Mass hacking of forum accounts

[Blazr]

I've noticed recently that there has been a massive increase in the amount of BitcoinTalk account's being hacked.

See here for some examples:
https://bitcointalk.org/index.php?topic=211977.0;topicseen
https://bitcointalk.org/index.php?topic=211801.msg2221021#msg2221021

I would recommend that anyone who has re-used their account passwords on any other website (including BTC related websites) to immediately change these passwords (use something like LastPass to manage your password), the same goes for your email addresses.

Make sure you use a strong password (letters, numb3rs, $ymbols and upPeR CaSe LeTteRs).

Be careful when trading with people, the account may be hacked, look out for suspicious behaviour, use escrow when possible and do not trade with anyone who may be a risk.

It may be a good idea to add optional Google Authenticator 2FA. This would definitely help reduce the amount of hacked accounts.

[1714182404]

1714182404

[1714182404]

1714182404

[1714182404]

1714182404

[1714182404]

1714182404

[pekv2]

stay safe link in my sig.
 
&

https://bitcointalk.org/index.php?topic=159424.msg1685280#msg1685280

[DobZombie]

Speaking of signatures, I saw this earlier...

Bicknellski
https://bitcointalk.org/index.php?action=profile;u=76550
Hero Member
Posts: 631
Canadian Montessori School

   
 
AVALON DELIVERS: Reference Documentation, Bill of Materials, Chip Communication and etc.
LINK FOR THIS ^^^ https://bitcointalk.org/index.php?topic=200668.new#new

The Race is ON: Klondike DIY AVALON by BKKcoins
LINK FOR THIS ^^^ https://109.201.133.65.DONTFUKGOHERE/index.php?topic=190731.msg2095159#msg2095159

I added "DONTFUKGOHERE" in the link so it is useless.

Gives an SSL warning, and I just happen to be logged out.

[2112]

I added "DONTFUKGOHERE" in the link so it is useless.

Gives an SSL warning, and I just happen to be logged out.

C'mon, this is completely safe. 109.201.133.65 is just the current IPv4 address for the bitcointalk.org. The browser store the authentication cookie indexed by the string value of the "website" portion of the URL. The warning was propably that "109.201.133.65" != "bitcointalk.org". You can safely log in to https://109.201.133.65/ with the same credentials as to the https://bitcointalk.org/ after verifying that the certificate is indeed for "bitcointalk.org". Same browsers are/were so paranoid that would force another session when the URL would be https://bitcointalk.org:443/ , where 443 is the default HTTPS port.

I think that as far as browsers go only Internet Explorer (maybe some older versions, like IE6) had a cookie and/or authentication credentials storage indexed by the server certificates, not by the URL strings. Several HTTP/HTTPS libraries have this functionality built-in.

[DobZombie]

I'd rather be paranoid than trusting 

[dexX7]

There is a phishing BTC-E website going around (btceXXXXX.site40.net) and spread by email. Maybe that's linked?