Caution: My Hero account has been potentially compromised

[FuckThemHackers]

My Hero account (manselr) has been potentially hacked. My password doesn't work, and I can't access my email. What's weird is, when I try to recover my pass with my secret question thing for the email, the website says my email doesn't exist. I thought the email got expired because I didn't log in on there for a while, so I tried to register again the same email but it says it's not availible.. weird.

https://bitcointalk.org/index.php?action=profile;u=381190

It seems no new posts have been made and I don't remember when I exactly logged off yesterday so im not sure if someone has accessed it.

I have seen that this forum has the option to ask you "your secret question" to try to recover the password but I don't remember ever being asked to enter a secret question and answer during registration, in fact when I just registered this account, there was no such thing in the registration process.. also weird.

Anyway I have all info you need to recover my pass, including my 2 lasts passwords, email, and any address used to recieve payments in signature campaigns for example (I could sign one to prove I own these BTC addressess) but be quick in case the hacker changes the BTC addresses to his addresses to recieve the money himself, but I hope you can see any further post edits from now on and know that isn't me (in any case let it be on record that for example my last used BTC address for this campaign: https://docs.google.com/spreadsheets/d/18HG1y8z7Ua-7iWfZiKGonvDlBpLAquXknEbG1fggHXg/edit#gid=0 is 1fuCrK2gq9jiQsy375hexRnNMun8gJvJp)

[Lutpin]

My Hero account (manselr) has been potentially hacked. My password doesn't work, and I can't access my email. What's weird is, when I try to recover my pass with my secret question thing for the email, the website says my email doesn't exist. I thought the email got expired because I didn't log in on there for a while, so I tried to register again the same email but it says it's not availible.. weird.

You can't recover forum passwords using the secret question right now. Attempting to do so results in your account being locked for security reasons.

Seclog shows two actions for your account in recent times:
Today at 09:45:49 AM - manselr - password changed
Today at 09:26:08 AM - manselr - password reset via email


If you're sure you don't have access to your account anymore and want to recover your account, follow the steps here:
-> https://bitcointalk.org/index.php?topic=497545.0

[FuckThemHackers]

My Hero account (manselr) has been potentially hacked. My password doesn't work, and I can't access my email. What's weird is, when I try to recover my pass with my secret question thing for the email, the website says my email doesn't exist. I thought the email got expired because I didn't log in on there for a while, so I tried to register again the same email but it says it's not availible.. weird.

You can't recover forum passwords using the secret question right now. Attempting to do so results in your account being locked for security reasons.

Seclog shows two actions for your account in recent times:
Today at 09:45:49 AM - manselr - password changed
Today at 09:26:08 AM - manselr - password reset via email


If you're sure you don't have access to your account anymore and want to recover your account, follow the steps here:
-> https://bitcointalk.org/index.php?topic=497545.0

Someone has definitely done that and it isn't me... do you have their IP's? I will read that thread now.

[FuckThemHackers]

I have sent the PM as explained on that thread to admin "Cyrus" a couple of hours ago. How much does it take in average to get this type of thing solved? Im worried the hacker causes havok in my account.

Here's an screenshot of the post containing the BTC address I used to sign in case hacker modifies it:

http://image.ibb.co/jN5UBG/manselpost.png

Plus there's also that same address on the google spreadshet of the sig campaign.

In any case, if hacker modifies the post, I can sign any other address from ages ago in some locked thread, I think I should have one in the Bitmixer thread, but please act fast im worried.

[KWH]

I have sent the PM as explained on that thread to admin "Cyrus" a couple of hours ago. How much does it take in average to get this type of thing solved? Im worried the hacker causes havok in my account.

Here's an screenshot of the post containing the BTC address I used to sign in case hacker modifies it:



Plus there's also that same address on the google spreadshet of the sig campaign.

In any case, if hacker modifies the post, I can sign any other address from ages ago in some locked thread, I think I should have one in the Bitmixer thread, but please act fast im worried.

How about this addy: http://archive.fo/tBwvf

[FuckThemHackers]

I have sent the PM as explained on that thread to admin "Cyrus" a couple of hours ago. How much does it take in average to get this type of thing solved? Im worried the hacker causes havok in my account.

Here's an screenshot of the post containing the BTC address I used to sign in case hacker modifies it:

http://image.ibb.co/jN5UBG/manselpost.png

Plus there's also that same address on the google spreadshet of the sig campaign.

In any case, if hacker modifies the post, I can sign any other address from ages ago in some locked thread, I think I should have one in the Bitmixer thread, but please act fast im worried.

How about this addy: http://archive.fo/tBwvf

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
Hi, im manselr from bitcointalk. The date is October 10, 2017, 01:51:33 AM, the address is 14jiszwz2pLZR43LXQpFheJs8zbpX1qCYg. Please help.
-----BEGIN SIGNATURE-----
14jiszwz2pLZR43LXQpFheJs8zbpX1qCYg
IDBZuHGo0qvmTRM/is6MjiToDzM7xngU2OcXsJd/8kmfHeX0ONsnSBEHxVE2OB5Ktk1vvVuabdC4eO1LqBueBeA=
-----END BITCOIN SIGNED MESSAGE-----

There you have it. I don't want to make public the email, Cyrus has it on the PM but I still didn't get any replies back.

[KWH]

All you can do is wait. Account recovery is low priority.

[FuckThemHackers]

I wonder who is faster recovering accounts, theymos or Cyrus. I sent it to Cyrus because he was online but I saw theymos post right now :p

[KWH]

I wonder who is faster recovering accounts, theymos or Cyrus. I sent it to Cyrus because he was online but I saw theymos post right now :p

If you have already sent to theymos and he fails to see the required proof, he will ignore you after that. May have a better shot with Cyrus but don't spam him to death.

https://bitcointalk.org/index.php?topic=497545.0


    
Recovering hacked accounts or accounts with lost passwords
March 02, 2014, 08:45:09 PM
   
 #1
If you use any sort of Google email service, then the password recovery email will go to your spam folder.

If you want us to recover a hacked/lost account, you need to prove that you own it. Typically, the only acceptable method of proving ownership is by signing a message (including current date and desired new email address) using a Bitcoin address or PGP key associated with the account. A Bitcoin address or PGP key is associated with the account only if the account posted the key/address, sent it in a PM, or if it is still listed in the account's profile.

I very rarely recover accounts if you can't prove ownership as described above. There are alternative ways of proving ownership, but they take too much time. If I point you to this thread, you can't prove ownership properly, and then I ignore your future PMs, this means that I'm not going to recover your account. Create a new one.

Send one PM to either me or Cyrus. When sending a PM, use a template like this:

Quote
-----BEGIN BITCOIN SIGNED MESSAGE-----
My account <account> has been hacked/lost. Please reset the email to <email>. The current date is <date>.
-----BEGIN SIGNATURE-----
<insert address here>
<insert signature here>
-----END BITCOIN SIGNED MESSAGE-----

Here is the unedited post where I posted that address: ...
OR
I sent that address to someone in a PM with PM ID#...

All required info must be in one PM.

Do not create your temporary account using the same email address you want for the hacked/lost account. No two accounts can have the same email address.

[FuckThemHackers]

Ok I will wait.

Btw I just learned that signing such a generic message may be a mistake because someone else could use it to impersonate me...:

Another suggestion, I might be wrong though.

If you just put Bitcoin address or PGP key, it is easy to impose another person. A signed message is better.

False.

In reality is it the other way around.

The Bitcoin address or public PGP key cannot be use to impose another person.
Most user have this information public available in their signature, contact information, keybase.io etc.
But you need it to published somewhere in bitcoin talk in order to be able to retrieve your account if it gets stolen.

Publishing a generic signed message is not cleaver, it can be used by an imposter.
If you sign something, the message must include the purpose of the signed message and include the time/date.

This is an example of a not so cleaver signed message:
Message: "This is TookDk from Bitcointalk"
Signature: <the signature>

This is much better:
Message: "Date: 2015.03.19. The purpose of this message is to prove that TookDk from Bitcointalk is in control of bitcoin address 1TookDkVTaqsCn56Xo7aMfUMAUN3NhRjN at this point in time"
Signature: <the signature>

Makes sense. So should I sign the same address again with a better message? (and edit the post above)

[KWH]

Ok I will wait.

Btw I just learned that signing such a generic message may be a mistake because someone else could use it to impersonate me...:

Another suggestion, I might be wrong though.

If you just put Bitcoin address or PGP key, it is easy to impose another person. A signed message is better.

False.

In reality is it the other way around.

The Bitcoin address or public PGP key cannot be use to impose another person.
Most user have this information public available in their signature, contact information, keybase.io etc.
But you need it to published somewhere in bitcoin talk in order to be able to retrieve your account if it gets stolen.

Publishing a generic signed message is not cleaver, it can be used by an imposter.
If you sign something, the message must include the purpose of the signed message and include the time/date.

This is an example of a not so cleaver signed message:
Message: "This is TookDk from Bitcointalk"
Signature: <the signature>

This is much better:
Message: "Date: 2015.03.19. The purpose of this message is to prove that TookDk from Bitcointalk is in control of bitcoin address 1TookDkVTaqsCn56Xo7aMfUMAUN3NhRjN at this point in time"
Signature: <the signature>

Makes sense. So should I sign the same address again with a better message?

Always add the current date and even time if you wish, but I would follow the above link to the letter. You could sign another here and send Cyrus the link.

[Wicked17]

You have to be patient waiting for their reply regarding your problem case because you are not the only one who sent pm and send inquiries to them. For sure as soon as they find out that you are the real owner you will have your account back. My friend also have same issue and it was resolve after 1 week of sending pm to the mods. Just follow this steps https://bitcointalk.org/index.php?topic=497545.0

[FuckThemHackers]

Ok I will wait.

Btw I just learned that signing such a generic message may be a mistake because someone else could use it to impersonate me...:

Another suggestion, I might be wrong though.

If you just put Bitcoin address or PGP key, it is easy to impose another person. A signed message is better.

False.

In reality is it the other way around.

The Bitcoin address or public PGP key cannot be use to impose another person.
Most user have this information public available in their signature, contact information, keybase.io etc.
But you need it to published somewhere in bitcoin talk in order to be able to retrieve your account if it gets stolen.

Publishing a generic signed message is not cleaver, it can be used by an imposter.
If you sign something, the message must include the purpose of the signed message and include the time/date.

This is an example of a not so cleaver signed message:
Message: "This is TookDk from Bitcointalk"
Signature: <the signature>

This is much better:
Message: "Date: 2015.03.19. The purpose of this message is to prove that TookDk from Bitcointalk is in control of bitcoin address 1TookDkVTaqsCn56Xo7aMfUMAUN3NhRjN at this point in time"
Signature: <the signature>

Makes sense. So should I sign the same address again with a better message?

Always add the current date and even time if you wish, but I would follow the above link to the letter. You could sign another here and send Cyrus the link.

Ok edited the post above with a better message:

-----BEGIN BITCOIN SIGNED MESSAGE-----
Hi, im manselr from bitcointalk. The date is October 10, 2017, 01:51:33 AM, the address is 14jiszwz2pLZR43LXQpFheJs8zbpX1qCYg. Please help.
-----BEGIN SIGNATURE-----
14jiszwz2pLZR43LXQpFheJs8zbpX1qCYg
IDBZuHGo0qvmTRM/is6MjiToDzM7xngU2OcXsJd/8kmfHeX0ONsnSBEHxVE2OB5Ktk1vvVuabdC4eO1LqBueBeA=
-----END BITCOIN SIGNED MESSAGE-----

This should do.

The PM that I sent to Cyrus with the email included also the date so I will just wait, hopefully he sees this thread too for further proof.

[FuckThemHackers]

I just want to know: Am I supposed to get a PM reply back or I will get an email at a random time?

[FuckThemHackers]

Is any progress being made? im pretty nervous man. Is my account at least locked for now?

[Lutpin]

Is any progress being made? im pretty nervous man. Is my account at least locked for now?

Your account has negative feedback and everyone checking it can find this thread.

All you can do is wait. Account recovery is low priority.

[jkumarw]

Is any progress being made? im pretty nervous man. Is my account at least locked for now?

Account recovery is among the lowest of priorities for the admins. My account was also hacked and I had sent PMs to Cyrus few days ago. All we can do is wait, maybe send a weekly PM to admins to have a look again. Your account manselr now has negative trust. So probably members will be careful when dealing with that account for now. In the mean time, keep following your account activity. If the hacker posts anywhere, immediately post in that thread that its your account and that it has been hacked and add the link to this thread. This way, you'll be safe.

[FuckThemHackers]

Is any progress being made? im pretty nervous man. Is my account at least locked for now?

Your account has negative feedback and everyone checking it can find this thread.

All you can do is wait. Account recovery is low priority.

Yes, but giving negative feedback doesn't stop the guy from accessing the account and sending PM's, editing posts etc. It seems nuts to me that admins don't have a way to entirely block access to the account until it's solved.

What's the average to wait for the recovery? i've seen some guys waiting for more than a month, that's just not fair.

Btw I guess the negative trust can be removed later right?

Is any progress being made? im pretty nervous man. Is my account at least locked for now?

Account recovery is among the lowest of priorities for the admins. My account was also hacked and I had sent PMs to Cyrus few days ago. All we can do is wait, maybe send a weekly PM to admins to have a look again. Your account manselr now has negative trust. So probably members will be careful when dealing with that account for now. In the mean time, keep following your account activity. If the hacker posts anywhere, immediately post in that thread that its your account and that it has been hacked and add the link to this thread. This way, you'll be safe.

But it says send PM ONCE, so I don't want to send another PM to try to remind them in case the admins are grumpy about it.

I understand it's low priority but people that have been here for years like us Hero+ members should have an higher priority.

[pixie85]

Yes, but giving negative feedback doesn't stop the guy from accessing the account and sending PM's, editing posts etc. It seems nuts to me that admins don't have a way to entirely block access to the account until it's solved

At least it blocks them from earning money with your account. The last thing you'd want is for the account to get sold or for the hacker to profit from a sig campaign.

What's the average to wait for the recovery? i've seen some guys waiting for more than a month, that's just not fair.

I've seen people waiting for over 2 weeks with no response. I don't know what's going on. Is it that hard to hire someone to deal with it. I'm sure some trusted posters would be willing to help out for a few $.

Btw I guess the negative trust can be removed later right?

Yes, you just need to contact the person that gave it to you.

[jkumarw]

I was told to send weekly reminders to the admin to recover the account but not spam them with the requests.  I suspect that the admins get loads of PMs and they might miss out on a few messages. What is worrying at least for me is that, I'm unable to use my account when I needed it the most. One thing that is at least a bit satisfactory is the DT members verifying the BTC address signature and quoting the text along with their approval. This makes it a lot easier for the admins to restore the accounts.