Bitcoin Forum
December 11, 2016, 11:59:02 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Mt Gox just emailed me saying there are 8 claim requests on my account.  (Read 1641 times)
calista
Newbie
*
Offline Offline

Activity: 28


View Profile
June 24, 2011, 02:54:14 AM
 #1

i have submitted only one ofcourse, but maybe because i didn't use a strong password for my account (10 characters and numbers, no upper case), it was probably hacked by people from the open database.

and now so many people are trying to claim my $1300 in my account, what should i do to prove myself among 8 people?!

Smartest forum on the internet - www.anonboard.com
1481457542
Hero Member
*
Offline Offline

Posts: 1481457542

View Profile Personal Message (Offline)

Ignore
1481457542
Reply with quote  #2

1481457542
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481457542
Hero Member
*
Offline Offline

Posts: 1481457542

View Profile Personal Message (Offline)

Ignore
1481457542
Reply with quote  #2

1481457542
Report to moderator
alishawkat
Newbie
*
Offline Offline

Activity: 16


View Profile
June 24, 2011, 03:01:57 AM
 #2

Holy crap, try sending them id, I'd contact them asap.
mikeintimesaves9
Newbie
*
Offline Offline

Activity: 25


View Profile WWW
June 24, 2011, 03:08:21 AM
 #3

That's a tough one.  I'd say leave a ticket on the support address https://support.mtgox.com/anonymous_requests/new and hope for the best.

For tips: 1FQyGK4xS1JZUL4mFnKkiU9cHvVL5TfC4v
coinage
Member
**
Offline Offline

Activity: 60


View Profile
June 24, 2011, 03:09:59 AM
 #4

i have submitted only one ofcourse, but maybe because i didn't use a strong password for my account (10 characters and numbers, no upper case), it was probably hacked by people from the open database.

and now so many people are trying to claim my $1300 in my account, what should i do to prove myself among 8 people?!

If you read the various updates at the MtGox support site, plus some emails that people posted on the forums here, as I recall you'll see them mention they may ask you about previous transactions or your balance.  Therefore it's not wise to tell everybody here you have $XYZ in your account, if anyone here might be able to guess your MtGox userid from your forum userid !

Perhaps you should edit your post to remove specifics about the length and type of password you used, too, because those things might not be visible to someone looking at just the hashed & salted user & password list, even though it was leaked webwide.

(Once something's hashed, its length & other qualities can be completely obscured.  However, MtGox implied they could determine the strength of the old passwords, which is a little perplexing unless they stored additional information beyond hashes or actually bothered to try cracking each one themselves.  I haven't seen the leaked document so can't comment further on what's in it.)

In any event, you could try preemptively contacting MtGox directly saying whatever you can remember about your account, when you opened it, what transactions you did, what your balance was, what IP address or ISP you use...  That's your best and maybe only way to show you're the rightful owner.
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
June 24, 2011, 03:53:22 AM
 #5

You have to type your old password to reclaim your account.  The password you enter has to match the one that formed the hash.  Most likely, they inspect the password for complexity when you send it to the reclaim form.

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
R3V0LU710N
Newbie
*
Offline Offline

Activity: 1


View Profile
June 24, 2011, 03:53:59 AM
 #6

I would say you are not the only one to receive an email like that one. I also bet a lot of people didn't keep good enough records to prove ownership of the accounts.
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
June 24, 2011, 04:03:13 AM
 #7

By the way, did you check the file for your account info?  Did your password hash start with $1$?

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
bananaphone
Newbie
*
Offline Offline

Activity: 1


View Profile
June 24, 2011, 04:11:04 AM
 #8

By the way, did you check the file for your account info?  Did your password hash start with $1$?

$1$ doesn't help. FreeBSD MD5 doesn't protect weak passwords.
With a simple dictionary attack, I cracked more than 500 passwords in one blow.
Total amount of cracked passwords I got so far are now over 2000.
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
June 24, 2011, 04:43:54 AM
 #9

By the way, did you check the file for your account info?  Did your password hash start with $1$?

$1$ doesn't help. FreeBSD MD5 doesn't protect weak passwords.
With a simple dictionary attack, I cracked more than 500 passwords in one blow.
Total amount of cracked passwords I got so far are now over 2000.

What is the longest so far?

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
Lord F(r)og
Donator
Sr. Member
*
Offline Offline

Activity: 477



View Profile
June 24, 2011, 05:04:12 AM
 #10

@calista

can u please copynpaste the email? of cause after deleting important information! I wanna see a proof.

Maybe u can give a thank to bananaphone, possible that he's one of the other 7 competitors of your account.
rob80
Newbie
*
Offline Offline

Activity: 12


View Profile
June 24, 2011, 05:05:35 AM
 #11

By the way, did you check the file for your account info?  Did your password hash start with $1$?

$1$ doesn't help. FreeBSD MD5 doesn't protect weak passwords.
With a simple dictionary attack, I cracked more than 500 passwords in one blow.
Total amount of cracked passwords I got so far are now over 2000.

What is the longest so far?

When the csv was released I was interested in what kind of passwords people used for 'financial' institutions.  This is what I got:

$ for i in `cat .john/john.pot | cut -d : -f 2` ; do echo ${#i} ; done | sort | uniq -c
     98 10
     36 11
     46 12
      4 13
      4 14
      5 15
      1 4
    111 5
    864 6
    454 7
    640 8
    182 9


5 15 char passwords.
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
June 24, 2011, 05:10:07 AM
 #12

By the way, did you check the file for your account info?  Did your password hash start with $1$?

$1$ doesn't help. FreeBSD MD5 doesn't protect weak passwords.
With a simple dictionary attack, I cracked more than 500 passwords in one blow.
Total amount of cracked passwords I got so far are now over 2000.

What is the longest so far?

When the csv was released I was interested in what kind of passwords people used for 'financial' institutions.  This is what I got:

$ for i in `cat .john/john.pot | cut -d : -f 2` ; do echo ${#i} ; done | sort | uniq -c
     98 10
     36 11
     46 12
      4 13
      4 14
      5 15
      1 4
    111 5
    864 6
    454 7
    640 8
    182 9


5 15 char passwords.

Nice.  How about the longest including at least one digit?

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
Agorista
Member
**
Offline Offline

Activity: 65


View Profile
June 24, 2011, 05:12:27 AM
 #13

You can copy a credit card or government ID to send them, but then you run the risk that the people currently in charge of mtgox are not the original owners or that there communication system is not secure.

5 15 char? I wonder how many of those were English words.

Mike
Member since June 2011 - watching BTC since $0.25
rob80
Newbie
*
Offline Offline

Activity: 12


View Profile
June 24, 2011, 05:14:01 AM
 #14

By the way, did you check the file for your account info?  Did your password hash start with $1$?

$1$ doesn't help. FreeBSD MD5 doesn't protect weak passwords.
With a simple dictionary attack, I cracked more than 500 passwords in one blow.
Total amount of cracked passwords I got so far are now over 2000.

What is the longest so far?

When the csv was released I was interested in what kind of passwords people used for 'financial' institutions.  This is what I got:

$ for i in `cat .john/john.pot | cut -d : -f 2` ; do echo ${#i} ; done | sort | uniq -c
     98 10
     36 11
     46 12
      4 13
      4 14
      5 15
      1 4
    111 5
    864 6
    454 7
    640 8
    182 9


5 15 char passwords.

Nice.  How about the longest including at least one digit?

There were 3 at 15, all of them were variants of their email address and/or username (or combination)
rob80
Newbie
*
Offline Offline

Activity: 12


View Profile
June 24, 2011, 05:21:31 AM
 #15

And conversely, all 4 of the 14 char passwords were also variants of username/email address/domain.  Same with both 13 char passwords.

I'd wager most of the 2500 or so passwords cracked were variants of the email/username/domain.  I think there is a pretty important lesson there.
contingencyplan
Newbie
*
Offline Offline

Activity: 7


View Profile
June 24, 2011, 10:27:22 AM
 #16

And conversely, all 4 of the 14 char passwords were also variants of username/email address/domain.  Same with both 13 char passwords.

I'd wager most of the 2500 or so passwords cracked were variants of the email/username/domain.  I think there is a pretty important lesson there.

Namely, don't trust sites that "encrypt" your password with MD5 or anything similar? Don't trust sites that do not understand the fundamentals of encryption?

Read this. Bear in mind that the $2000 CUDA systems he's referring to are the same sorts of systems that are described in the BTC mining threads.

Then consider how much having a "strong" password, by any definition of "strong" you'd like, would save you under those circumstances.
deepceleron
Legendary
*
Offline Offline

Activity: 1470



View Profile WWW
June 24, 2011, 11:49:06 AM
 #17

What is pretty spooky is how quick the hacking sites were to crack post passwords 8 digits and more. It just takes something like this for me to review every non-inconsequential site I use for password length and uniqueness.

apidya
Newbie
*
Offline Offline

Activity: 5


View Profile
June 24, 2011, 12:45:08 PM
 #18

What email address did you use to register? If it's an email address that was offered to you through a trusted internet service provider, ask them if it would be sufficient to provide contract details, maybe a copy of an identity card. There are still many ways to authenticate yourself.

Feeling generous? 1LCZVfNnHJ8pFC3VuMqC5ei5WoejSu6oeQ
Clipse
Hero Member
*****
Offline Offline

Activity: 504


View Profile
June 24, 2011, 12:49:40 PM
 #19

Just claim again and add additional information like previous deposit methods/withdrawal methods and transaction details from your banking/ewallet.

That will suffice since its next to impossible that potential hacker could have those details aswell.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
rob80
Newbie
*
Offline Offline

Activity: 12


View Profile
June 24, 2011, 04:29:32 PM
 #20

And conversely, all 4 of the 14 char passwords were also variants of username/email address/domain.  Same with both 13 char passwords.

I'd wager most of the 2500 or so passwords cracked were variants of the email/username/domain.  I think there is a pretty important lesson there.

Namely, don't trust sites that "encrypt" your password with MD5 or anything similar? Don't trust sites that do not understand the fundamentals of encryption?

Read this. Bear in mind that the $2000 CUDA systems he's referring to are the same sorts of systems that are described in the BTC mining threads.

Then consider how much having a "strong" password, by any definition of "strong" you'd like, would save you under those circumstances.

Even if they used 4096 bit encryption, if your email address is awesomedude@vanitydomain.com, and your password is 4w3s0m3dud3v4n1tyd0m41n, it will take any semi-intelligent cracking system (like john) a few minutes to guess.  A 23 char password will be impossible to brute force, but if it is a variant on your name, there is a good chance to crack it in minutes rather than the expected lifetime of the sun.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!