe I did not.
But still, as far as I can see the passwords were hashed with sha256 and my password is not exactly easily guessable and was 17 characters long. So I kind of doubt someone cracked the password.... So how did he get my account? I am 100% sure my computer is not infected with any kind of malware.
Also I can see my avatar was changed and my personal infos like signature and BTC address was deleted. I am not sure what to make of it but I would rather say this was a personal attack as I have made some enemies here. Still I am not sure how my account got hacked. Also theymos is not answering on my request to change my email so I can recover my account.
Maybe he can tell me if there were multiple login tries into my account. Also the ip address used for the login of the attacker would be helpful, maybe in case they save the html header we can find out if the attacker is using an automated script or not. The user agent would be at least an indicator for how he is doing it.
Update: My password does not appear to have been reused somewhere else according to https://haveibeenpwned.com/Passwords
BitcoinSupremo
Hero Member
*****
Offline Offline

Activity: 658


★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
August 10, 2017, 08:10:38 PM
 #9

You need to sign a message from your old btc address you did have on your profile from a long time. Sign a message through your wallet and contact some forum administration staff.

hilariousandco https://bitcointalk.org/index.php?action=profile;u=164822  can recover your account I believe.

Theymos is too busy and recovering accounts is not one of his priorities he has explained before. Sorry that your account got hacked.

ShakeIt
Newbie
*
Offline Offline

Activity: 21


View Profile
August 10, 2017, 08:15:12 PM
 #10

You need to sign a message from your old btc address you did have on your profile from a long time. Sign a message through your wallet and contact some forum administration staff.

hilariousandco https://bitcointalk.org/index.php?action=profile;u=164822  can recover your account I believe.

Theymos is too busy and recovering accounts is not one of his priorities he has explained before. Sorry that your account got hacked.

I did that already, so far I have not received a reply. I really want to figure out how this happened. This is so strange... I almost suspect someone on the forum with higher privileges changed my account. I am not saying this is what happened but this is the most likely explanation I can come up with right now.
BitcoinSupremo
Hero Member
*****
Offline Offline

Activity: 658


★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
August 10, 2017, 08:21:41 PM
 #11

You need to sign a message from your old btc address you did have on your profile from a long time. Sign a message through your wallet and contact some forum administration staff.

hilariousandco https://bitcointalk.org/index.php?action=profile;u=164822  can recover your account I believe.

Theymos is too busy and recovering accounts is not one of his priorities he has explained before. Sorry that your account got hacked.

I did that already, so far I have not received a reply. I really want to figure out how this happened. This is so strange... I almost suspect someone on the forum with higher privileges changed my account. I am not saying this is what happened but this is the most likely explanation I can come up with right now.

That is highly unlikely that someone with higher privileges changed your account, that has never happened before. Post here the message and signature you signed from your wallet and then contact hilariousandco like I said above. I am not seeing any signed message here from the address you say you had from a long time.

ShakeIt
Newbie
*
Offline Offline

Activity: 21


View Profile
August 10, 2017, 08:29:57 PM
 #12

This is the message i sent to hilariousandco :
---------------------------------------------------------------------------------------------------------

Hey man I see you are online and I have an urgent request. My account got hacked and I created this thread: https://bitcointalk.org/index.php?topic=2078374.0

I already sent this message to theymos but he is not responding:
------------------------------------------------
My account StewieG has been hacked/lost. Please reset the email to xxxx The current date is 10.08.2017

I have signed the text above with the following key.
Address:
19YnGfADyDQpzVHTjR5Zh1uL8uhSfiofU7

Signature:
xxx

The Address was listed on my account for years and has only been changed after my account was hacked yesterday or today. You can find the proof that I had attached the address to my account here:
https://web.archive.org/web/20140406104608/https://bitcointalk.org/index.php?action=profile;u=133434

------------------------------------------------

Please recover my account or help me out somehow, it is really urgent
------------------------------------------------------------------------------------------------------------

I edited the email and signature due to privacy concerns, here is a valid signature with the same key:

Text: https://bitcointalk.org/index.php?topic=2078374.msg20770023#msg20770023
Signature: IK9zdz9a5ie3MV7bBYqcBA/ZUs98W5FXLrm14EjrGhpRbGzXWQlg7rTGCEpsrUT8iwk/UwDaioao9yOWPXo4+jU=
BitcoinSupremo
Hero Member
*****
Offline Offline

Activity: 658


★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
August 10, 2017, 08:35:39 PM
 #13

If the signed message is correct you just have to wait now and hope for the best. I am sure the forum administration will help anyone in your position as long as they can sign a message from an old and staked address of theirs.

ShakeIt
Newbie
*
Offline Offline

Activity: 21


View Profile
August 10, 2017, 08:42:07 PM
 #14

Rcovering the account is not even my main priority. I want to know how the attacker got control over it. Since I doubt my computer is infected and I only login via one computer this is a pretty scary situation. So yeah I would need the cooperation of an admin in order to find out how this happened.
BitcoinSupremo
Hero Member
*****
Offline Offline

Activity: 658


★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
August 10, 2017, 08:46:05 PM
 #15

Rcovering the account is not even my main priority. I want to know how the attacker got control over it. Since I doubt my computer is infected and I only login via one computer this is a pretty scary situation. So yeah I would need the cooperation of an admin in order to find out how this happened.

I am afraid the forum administration can only help you to recover your account and it is out of their control to help you find out how your account got hacked. Probably it was when the database of the forum was hacked about 2 years ago. Based on your facts that your PC is clean and you log in via only one computer it is the leaked database of the forum that made your account hacked, this database was being sold in the dark web, accessible through TOR browser in different black markets there.

ShakeIt
Newbie
*
Offline Offline

Activity: 21


View Profile
August 10, 2017, 08:51:29 PM
 #16

Yes but the password was 17 char long and the password was sha256 hashed and I don't think the attacker cracked it, at least it is not likely.... The admin could tell me if the attacker knew the password and just logged in, he could give the ip addresses of the attacker and he could look if the account was overtaken by the password recovery function. Then I would if the attacker maybe has access to the email address or if he knew the secret recovery question/answer...
BitcoinSupremo
Hero Member
*****
Offline Offline

Activity: 658


★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
August 10, 2017, 08:55:01 PM
 #17

Yes but the password was 17 char long and the password was sha256 hashed and I don't think the attacker cracked it, at least it is not likely.... The admin could tell me if the attacker knew the password and just logged in, he could give the ip addresses of the attacker and he could look if the account was overtaken by the password recovery function. Then I would if the attacker maybe has access to the email address or if he knew the secret recovery question/answer...

You are not understanding. That leaked database was sold several times on darkweb, it had all the passwords exposed so the guy who hacked your account probably bought that list in the darkweb. He didn't need anything to crack, he got the password from the list, he just logged in into your account and changed email password and everything. This happened to many accounts but they were recovered with a signed message.

ShakeIt
Newbie
*
Offline Offline

Activity: 21


View Profile
August 10, 2017, 09:00:55 PM
 #18

The passwords were in cleartext?! WTF?! Okay still the admin could tell me if I changed my password after the hack occured. If you could pm me where I can find the database so I can lookup if the password is exposed or not and still the same, i would be thankful.

And the ipaddress would be nice to have, also the http header on login if available. Funny thing is the attacker changed the avatar. It shows part of the mad hatter hat now. Anybody else has seen this behaviour before? Has this any meaning? Is this his "signature"?  Huh
BitcoinSupremo
Hero Member
*****
Offline Offline

Activity: 658


★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
August 10, 2017, 09:06:37 PM
 #19

The passwords were in cleartext?! WTF?! Okay still the admin could tell me if I changed my password after the hack occured. If you could pm me where I can find the database so I can lookup if the password is exposed or not and still the same, i would be thankful.

And the ipaddress would be nice to have, also the http header on login if available. Funny thing is the attacker changed the avatar. It shows part of the mad hatter hat now. Anybody else has seen this behaviour before? Has this any meaning? Is this his "signature"?  Huh

Yes it was in cleartext, thats what a leaked database means. Admin has no responsibility for your account, only you are responsible for your account and for safeguarding it. The database is from long gone now but you might give a shot and try to search in the black markets using TOR browser (for how to do that use google ,it is very long for me to explain it to you here).

Its past 11 pm here in Italy so I am going to sleep. Take your time and be patient.

ShakeIt
Newbie
*
Offline Offline

Activity: 21


View Profile
August 10, 2017, 09:14:41 PM
 #20

The passwords were in cleartext?! WTF?! Okay still the admin could tell me if I changed my password after the hack occured. If you could pm me where I can find the database so I can lookup if the password is exposed or not and still the same, i would be thankful.

And the ipaddress would be nice to have, also the http header on login if available. Funny thing is the attacker changed the avatar. It shows part of the mad hatter hat now. Anybody else has seen this behaviour before? Has this any meaning? Is this his "signature"?  Huh

Yes it was in cleartext, thats what a leaked database means. Admin has no responsibility for your account, only you are responsible for your account and for safeguarding it. The database is from long gone now but you might give a shot and try to search in the black markets using TOR browser (for how to do that use google ,it is very long for me to explain it to you here).

Its past 11 pm here in Italy so I am going to sleep. Take your time and be patient.

A leaked database doesn't necessarily mean that the passwords are in cleartext, it only means that the Database is leaked. Normally the passwords are hashed and you need to crack them first. Just FYI^^ Good night and thx for support.
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!