Account Hacking An Inside Job?

[DarkArmy]

If you guys think you are always right (along with all the sarcasm and shits), then pray tell why the fuck is the account hacking problem continue to persist for so many years?

Because people continue to use the same password for every site? It's very much possible for one to look up a username on a database lookup site to get their usernames/emails/passwords from other sites and crossmatch them until they get a combination. I guarantee you one out of every thirty to forty accounts is susceptible to getting hacked via database lookups due to not changing their password frequently and continuing to use the same password.

I do believe that the owner of the forum could change the security, however it works two ways. Some people aren't interested in all the security crap and it's a lot of effort for staff to maintain, etc.

[Dorkie]

Because people continue to use the same password for every site? It's very much possible for one to look up a username on a database lookup site to get their usernames/emails/passwords from other sites and crossmatch them until they get a combination. I guarantee you one out of every thirty to forty accounts is susceptible to getting hacked via database lookups due to not changing their password frequently and continuing to use the same password.

I do believe that the owner of the forum could change the security, however it works two ways. Some people aren't interested in all the security crap and it's a lot of effort for staff to maintain, etc.

Wrong. My password used here isn't the same as the passwords used elsewhere, I know because newer passwords that I use are far stronger.
So no crossmatch.

By the way, I wonder if you (and everyone else) have actually notice a pattern.

It appears to me that NOBODY actually directly address the email confirmation as a viable solution.
If you look at all the past arguments I had with few of them, you will realize ALL of them actually totally ignore this solution, every time I brought it up.

What are these people trying to hide?

If I were the owner of a forum, and my forum keep getting compromised, and some members suggested email confirmation as a security measure, and I see other websites are using the same feature as part of their security, I would 100% going to use the same measure to solve my problem.
If I were to delay using such measure for years and years, and still not use it as the issue gets critical, I say I would be a complete total shithead.

If you study the behavioral pattern of these people in charge of this forum, you will see they outright ignore such solution, by totally not talking about it.

Something to hide?

Edit:
Do you ever realize this?
Do you ever realize that if email confirmation feature is in place, there would be no problem even if there is crossmatch of passwords between different websites?
Do you know why?
I will let you tell me (or contradict me) why, before I tell you why it works.

Edit #2:
By the way, the only security crap I ever know of, is the excuses that some of you keep giving me to justify not solving the problem.

[pixie85]

If you guys think you are always right (along with all the sarcasm and shits), then pray tell why the fuck is the account hacking problem continue to persist for so many years?

Because people continue to use the same password for every site? It's very much possible for one to look up a username on a database lookup site to get their usernames/emails/passwords from other sites and crossmatch them until they get a combination. I guarantee you one out of every thirty to forty accounts is susceptible to getting hacked via database lookups due to not changing their password frequently and continuing to use the same password.

I do believe that the owner of the forum could change the security, however it works two ways. Some people aren't interested in all the security crap and it's a lot of effort for staff to maintain, etc.

Hacked database is probably the most plausible explanation for this wave of hacks. We have to assume that some of the accounts have given fake email addresses that they never registered, which allowed the "hackers" who got the database to check and possibly take over those addresses and reset their passwords. Also, some people never changed their passwords after the leak, making the job easy for the thieves.

What remains to be explained is the newer accounts being hacked, those that were registered after the database leak.  

Anyway, we can safely drop the theymos is stealing accounts and selling them theory.

Additional security features will be available in epochtalk. Theymos probably doesn't want to put too much work into the current forum software when the switch to epochtalk is planned anyway.
Wanna do something to make the forum more secure? Help beta test epochtalk.

I'll do that. Just hope he won't make us wait another year.

[khufuking]

Stating that there should be some work done to ensure more security to the forums is totally okay , But going so far with saying that the hacked accounts is an inside job is probably one of the dumbest thing I ever come cross . You know that this forum is the biggest cryptocurrency forum in the world ? You know that this forum is probably worth millions of dollars ? . You accuse someone who owns forum that worth a lot  of money for stealing accounts worth pennies compare to what he have , There is no logic in your talk .

[DarkArmy]

If you guys think you are always right (along with all the sarcasm and shits), then pray tell why the fuck is the account hacking problem continue to persist for so many years?

Because people continue to use the same password for every site? It's very much possible for one to look up a username on a database lookup site to get their usernames/emails/passwords from other sites and crossmatch them until they get a combination. I guarantee you one out of every thirty to forty accounts is susceptible to getting hacked via database lookups due to not changing their password frequently and continuing to use the same password.

I do believe that the owner of the forum could change the security, however it works two ways. Some people aren't interested in all the security crap and it's a lot of effort for staff to maintain, etc.

Hacked database is probably the most plausible explanation for this wave of hacks. We have to assume that some of the accounts have given fake email addresses that they never registered, which allowed the "hackers" who got the database to check and possibly take over those addresses and reset their passwords. Also, some people never changed their passwords after the leak, making the job easy for the thieves.

What remains to be explained is the newer accounts being hacked, those that were registered after the database leak.  

Anyway, we can safely drop the theymos is stealing accounts and selling them theory.

Additional security features will be available in epochtalk. Theymos probably doesn't want to put too much work into the current forum software when the switch to epochtalk is planned anyway.
Wanna do something to make the forum more secure? Help beta test epochtalk.

I'll do that. Just hope he won't make us wait another year.

If you guys think you are always right (along with all the sarcasm and shits), then pray tell why the fuck is the account hacking problem continue to persist for so many years?

Because people continue to use the same password for every site? It's very much possible for one to look up a username on a database lookup site to get their usernames/emails/passwords from other sites and crossmatch them until they get a combination. I guarantee you one out of every thirty to forty accounts is susceptible to getting hacked via database lookups due to not changing their password frequently and continuing to use the same password.

I do believe that the owner of the forum could change the security, however it works two ways. Some people aren't interested in all the security crap and it's a lot of effort for staff to maintain, etc.

Hacked database is probably the most plausible explanation for this wave of hacks. We have to assume that some of the accounts have given fake email addresses that they never registered, which allowed the "hackers" who got the database to check and possibly take over those addresses and reset their passwords. Also, some people never changed their passwords after the leak, making the job easy for the thieves.

What remains to be explained is the newer accounts being hacked, those that were registered after the database leak.  

Anyway, we can safely drop the theymos is stealing accounts and selling them theory.

Additional security features will be available in epochtalk. Theymos probably doesn't want to put too much work into the current forum software when the switch to epochtalk is planned anyway.
Wanna do something to make the forum more secure? Help beta test epochtalk.

I'll do that. Just hope he won't make us wait another year.

"What remains to be explained is the newer accounts being hacked, those that were registered after the database leak."

That too has a simple explanation. Example: search user "theymos_after_db_leak_fake_username"
Found in Database: websitehackedrecently.com (2017-03-18)
Username: xxx
Password: xxx

The accounts, while not in the Bitcointalk database, may very well be in another database which was cross-searched to find the details. Only a very limited number of people (excluding database lookups) have access to the Bitcointalk database as far as I know, and an even less number of people have the motive/ability to crack the hashes from the database (pretty strong encryption, needs a lot of power to even bother. SHA1 multiple rounds from what I remember.) so old accounts would probably be hacked using details from a newer database leak too as people tend to reuse passwords/use the same number of passwords.

[Dorkie]

Stating that there should be some work done to ensure more security to the forums is totally okay , But going so far with saying that the hacked accounts is an inside job is probably one of the dumbest thing I ever come cross . You know that this forum is the biggest cryptocurrency forum in the world ? You know that this forum is probably worth millions of dollars ? . You accuse someone who owns forum that worth a lot  of money for stealing accounts worth pennies compare to what he have , There is no logic in your talk .

Who knows what exactly is/are the reason(s) why such account hack is so widespread?
It could be money. It could be several other reasons.
You might as well ask why would the hackers choose to hack an old account instead of registering a new one.
Older accounts pay more in ICO bounty program?
Or are they taking over old accounts to create false sentiments?
My hacked Dorky account is promoting stratis, bitcoin, and genesis vision.
Another hacked account may promote the same thing.
If you are a total noob, you would be somewhat swayed to consider stratis, bitcoin, and genesis vision.
Some system somewhere else may monitor this website comment hit and start reporting that stratis, bitcoin, and genesis vision are very popular and is a buy.
If you have 1000+ hacked accounts doing similar things in a concerted way, you will have a synthetic fake community that can drive sentiments.

Besides, you guys keep talking about why this is not an inside job, about database leak, etc etc.
By right you guys should focus on this ---> email confirmation.

I will continue to bring this up until you guys are fucking fed up.

[Dorkie]

To keep talking about what could be the source/vulnerability of the hacking is one thing.

To stop further hacking right away from now onward is another.


You guys endlessly focusing on the former and totally ignore the latter, while account hacks are ongoing.

You guys are totally incompetent.

I am confident enough to say that despite not being a tech guy, I can be far more technically competent than any of you.
And telling me to go away if I don't like this forum is not exactly conducive to solving the problem.
Even if I do not exist, it is still your responsibility to set things right.

Otherwise, if you want to prove me wrong, then all you need to do is shut the fuck up and take the right action to stop the ongoing hacking right this instant.

You guys are a bunch of pathetic incompetence.

Useless, is what I can describe of you.

[DarkArmy]

To keep talking about what could be the source/vulnerability of the hacking is one thing.

To stop further hacking right away from now onward is another.


You guys endlessly focusing on the former and totally ignore the latter, while account hacks are ongoing.

You guys are totally incompetent.

I am confident enough to say that despite not being a tech guy, I can be far more technically competent than any of you.
And telling me to go away if I don't like this forum is not exactly conducive to solving the problem.
Even if I do not exist, it is still your responsibility to set things right.

Otherwise, if you want to prove me wrong, then all you need to do is shut the fuck up and take the right action to stop the ongoing hacking right this instant.

You guys are a bunch of pathetic incompetence.

Useless, is what I can describe of you.

Right, but ignorance is bliss. You seem to have done nothing before getting hacked yourself. Hence the reason no one else seems to care for now. They have the "it won't happen to me" mindset. I'd love to see the forum become more secure, but as for right now I don't see it happening - especially with a new forum coming out (?).

[Dorkie]

Right, but ignorance is bliss. You seem to have done nothing before getting hacked yourself. Hence the reason no one else seems to care for now. They have the "it won't happen to me" mindset. I'd love to see the forum become more secure, but as for right now I don't see it happening - especially with a new forum coming out (?).

Shifting the blame on me does not free you from your own responsibilities.
Or should I say, shifting the blame on me does not free the admin/moderators from their own responsibilities.

Meditate on that.

Old forum. New forum. Means nothing to me. This old forum can be made to be as good as new.
Anyone who says it can't be done, is useless.

[Dorkie]

When I suggested email to be immutable, Lauda the jackass came forward and said I am naive because pretty much every website allows email change.

So I want to ask this Lauda the jackass another question.

Pretty much every website uses email confirmation feature a part of its security, but why the fucking hell this forum isn't doing the same?

[Lauda]

Assuming you read this all as sarcasm, [...]

Thanks for cheering up my sunday morning.  

I actually thought he was serious reading the first sentence or two, but that was before I had drunk my cup of coffee. Excellent reply indeed.

That article was also written by a conspiracytard. Some idiots just don't like the truth so fiction is more sexy.

It was you all along, I knew it!

So I want to ask this Lauda the jackass another question.

Thanks for the compliment.

[LFC_Bitcoin]

There is so much money flowing through this website that I highly doubt theymos or any of the uber early adopting mods/staff have anything to do with it.

Those guys have hundreds of bitcoin’s if not more, they won’t be pissing around selling accounts for fuck all.

[Dorkie]

There is so much money flowing through this website that I highly doubt theymos or any of the uber early adopting mods/staff have anything to do with it.

Those guys have hundreds of bitcoin’s if not more, they won’t be pissing around selling accounts for fuck all.

They are probably not hacking the accounts to be sold for money.
They are probably hacking them to replace the real owners with a fake entities as part of a fake community to create the desired trends/sentiments.

Edit:
Or they are probably doing it for higher pay in bounty program.
If you want to know the actual reason why the hacking operation is ongoing for so many years, you can try to get in contact with one of the hackers and ask him/her direct.

Edit #2:
Additionally, if you want to know how is it possible for the hacking to be ongoing for so long and unstoppable, someone at the top may be thinking, "That's because an asshole like you never stack your bitcoin address here. We accept only signed bitcoin message as the ultimate one and only Mark of the Beast crypto Jewish Israel solution under the order of the Rothschilds. If you scum try to suggest any other solution to solve the hacking, let me tell you scum all of them are 100% invalid, no matter if every other websites are using them."

Edit #3:
Another shadow elite entity may also say to you, "Hey cockroach, we are trying to set a trend whereby everyone in the world will see and accept signed bitcoin message as the ultimate one and only method of validation. This will lay the right foundation and perception that bitcoin is the only way acceptable and should be worshiped. Yeah, I know there are solutions out there that work as well, but scum, they are not part of our network."

Edit #4:
I myself would say, "Hey asshole, selling hacked account for money is not the main point. The main point is why are they allowing the hacking to continue for so many years unstoppable, despite having the right solution in place to stop such hack in the very first place. But instead, they keep telling you to stay in line with a signed bitcoin message."

[kenzo tamasaki]

All of my 3 Sr Member accounts had gmx emails and all of the 3 emails didn't work. Password incorrect. Probably all expired. Don't use gmx accounts, use gmail or protonmail because they don't expire.

I told all my friends with accounts here to change their gmx account. Caution with this, a lot of people use gmx, even satoshi did (and his account got hacked too)

[otrkid70]

There is so much money flowing through this website that I highly doubt theymos or any of the uber early adopting mods/staff have anything to do with it.

Those guys have hundreds of bitcoin’s if not more, they won’t be pissing around selling accounts for fuck all.

Technically speaking...the Money "Flowing" through here does not Belong to theymos. It belongs to the Forum

When it comes to money people do stupid things to attain it so i wouldn't rule out any "Theories"

[Dorkie]

The only reason why they are not helping me recover my account in any way other than thru signed BTC message, is because if they do, then this will set a very negative precedence to their current policy (i.e. requiring stacked address and sign a message with it).

Thus, no matter what I do, will still be no use.

Their policy insisting on stacked address and signing message with it is to bring forth a trend that will be used by the Beast.


Edit:
Here's what I found so far...
1. Account hacking is an ongoing and unstoppable operation dating back to more than 4 years ago, potentially since the start of this forum.
2. Admin never bother to implement other security measures (that are widely used and proven to work) to stop this hacking operation.
3. Admin insist the one and only way anyone can ever recover his account is thru stacked address and signing a message with it.

If this doesn't give me the impression of a real conspiracy, I don't know what does.

[actmyname]

The only reason why they are not helping me recover my account in any way other than thru signed BTC message, is because if they do, then this will set a very negative precedence to their current policy (i.e. requiring stacked address and sign a message with it).

There have been cases where accounts have been recovered using other means. Not too long ago, either. If you've actually dug around enough then you would have seen such threads.In terms of email confirmation, some people don't want to use any email for BCT. That's where PGP and address verification comes in handy since they're way easier to make and dispose of.

2. Admin never bother to implement other security measures (that are widely used and proven to work) to stop this hacking operation.

And the JS captcha for logins was added because...?

[Dorkie]

The only reason why they are not helping me recover my account in any way other than thru signed BTC message, is because if they do, then this will set a very negative precedence to their current policy (i.e. requiring stacked address and sign a message with it).

There have been cases where accounts have been recovered using other means. Not too long ago, either. If you've actually dug around enough then you would have seen such threads.In terms of email confirmation, some people don't want to use any email for BCT. That's where PGP and address verification comes in handy since they're way easier to make and dispose of.

2. Admin never bother to implement other security measures (that are widely used and proven to work) to stop this hacking operation.

And the JS captcha for logins was added because...?

You are saying email confirmation is not in place because there are many some people don't want to use email address to register an account.

Wow, I assume you expect me to accept your answer as a very valid and logic one, no?


For your information, captcha for logins is to prevent bots. The captcha itself does not in any absolute sense prevent any hacking.

Edit:
Lauda the jackass said it himself/herself, that the ultimate one and only way to recover an account is thru signed btc message with a stacked address.

[Dorkie]

In terms of email confirmation, some people don't want to use any email for BCT. That's where PGP and address verification comes in handy since they're way easier to make and dispose of.

Bullshit answer.

The truth is...
1. Email confirmation should be in place because a lot of people want it, as it is also widely used and proven safe.
2. A lot of people don't want (or don't even know/aware of it) the hassle of staking their btc address and signing message with it, that's why it should not be in place nor rigidly enforced.


Pretty much every legitimate website is using email confirmation as a security feature. Why the fucking hell this forum refuse to use the same?
Few of my deleted posts here already revealed the answer why.

[BRNSTYLE]

Hey, Dorkie.
It seems you’re quite upset/obsessed with it and I think you should back off a little nevertheless I can’t blame you for being unconvincing in some of your statements.
Hope you’ll succeed in recovering your account.