Bitcoin Forum
November 05, 2024, 08:15:28 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: ! Mt. Gox PASSWORDS List Released - Your Password Could Be Here - Check !  (Read 8735 times)
BitcoinPorn (OP)
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500


Posts: 69


View Profile WWW
June 26, 2011, 05:53:42 AM
 #1

From Reddit

Quote
If you haven't changed your password on other sites from the MtGox debacle, you should.

I found this through IRC a few minutes ago, chances are it's already been passed around a bit before a public paste.
Edit: It looks like that amounts to about 14.5% of all the passwords available in the accounts.csv file.

Check to see if you are on the list.  Keep different passwords for everything.   I did a search and did not see this posted.

Password related threads to help you:
http://forum.bitcoin.org/index.php?topic=20004.0
http://forum.bitcoin.org/index.php?topic=20587.0

airdata
Hero Member
*****
Offline Offline

Activity: 1148
Merit: 501



View Profile
June 26, 2011, 06:02:57 AM
 #2

some of my favorites....

Quote
tupacshakur
fuckyoumike
tupac_shakur
niggernigger
n1gger!
assrape

looking at alot of the password makes me question the demographic of the bitcoin community.

▄▄▄▄███████▄▄▄▄        ▄▄▄▄███████▄▄▄▄        ▄▄▄▄███████▄▄▄▄
▄▄█████████████████▄▄  ▄▄█████████████████▄▄  ▄▄█████████████████▄▄
▄█████████████████████▄▄█████████████████████▄▄█████████████████████▄
██████████▀▀  █████████████████▀      ▀████████████████▀      ▀████████
▄█████████     ████████████████   ▄██▄   ██████████████   ▄██▄   ███████▄
████████████   ███████████████████████   ████████████████████▀   ████████
████████████   █████████████████████▀   ▄██████████████████     █████████
████████████   ███████████████████▀   ▄██████████████████████▄   ████████
▀███████████   █████████████████▀   ▄██████████████████   ▀██▀   ███████▀
███████████   ████████████████          ███████████████▄      ▄████████
▀█████████████████████▀▀█████████████████████▀▀█████████████████████▀
▀▀█████████████████▀▀  ▀▀█████████████████▀▀  ▀▀█████████████████▀▀
▀▀▀▀███████▀▀▀▀        ▀▀▀▀███████▀▀▀▀        ▀▀▀▀███████▀▀▀▀
......swap...Swap, Earn, Bridge, Mint Crypto
& NFT in Multiple Chains
.
...MVP LIVE...
.
Maged
Legendary
*
Offline Offline

Activity: 1204
Merit: 1015


View Profile
June 26, 2011, 06:05:17 AM
 #3

Moral of the story: length means nothing if your password is still easy to type

My password isn't on there, and it isn't long at all. But it's hard to type. That said, I expect it to be found in the next few days.

haydent
Full Member
***
Offline Offline

Activity: 154
Merit: 100



View Profile
June 26, 2011, 06:11:58 AM
 #4

cheers op

2x Gigabyte 6950 OC @ 920/450 w/ ati tray tools (1 shader modded) - 760Mhs on ozco.in 0% fee aus pool
btc: 1HS5Brzcsh7XkJn566XYbvfpa2JuBRBdss
datafish
Donator
Full Member
*
Offline Offline

Activity: 129
Merit: 100


Swimming in a sea of data


View Profile
June 26, 2011, 06:20:13 AM
 #5

Moral of the story: length means nothing if your password is still easy to type

My password isn't on there, and it isn't long at all. But it's hard to type. That said, I expect it to be found in the next few days.

Same here.  Relatively short password but not susceptible to a dictionary attack and containing special characters. 
Slowpok3
Full Member
***
Offline Offline

Activity: 287
Merit: 100


View Profile
June 26, 2011, 06:22:30 AM
 #6

Moral of the story: length means nothing if your password is still easy to type

My password isn't on there, and it isn't long at all. But it's hard to type. That said, I expect it to be found in the next few days.

can passwords contain characters like....  ¿ ¼ ©

mine was 13 characters long, so it looks like they only got to 12 characters in length and were almost up to mine  Shocked
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
June 26, 2011, 06:24:59 AM
 #7

some of my favorites....

Quote
tupacshakur
fuckyoumike
tupac_shakur
niggernigger
n1gger!
assrape

looking at alot of the password makes me question the demographic of the bitcoin community.
LOL, so true... also saw "pooppoop123".

Moral of the story: length means nothing if your password is still easy to type

My password isn't on there, and it isn't long at all. But it's hard to type. That said, I expect it to be found in the next few days.

can passwords contain characters like....  ¿ ¼ ©

mine was 13 characters long, so it looks like they only got to 12 characters in length and were almost up to mine  Shocked
Mine was only 9 chars, and wasn't on that list.   Huh  Is this only the unsalted pw's?
Maged
Legendary
*
Offline Offline

Activity: 1204
Merit: 1015


View Profile
June 26, 2011, 06:35:12 AM
 #8

Mine was only 9 chars, and wasn't on that list.   Huh  Is this only the unsalted pw's?
This is including salted passwords. Also, it wasn't a full bruteforce: they looked for common patterns.

Findeton
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
June 26, 2011, 06:49:33 AM
 #9

They got hacked again?

I'm happy now that I withdrew all my remaining bitcoins from Mt Gox.

Bitcoin Weekly, bitcoin analysis and commentary

14DD7MhRXuw3KDuyUuXvAsRcK4KXTT36XA
BtcNmcMiner
Full Member
***
Offline Offline

Activity: 236
Merit: 100



View Profile
June 26, 2011, 06:55:46 AM
 #10

Mine was 9 characters long a number and a dictionary word, no capitals or special characters   Sad It should have been salted, based on my join date. It is not on that list. Still a good thing I didn't have anything in Mt. Gox though. And the only reason I didn't was, IIRC, they wouldn't let me transfer in less than 1 Btc at a time.

M!R△CLE TELE     BRINGING MAGIC TO THE TELECOM INDUSTRY     JOIN US NOW!
▐▐   40% Biweekly Rewards     ▬▬▬   Calls at €0.2   ▬▬▬     Traffic from €0.01 worldwide   ▌▌
▬▬▬▬▬▬   ANN  Lightpaper  Bounty  Facebook  Twitter  Telegram   ▬▬▬▬▬▬
SpaceLord
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
June 26, 2011, 07:03:45 AM
 #11

Mike really is a fucker.

God, I hate that guy.  Angry
Valhalla1
Newbie
*
Offline Offline

Activity: 51
Merit: 0


View Profile
June 26, 2011, 07:04:58 AM
 #12

Quote
1q2w3e!Q@W#E
qwe123QWE!@#

interesting that these got cracked, was it salted?  looks like it would be more difficult to crack than a lot of the ones on that list
julz
Legendary
*
Offline Offline

Activity: 1092
Merit: 1001



View Profile
June 26, 2011, 07:05:58 AM
 #13

They got hacked again?
No. *some* of the passwords have been extracted from the *previously* released list of (lightly) encrypted passwords.
Everyone should have changed their mtgox passwords by now, and also on other services if they were silly enough to use the same password elsewhere.
This is just an interesting exercise in seeing what insecure passwords people tend to use.
The shorter, dictionary based passwords are easily cracked. The more complex ones will take time - if anyone can even be bothered.

I'm happy now that I withdrew all my remaining bitcoins from Mt Gox.

Fine - be happy. But take a little time to understand what you are being happy about.
then again..  maybe too much understanding is not a recipe for happiness...  
As you were!



@electricwings   BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
Tasty Champa
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
June 26, 2011, 07:10:21 AM
 #14

that looks to only go up to 9000, I wouldn't expect it to be complete for a couple months. You also have to assume most of them are throwaway accounts.
julz
Legendary
*
Offline Offline

Activity: 1092
Merit: 1001



View Profile
June 26, 2011, 07:11:55 AM
 #15

Quote
1q2w3e!Q@W#E
qwe123QWE!@#

interesting that these got cracked, was it salted?  looks like it would be more difficult to crack than a lot of the ones on that list

It is interesting.. but note that on a standard qwerty keyboard - it's a pattern of 6 keys at the top left.. first unshifted then shifted.

Perhaps some wannabe security guru recommended it to a bunch of suckers as an easy way to remember your complicated password?!

@electricwings   BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
tiberiandusk
Hero Member
*****
Offline Offline

Activity: 575
Merit: 500


The North Remembers


View Profile WWW
June 26, 2011, 07:12:42 AM
 #16

Mine is not there.

Bitcoin Auction House http://www.BitBid.net BTC - 1EwfBVC6BwA6YeqcYZmm3htwykK3MStW6N | LTC - LdBpJJHj4WSAsUqaTbwyJQFiG1tVjo4Uys Don't get Goxed.
d.james
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250

Firstbits: 12pqwk


View Profile
June 26, 2011, 07:31:00 AM
 #17

Mine is not there.

yet

You can not roll a BitCoin, but you can rollback some. Cheesy
Roll me back: 1NxMkvbYn8o7kKCWPsnWR4FDvH7L9TJqGG
fcmatt
Legendary
*
Offline Offline

Activity: 2072
Merit: 1001


View Profile
June 26, 2011, 07:46:48 AM
 #18

Quote
1q2w3e!Q@W#E
qwe123QWE!@#

interesting that these got cracked, was it salted?  looks like it would be more difficult to crack than a lot of the ones on that list

It is interesting.. but note that on a standard qwerty keyboard - it's a pattern of 6 keys at the top left.. first unshifted then shifted.

Perhaps some wannabe security guru recommended it to a bunch of suckers as an easy way to remember your complicated password?!

since the days of john the ripper, the config file for it allows you to put patterns that are commonly used. i assume other
password cracking tools are also configurable for such patterns. checking simple patterns on the keyboard are often the
first to fall since they are checked for that and dictionary way before the brute force takes place using a-z A-Z 1-0 shift1-0  etc....
Paperweight
Jr. Member
*
Offline Offline

Activity: 41
Merit: 41



View Profile
June 26, 2011, 08:30:02 AM
 #19

My favorite username and passwords were
Quote
UserID   Username   Email   Password            
12558   hehehe\'   0   0   0)waitfor delay\'0:      $1$ldybUNj/$jZ5XJRWM8DsOTM3FU9TyN0   
14250   &   39 union select 1   2   3   4   5   6
julz
Legendary
*
Offline Offline

Activity: 1092
Merit: 1001



View Profile
June 26, 2011, 08:49:45 AM
 #20

My favorite username and passwords were
Quote
UserID   Username   Email   Password            
12558   hehehe\'   0   0   0)waitfor delay\'0:      $1$ldybUNj/$jZ5XJRWM8DsOTM3FU9TyN0   
14250   &   39 union select 1   2   3   4   5   6

ouch. That's potentially damning for the 'no sql injection attack occurred' line.
There are also some script tags in there that I didn't notice before.


@electricwings   BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!