Bitcoin Forum
November 19, 2024, 10:44:49 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Bitmain Hacked - Change all your gambling site passwords  (Read 2155 times)
BitcoinSupremo
Copper Member
Hero Member
*****
Offline Offline

Activity: 1442
Merit: 529


View Profile
August 23, 2017, 04:19:33 PM
 #21

Like we say in Italy "Uomo avissato , mezzo salvato" , it means if a man is warned he is already half safe so it is great to share the information here. However I don't believe all the sites are hacked, I didn't received any email from coinbet24 which has become my new favorite sport book to change my password so far. Still I have a very unique password and although without 2fa there I still feel safe.
LuanX3
Hero Member
*****
Offline Offline

Activity: 756
Merit: 505



View Profile
August 23, 2017, 05:09:02 PM
 #22

Apparently Bitmain got hacked a day or so ago and I am getting email alerts from different services and gambling sites that there was attempted unauthorized accesses.

Just like the Bitcointalk hack a few years back, these hackers are trying to gain access to any and all Bitcoin related services like exchanges, wallets and most likely also gambling sites.

So if you used the same password and had no 2FA enabled you are at risk...



Holy damn, I just read it here! This should have been all over the news on every bitcoin news outlet like coinbase, cointelegraph, etc. But why was it not there though?
Anyway, just for precaution, I am changing my passwords too on all my accounts. Better safe than sorry.
shezu007
Full Member
***
Offline Offline

Activity: 336
Merit: 121



View Profile
August 23, 2017, 06:41:07 PM
 #23

Like we say in Italy "Uomo avissato , mezzo salvato" , it means if a man is warned he is already half safe so it is great to share the information here. However I don't believe all the sites are hacked, I didn't received any email from coinbet24 which has become my new favorite sport book to change my password so far. Still I have a very unique password and although without 2fa there I still feel safe.

That's great to hear something from you i would like to say that thank you so much for that it's interesting to hear different words and let them remember in future good luck men for more kind of help.
iluvbitcoins
Legendary
*
Offline Offline

Activity: 2198
Merit: 1150


Freedom&Honor


View Profile
August 24, 2017, 11:45:00 AM
 #24

This is the reason why you guys need to start using password managers, every time something like this happens I read about people going to change their passwords, you know what, one day you won't stumble upon the news of something being hacked, you need to be prepared and have different passwords for each website you're using.

Since Betcoin.Ag got hacked and even my bitcointalk account go compromised, I will never again use the same password, it's so simple how someone can penetrate most of your assets if your security is based on the same bloody password.

Don't risk it, use a password manager!

Looking for a signature campaign.
poplolnman
Legendary
*
Offline Offline

Activity: 1442
Merit: 1008



View Profile
August 24, 2017, 03:35:51 PM
 #25

This is the reason why you guys need to start using password managers, every time something like this happens I read about people going to change their passwords, you know what, one day you won't stumble upon the news of something being hacked, you need to be prepared and have different passwords for each website you're using.

Since Betcoin.Ag got hacked and even my bitcointalk account go compromised, I will never again use the same password, it's so simple how someone can penetrate most of your assets if your security is based on the same bloody password.

Don't risk it, use a password manager!
yeah it's never be a good idea to have same password for all of your digital assets even you have set the strongest security system like two factor authentication. hacking could happened anytime. so you should reset your password periodically for better security especially when it comes to valueable stuff. prevention always better than waiting for something bad really happened.

I'm in 400,000 euros debt , dont help me , i rather die
shezu007
Full Member
***
Offline Offline

Activity: 336
Merit: 121



View Profile
August 24, 2017, 04:03:51 PM
 #26

This is the reason why you guys need to start using password managers, every time something like this happens I read about people going to change their passwords, you know what, one day you won't stumble upon the news of something being hacked, you need to be prepared and have different passwords for each website you're using.

Since Betcoin.Ag got hacked and even my bitcointalk account go compromised, I will never again use the same password, it's so simple how someone can penetrate most of your assets if your security is based on the same bloody password.

Don't risk it, use a password manager!
yeah it's never be a good idea to have same password for all of your digital assets even you have set the strongest security system like two factor authentication. hacking could happened anytime. so you should reset your password periodically for better security especially when it comes to valueable stuff. prevention always better than waiting for something bad really happened.

It's not good idea to have same password everywhere if you are hacked some where then hackers easily access to your other assets too so kindly careful.
iluvbitcoins
Legendary
*
Offline Offline

Activity: 2198
Merit: 1150


Freedom&Honor


View Profile
August 24, 2017, 06:32:21 PM
 #27

This is the reason why you guys need to start using password managers, every time something like this happens I read about people going to change their passwords, you know what, one day you won't stumble upon the news of something being hacked, you need to be prepared and have different passwords for each website you're using.

Since Betcoin.Ag got hacked and even my bitcointalk account go compromised, I will never again use the same password, it's so simple how someone can penetrate most of your assets if your security is based on the same bloody password.

Don't risk it, use a password manager!
yeah it's never be a good idea to have same password for all of your digital assets even you have set the strongest security system like two factor authentication. hacking could happened anytime. so you should reset your password periodically for better security especially when it comes to valueable stuff. prevention always better than waiting for something bad really happened.

It's not good idea to have same password everywhere if you are hacked some where then hackers easily access to your other assets too so kindly careful.

I'm actually glad that it happened to me, because I wouldn't learn otherwise until it's too late.

And others should learn too.

Don't store your passwords on your PC and copy-paste them, websites get hacked and data gets leaked, PCs get hacked too and data gets leaked.

A password manager is a must in todays world if you hold anything valuable on your laptop/PC, it gets a different 50-60 or any number of charachters passwords you want for all your accounts and you just need to memorize one good,strong password you never used before for your manager
+ 2FA and you're the safest gambler there exists Wink

Looking for a signature campaign.
adaseb (OP)
Legendary
*
Offline Offline

Activity: 3878
Merit: 1733


View Profile
August 24, 2017, 09:40:50 PM
 #28

Oh that is a big blow but I don't have any account there and also I have activated 2fa in almost all of my important accounts already so hope I will be in safe side  Grin

Quote
Data breach includes user data, including encrypted passwords, email addresses and phone numbers.
If they have strongly encrypted users password when storing in their server than I think hacker might not gain access to user passwords. Am I wrong?

The email and phone number is a big problem. If you use an exchange such as Coinbase or Gemini or CEX, if someone knows your phone number they can get your 2FA if you are using Authy.

With your email AND phone number they can easily reset any password and even reset your Authy.

This is a huge problem
By reset you mean getting all the 2fa codes? that'll happen only when one enables multi-device feature, one can always disable that feature and stay safe from sms/call based authy recovery.

Yes. Go to Authy website and read the FAQs. Its basically for people who have no recovery codes and a way for them to get their account back.

They can easily get it back with EMAIL + PHONE NUMBER. Even if they had no multi device checked off.

michkima
Hero Member
*****
Offline Offline

Activity: 896
Merit: 514


View Profile
August 25, 2017, 10:13:04 AM
 #29

Oh that is a big blow but I don't have any account there and also I have activated 2fa in almost all of my important accounts already so hope I will be in safe side  Grin

Quote
Data breach includes user data, including encrypted passwords, email addresses and phone numbers.
If they have strongly encrypted users password when storing in their server than I think hacker might not gain access to user passwords. Am I wrong?

The email and phone number is a big problem. If you use an exchange such as Coinbase or Gemini or CEX, if someone knows your phone number they can get your 2FA if you are using Authy.

With your email AND phone number they can easily reset any password and even reset your Authy.

This is a huge problem
By reset you mean getting all the 2fa codes? that'll happen only when one enables multi-device feature, one can always disable that feature and stay safe from sms/call based authy recovery.

Yes. Go to Authy website and read the FAQs. Its basically for people who have no recovery codes and a way for them to get their account back.

They can easily get it back with EMAIL + PHONE NUMBER. Even if they had no multi device checked off.



Though it defeats the purpose right? What if your email was hacked then they can recover the 2FA for authy then they can hack everything connected to it.
I think the best way is to create a paper backup of the qr code of your 2FAs so that you can securely store them and no one else have access to it but you and
whatever authenticator you use.
LuanX3
Hero Member
*****
Offline Offline

Activity: 756
Merit: 505



View Profile
August 25, 2017, 10:40:00 AM
 #30

Oh that is a big blow but I don't have any account there and also I have activated 2fa in almost all of my important accounts already so hope I will be in safe side  Grin

Quote
Data breach includes user data, including encrypted passwords, email addresses and phone numbers.
If they have strongly encrypted users password when storing in their server than I think hacker might not gain access to user passwords. Am I wrong?

The email and phone number is a big problem. If you use an exchange such as Coinbase or Gemini or CEX, if someone knows your phone number they can get your 2FA if you are using Authy.

With your email AND phone number they can easily reset any password and even reset your Authy.

This is a huge problem
By reset you mean getting all the 2fa codes? that'll happen only when one enables multi-device feature, one can always disable that feature and stay safe from sms/call based authy recovery.

Yes. Go to Authy website and read the FAQs. Its basically for people who have no recovery codes and a way for them to get their account back.

They can easily get it back with EMAIL + PHONE NUMBER. Even if they had no multi device checked off.



Though it defeats the purpose right? What if your email was hacked then they can recover the 2FA for authy then they can hack everything connected to it.
I think the best way is to create a paper backup of the qr code of your 2FAs so that you can securely store them and no one else have access to it but you and
whatever authenticator you use.

The best security still is not just having 2fa but having a secure password. Everybody stop using the same passwords for everything, that is how the hackers are
able to hack accounts. Check out Masterpassword (it's really a generic name, I know, but that is what they chose). It's pretty awesome in my opinion.
btcjocan
Sr. Member
****
Offline Offline

Activity: 658
Merit: 250



View Profile
August 25, 2017, 08:54:09 PM
 #31

Oh that is a big blow but I don't have any account there and also I have activated 2fa in almost all of my important accounts already so hope I will be in safe side  Grin

Quote
Data breach includes user data, including encrypted passwords, email addresses and phone numbers.
If they have strongly encrypted users password when storing in their server than I think hacker might not gain access to user passwords. Am I wrong?

The email and phone number is a big problem. If you use an exchange such as Coinbase or Gemini or CEX, if someone knows your phone number they can get your 2FA if you are using Authy.

With your email AND phone number they can easily reset any password and even reset your Authy.

This is a huge problem
By reset you mean getting all the 2fa codes? that'll happen only when one enables multi-device feature, one can always disable that feature and stay safe from sms/call based authy recovery.

Yes. Go to Authy website and read the FAQs. Its basically for people who have no recovery codes and a way for them to get their account back.

They can easily get it back with EMAIL + PHONE NUMBER. Even if they had no multi device checked off.



Though it defeats the purpose right? What if your email was hacked then they can recover the 2FA for authy then they can hack everything connected to it.
I think the best way is to create a paper backup of the qr code of your 2FAs so that you can securely store them and no one else have access to it but you and
whatever authenticator you use.

I think that the situation has a leakage of 2FA security authentication specially the private key must be preserve or confidential on you wallet. Having proper back-up is really the best option to do, because the accessing is secured and nothing will fear of that hacking will be possible. One thing that phisers online will capable of doing such unrighteous acts is due to location was turned on on your device. Prevent that device location from being turned on, so that you will not in danger of attacks on those hackers freely roaming online. Stay secure and keep all personal keys confidential; most importantly never entertain unknown mails.
SaShiRaJaVu
Hero Member
*****
Offline Offline

Activity: 1694
Merit: 541


View Profile
August 25, 2017, 10:17:13 PM
 #32

With the price of bitcoin moving higher,we are seeing more hacks and if you are sloppy then your accounts will be compromised,never use the same password in any site and the risk is too much and if everyone could follow this simple rule then we do not need to be worried by hearing these hack news.
greentrust-king
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
August 26, 2017, 01:17:25 AM
 #33

Best advice to give and a great update to all members concerned but my advice is to change password every month to be safe
Emitdama
Sr. Member
****
Offline Offline

Activity: 1917
Merit: 328


View Profile
August 27, 2017, 06:30:57 PM
 #34

Best advice to give and a great update to all members concerned but my advice is to change password every month to be safe
Not all gambling sites were hacked; I don’t think it’s possible for them to hack all gambling sites, because there are too many of them.Secondly, one thing I don’t miss when I’m making use of any wallet is to activate 2fa, and I don’t use sites without such security features.
U2
Hero Member
*****
Offline Offline

Activity: 676
Merit: 503


I used to be indecisive, but now I'm not sure...


View Profile
August 27, 2017, 06:37:35 PM
 #35

If you reuse passwords in the bitcoin world and you haven't lost money yet it must be because you accidentally sat on a horse shoe and it got stuck up there.

"Bitmain hacked - smart people unaffected"
AtraxPool
Member
**
Offline Offline

Activity: 84
Merit: 12

Block Hunting


View Profile
August 30, 2017, 04:41:56 PM
 #36

How can we be sure the firmware for the miners on there pages has not been tampered with?

Is there any official announcment regarding checking of the firmware? If hackers have access to the server then who knows what they managed to do before they were stopped.

Can we have a notice letting us know that the miner firmwares were not compromised in the attack!

■ BLOCKHUNT ■ «  COMMUNITY BLOCKHUNTING - »  https://bitcointalk.org/index.php?topic=2207363.0
adaseb (OP)
Legendary
*
Offline Offline

Activity: 3878
Merit: 1733


View Profile
August 31, 2017, 08:54:35 AM
 #37

How can we be sure the firmware for the miners on there pages has not been tampered with?

Is there any official announcment regarding checking of the firmware? If hackers have access to the server then who knows what they managed to do before they were stopped.

Can we have a notice letting us know that the miner firmwares were not compromised in the attack!

No idea why you are talking about their firmware. Basically the sites login info and passwords was leaked somehow and people who reused the same passwords on different sites are mostly affected.

I highly doubt that someone hacked their server to change the BIOS firmware for antminers. It would be very difficult to cause any damage that way. People would just reflash the old firmware. People also very rarely update the firmware on their ASICs. Most only upgrade if they are having issues. During that small hacking window there isn't many that would of been doing a firmware flash during that time.
AtraxPool
Member
**
Offline Offline

Activity: 84
Merit: 12

Block Hunting


View Profile
September 02, 2017, 08:46:26 PM
 #38

How can we be sure the firmware for the miners on there pages has not been tampered with?

Is there any official announcment regarding checking of the firmware? If hackers have access to the server then who knows what they managed to do before they were stopped.

Can we have a notice letting us know that the miner firmwares were not compromised in the attack!

No idea why you are talking about their firmware. Basically the sites login info and passwords was leaked somehow and people who reused the same passwords on different sites are mostly affected.

I highly doubt that someone hacked their server to change the BIOS firmware for antminers. It would be very difficult to cause any damage that way. People would just reflash the old firmware. People also very rarely update the firmware on their ASICs. Most only upgrade if they are having issues. During that small hacking window there isn't many that would of been doing a firmware flash during that time.

I would have to dissagree.  If you were a hacker and you target a company like bitmain. Are you really going to be happy with a password and email dump?

If they had access to the server (and had time there)  

Who knows what they could of done. It would not be hard to edit a firmware to include something nasty.

Since there is very very limited info out there on this matter I would have to say it would be foolish for bitmain not to check that there have been no code changes to there firmware.  I highley doubt hackers would stop at only stealing some e-mail lists and passwords.

Its happend in the past where firms get hacked. there products get infected via firmware updates or software they sell.  Look at team viewer. they were hacked and ransomware was included in there software.

google..

company hacked firmware effected

You will see 100's of companys that were hacked and there software or firmwares were tampered with.

■ BLOCKHUNT ■ «  COMMUNITY BLOCKHUNTING - »  https://bitcointalk.org/index.php?topic=2207363.0
adaseb (OP)
Legendary
*
Offline Offline

Activity: 3878
Merit: 1733


View Profile
September 02, 2017, 09:15:41 PM
 #39

How can we be sure the firmware for the miners on there pages has not been tampered with?

Is there any official announcment regarding checking of the firmware? If hackers have access to the server then who knows what they managed to do before they were stopped.

Can we have a notice letting us know that the miner firmwares were not compromised in the attack!

No idea why you are talking about their firmware. Basically the sites login info and passwords was leaked somehow and people who reused the same passwords on different sites are mostly affected.

I highly doubt that someone hacked their server to change the BIOS firmware for antminers. It would be very difficult to cause any damage that way. People would just reflash the old firmware. People also very rarely update the firmware on their ASICs. Most only upgrade if they are having issues. During that small hacking window there isn't many that would of been doing a firmware flash during that time.

I would have to dissagree.  If you were a hacker and you target a company like bitmain. Are you really going to be happy with a password and email dump?

If they had access to the server (and had time there)  

Who knows what they could of done. It would not be hard to edit a firmware to include something nasty.

Since there is very very limited info out there on this matter I would have to say it would be foolish for bitmain not to check that there have been no code changes to there firmware.  I highley doubt hackers would stop at only stealing some e-mail lists and passwords.

Its happend in the past where firms get hacked. there products get infected via firmware updates or software they sell.  Look at team viewer. they were hacked and ransomware was included in there software.

google..

company hacked firmware effected

You will see 100's of companys that were hacked and there software or firmwares were tampered with.

Yes I agree with you, Bitmain did a very poor job of telling us what exactly they hacked. I am still getting failed login attempts with many of the bitcoin services and gambling sites I am registered with. So this leads me to the conclusion that they were only targetting usernames and passwords and hoping that people reused the same password and no 2FA.

This isnt the first time it happened. Bitcointalk was hacked a few years back and it was the same scenario.

Hacking the firmware to change the pool info is possible but it would only affect the people who downloaded the firmware in the short while that it was hacked.

Either way they really should SHA256 all their firmware and post the hash somewhere on another website or even with their bitcointalk account, so we can be sure that the firmware won't destroy your ASIC.
AtraxPool
Member
**
Offline Offline

Activity: 84
Merit: 12

Block Hunting


View Profile
September 02, 2017, 09:32:59 PM
 #40

How can we be sure the firmware for the miners on there pages has not been tampered with?

Is there any official announcment regarding checking of the firmware? If hackers have access to the server then who knows what they managed to do before they were stopped.

Can we have a notice letting us know that the miner firmwares were not compromised in the attack!

No idea why you are talking about their firmware. Basically the sites login info and passwords was leaked somehow and people who reused the same passwords on different sites are mostly affected.

I highly doubt that someone hacked their server to change the BIOS firmware for antminers. It would be very difficult to cause any damage that way. People would just reflash the old firmware. People also very rarely update the firmware on their ASICs. Most only upgrade if they are having issues. During that small hacking window there isn't many that would of been doing a firmware flash during that time.

I would have to dissagree.  If you were a hacker and you target a company like bitmain. Are you really going to be happy with a password and email dump?

If they had access to the server (and had time there)  

Who knows what they could of done. It would not be hard to edit a firmware to include something nasty.

Since there is very very limited info out there on this matter I would have to say it would be foolish for bitmain not to check that there have been no code changes to there firmware.  I highley doubt hackers would stop at only stealing some e-mail lists and passwords.

Its happend in the past where firms get hacked. there products get infected via firmware updates or software they sell.  Look at team viewer. they were hacked and ransomware was included in there software.

google..

company hacked firmware effected

You will see 100's of companys that were hacked and there software or firmwares were tampered with.

Yes I agree with you, Bitmain did a very poor job of telling us what exactly they hacked. I am still getting failed login attempts with many of the bitcoin services and gambling sites I am registered with. So this leads me to the conclusion that they were only targetting usernames and passwords and hoping that people reused the same password and no 2FA.

This isnt the first time it happened. Bitcointalk was hacked a few years back and it was the same scenario.

Hacking the firmware to change the pool info is possible but it would only affect the people who downloaded the firmware in the short while that it was hacked.

Either way they really should SHA256 all their firmware and post the hash somewhere on another website or even with their bitcointalk account, so we can be sure that the firmware won't destroy your ASIC.

I have had no response from them regarding the hack and if they are checking there firmware which I think if hackers have had access to the server should be a high on there agenda to check.  Last thing we want is waves of miners going offline or being "destroyed" by some code additions from the hackers.

I also agree they should be more forthcoming with info.

I hope others don't lose too much dew to the this and I hope bitmain start to take security a little more seriosuly.

■ BLOCKHUNT ■ «  COMMUNITY BLOCKHUNTING - »  https://bitcointalk.org/index.php?topic=2207363.0
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!