Bitmain Hacked - Change all your gambling site passwords

[moooonu]

These days none in digital world is safe. Anyone can hack anything with the right knowledge. Cloudbleed was one main event and now its bitmain. How sadful when people misuse of their skills and knowledge.

[1715488181]

1715488181

[1715488181]

1715488181

[Qartersa]

Apparently Bitmain got hacked a day or so ago and I am getting email alerts from different services and gambling sites that there was attempted unauthorized accesses.

Just like the Bitcointalk hack a few years back, these hackers are trying to gain access to any and all Bitcoin related services like exchanges, wallets and most likely also gambling sites.

So if you used the same password and had no 2FA enabled you are at risk...

Pretty unsecured world we are living in. A lot of databases always get hacked and it's basically unsafe to use your favorite password. It is getting complicated. And when you have a complicated password there is also a risk that user may lose their password because of that. There is a trade off with convenience and security here. There is risk of loss even without anyone attacking because of the password is super hard to remember.

[suyogm]

I never got email from bitmain about this. Yesterday I got an email saying there is an unusual activity on my account. I checked the website and saw that my 2FA is not working and was not able to login. I checked it from my smartphone app and I see that all my 'hash' is sold and there are thousands of transaction on my account. What is the point of having 2FA if someone can login just with stolen passwords? Who the hell stores encrypted passwords anyway?

I have contacted support but they haven't replied so far. Please help... I had 5 BTC worth of hash-power rented from them. There has to be a way I can hold them accountable.

[AtraxPool]

I never got email from bitmain about this. Yesterday I got an email saying there is an unusual activity on my account. I checked the website and saw that my 2FA is not working and was not able to login. I checked it from my smartphone app and I see that all my 'hash' is sold and there are thousands of transaction on my account. What is the point of having 2FA if someone can login just with stolen passwords? Who the hell stores encrypted passwords anyway?

I have contacted support but they haven't replied so far. Please help... I had 5 BTC worth of hash-power rented from them. There has to be a way I can hold them accountable.

Yes you can they should reimbese any losses if you had 2FA active and its been turned off by someone and they were hacked they have a responsibility to deal with it and cover any losses that are accumulted by the customer.  They should be able to look at the IP that logged in and see that it not the same as your one also they might have a browser user agent logger that would show if it was the same browser that was used.

Bitmain did not contact me regarding this either I found out via a forum post about it.

Message them and make them aware that your account has been compromised and your 2fa was also effected.. 

I also agree why would such a company store un-encryped passwords in there database?  They should be hashing them and and salt.  Totaly unacceptable behaviour from a company of this scale.

[Oilacris]

I never got email from bitmain about this. Yesterday I got an email saying there is an unusual activity on my account. I checked the website and saw that my 2FA is not working and was not able to login. I checked it from my smartphone app and I see that all my 'hash' is sold and there are thousands of transaction on my account. What is the point of having 2FA if someone can login just with stolen passwords? Who the hell stores encrypted passwords anyway?

I have contacted support but they haven't replied so far. Please help... I had 5 BTC worth of hash-power rented from them. There has to be a way I can hold them accountable.

Yes you can they should reimbese any losses if you had 2FA active and its been turned off by someone and they were hacked they have a responsibility to deal with it and cover any losses that are accumulted by the customer.  They should be able to look at the IP that logged in and see that it not the same as your one also they might have a browser user agent logger that would show if it was the same browser that was used.

Bitmain did not contact me regarding this either I found out via a forum post about it.

Message them and make them aware that your account has been compromised and your 2fa was also effected.. 

I also agree why would such a company store un-encryped passwords in there database?  They should be hashing them and and salt.  Totaly unacceptable behaviour from a company of this scale.

Its odd that 2fa has been affected and the hacker did able to bypassed on that one and sold off the contracts.I cant think off that someone do have the skills on doing this knowing that 2fa is one of the hardest layers when it comes on 2nd attempts on logging in.Hackers would normally not use their own ip address on logging in.They are not dumb as we think.

[AtraxPool]

I never got email from bitmain about this. Yesterday I got an email saying there is an unusual activity on my account. I checked the website and saw that my 2FA is not working and was not able to login. I checked it from my smartphone app and I see that all my 'hash' is sold and there are thousands of transaction on my account. What is the point of having 2FA if someone can login just with stolen passwords? Who the hell stores encrypted passwords anyway?

I have contacted support but they haven't replied so far. Please help... I had 5 BTC worth of hash-power rented from them. There has to be a way I can hold them accountable.

Yes you can they should reimbese any losses if you had 2FA active and its been turned off by someone and they were hacked they have a responsibility to deal with it and cover any losses that are accumulted by the customer.  They should be able to look at the IP that logged in and see that it not the same as your one also they might have a browser user agent logger that would show if it was the same browser that was used.

Bitmain did not contact me regarding this either I found out via a forum post about it.

Message them and make them aware that your account has been compromised and your 2fa was also effected..  

I also agree why would such a company store un-encryped passwords in there database?  They should be hashing them and and salt.  Totaly unacceptable behaviour from a company of this scale.

Its odd that 2fa has been affected and the hacker did able to bypassed on that one and sold off the contracts.I cant think off that someone do have the skills on doing this knowing that 2fa is one of the hardest layers when it comes on 2nd attempts on logging in.Hackers would normally not use their own ip address on logging in.They are not dumb as we think.

I was only noting that is the OP had logged in from his own IP many times they possibly have a record of the last logged in could also show it was infact compromised..

We alll know hackers use VPN - Socks5 - Tor - SSH to do there nasty work.  

I also agree 2fa is rather a strange one if it was active then suddenly not active but bitmain should have a log of when and how it was switched off.

[Oilacris]

I never got email from bitmain about this. Yesterday I got an email saying there is an unusual activity on my account. I checked the website and saw that my 2FA is not working and was not able to login. I checked it from my smartphone app and I see that all my 'hash' is sold and there are thousands of transaction on my account. What is the point of having 2FA if someone can login just with stolen passwords? Who the hell stores encrypted passwords anyway?

I have contacted support but they haven't replied so far. Please help... I had 5 BTC worth of hash-power rented from them. There has to be a way I can hold them accountable.

Yes you can they should reimbese any losses if you had 2FA active and its been turned off by someone and they were hacked they have a responsibility to deal with it and cover any losses that are accumulted by the customer.  They should be able to look at the IP that logged in and see that it not the same as your one also they might have a browser user agent logger that would show if it was the same browser that was used.

Bitmain did not contact me regarding this either I found out via a forum post about it.

Message them and make them aware that your account has been compromised and your 2fa was also effected..  

I also agree why would such a company store un-encryped passwords in there database?  They should be hashing them and and salt.  Totaly unacceptable behaviour from a company of this scale.

Its odd that 2fa has been affected and the hacker did able to bypassed on that one and sold off the contracts.I cant think off that someone do have the skills on doing this knowing that 2fa is one of the hardest layers when it comes on 2nd attempts on logging in.Hackers would normally not use their own ip address on logging in.They are not dumb as we think.

I was only noting that is the OP had logged in from his own IP many times they possibly have a record of the last logged in could also show it was infact compromised..

We alll know hackers use VPN - Socks5 - Tor - SSH to do there nasty work.  

I also agree 2fa is rather a strange one if it was active then suddenly not active but bitmain should have a log of when and how it was switched off.

All of this thing would really depend on bitmain since they do have all the logs regarding on the access of such account same as you said. This thing boggling my mind how 2fa has been off.
It is quiet alarming specially on having big amounts stored or purchased contracts but nothing to be worried as long your password is unique and not a common one but also 2fa is always been suggested on any accounts we do have.

[AtraxPool]

Its becoming more prevalent these days for 2fa to be hacked possibly by Social engineering or by way of malware or dodgy apps from playstore.


https://www.wired.com/2017/05/security-news-week-hackers-beat-two-factor-authentication-rob-bank-accounts/

https://www.theregister.co.uk/2017/06/26/parliament_email_hack/