[Hacked] Lost access saturday night.

[Meuh6879-1]

  Hello,

I have lost the access to my account : Meuh6879 at ~9h00 GMT
Password has been changed without my agreement : https://bitcointalk.org/seclog.php

I have send a PM to theymos with a couple of private informations to recover this account (i use a temporary username & temporary email in this thread).
Strangely, i don't receive the email with a password reset link.

If you can't recover the Meuh6879 from the PM privates informations (perhaps, it's not enough or too long), i want that you delete the Meuh6879 account instead.  

[KWH]

Hello,

I have lost the access to my account : Meuh6879 at ~9h00 GMT
Password has been changed without my agreement : https://bitcointalk.org/seclog.php

I have send a PM to theymos with a couple of private informations to recover this account (i use a temporary username & temporary email in this thread).
Strangely, i don't receive the email with a password reset link.

If you can't recover the Meuh6879 from the PM privates informations (perhaps, it's not enough or too long), i want that you delete the Meuh6879 account instead. 

Read the sticky in Meta.

[Meuh6879-1]

The problem is that i never :

- write a bitcoin address on the forum
- write a magic word to retrieve the account
- change the password or ask for this
- change the email

Must i re-write an other PM to cyrus with the privates informations like the PM to theymos ?

[YuginKadoya]

The problem is that i never :

- write a bitcoin address on the forum
- write a magic word to retrieve the account
- change the password or ask for this
- change the email

Must i re-write an other PM to cyrus with the privates informations like the PM to theymos ?

Wow! a legendary account that is so sad to know that a legendary account would be hack in the forum, I really feel you man but I think you need to PM theymos the proper information that he needed to simply make a change password request, I think you should read this link

https://bitcointalk.org/index.php?topic=990345.0

And simply read much information needed if possible I think this could really answer what you want to know.

[EpicFail]

The problem is that i never :

- write a bitcoin address on the forum

If the only way to reset a password through the admin is with a signed message then perhaps the forum should capture a read-only addresses when a user first signs up. This address can never be changed.

Asking somebody produce a staked an address after they lost their account seems less than ideal.

[Meuh6879-1]

https://bitcointalk.org/index.php?topic=990345.0

  Oki.

[Meuh6879-1]

Okay, i have a hacked account : https://bitcointalk.org/index.php?action=profile;u=184313;sa=showPosts

i don't have write the last post (in english) on the top of the list.
you can LOCK the username Meuh6879 to prevent spam action of the illegal (new) owner.  

[LFC_Bitcoin]

This sucks buddy, I’ve seen you post on the forum many times. I don’t think you’ll be able to get your account back unless you can sign a message from an address known to be yours.
Have you ever participated in a signature campaign? Can you sign a message from an address you used to receive payment?

[Meuh6879-1]

Well, it's life.
Not a big deal.

No, i never write an bitcoin address on the forum ... so, no signature campaign, too.

My concern is, actually, for the security of the forum in its enterity.
If someone can change the password without an email confirmation ... it's not good (not lost password, change only !).

Perhaps, the auto-logoff with timer have been implemented for this ... problem ?
I use the setting "always connect" so the forum only ask the password 1 time every 1 month.

[superresistant]

 
WTF is going on ?
Is this a massive hack ?
https://bitcointalk.org/seclog.php

While I'm here

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is superresistant from bitcointalk.org and today is 15/10/17 or as some of you might write it 2017.10.15
-----BEGIN SIGNATURE-----
1super42STHYmJbkRDUqR6oAr7hzJyN2i
G/78poq2G+AmiOVw6l6mWwiXn1xH0M520zAeuMY4vHjZCUGdiqwH8IOfijglwGvKgNYjhlUgSAp3O7pA1o8sRZc=
-----END BITCOIN SIGNED MESSAGE-----

[Karartma1]

Well, it's life.
Not a big deal.

No, i never write an bitcoin address on the forum ... so, no signature campaign, too.

My concern is, actually, for the security of the forum in its enterity.
If someone can change the password without an email confirmation ... it's not good (not lost password, change only !).

Perhaps, the auto-logoff with timer have been implemented for this ... problem ?
I use the setting "always connect" so the forum only ask the password 1 time every 1 month.

Sorry to say man but that's a really bad choice! I log for 60 minutes only and I start again if I need. I empty the cache and use the eraser every time I come here. I use VPN connection when connectin to Bitcointalk when I am abroad or away from home.
I actually do not have a single password saved on my browsers and I do not use password managers.
I'm a crazy old nut having to remember dozens of passwords.

[yefi]

Well, it's life.
Not a big deal.

No, i never write an bitcoin address on the forum ... so, no signature campaign, too.

My concern is, actually, for the security of the forum in its enterity.
If someone can change the password without an email confirmation ... it's not good (not lost password, change only !).

Perhaps, the auto-logoff with timer have been implemented for this ... problem ?
I use the setting "always connect" so the forum only ask the password 1 time every 1 month.

That's exactly what happened to me. Auto-logged on for months, then I load a page one day and I'm logged out, and the password has been reset without email notification.

The password I used should've been of sufficient complexity to prevent brute-force through the web interface as well.

[coolcoinz]

WTF is going on ?
Is this a massive hack ?
https://bitcointalk.org/seclog.php

While I'm here

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is superresistant from bitcointalk.org and today is 15/10/17 or as some of you might write it 2017.10.15
-----BEGIN SIGNATURE-----
1super42STHYmJbkRDUqR6oAr7hzJyN2i
G/78poq2G+AmiOVw6l6mWwiXn1xH0M520zAeuMY4vHjZCUGdiqwH8IOfijglwGvKgNYjhlUgSAp3O7pA1o8sRZc=
-----END BITCOIN SIGNED MESSAGE-----

Quoted for reference, although there's a thread for that.
As for the massive hack I've seen a lot of password resets via email in a short period of time. You can find days in the seclog when there was nothing going on and then like 12 email resets in 30 min. I'm pretty sure most of them was a single hacker plowing through them.

That's exactly what happened to me. Auto-logged on for months, then I load a page one day and I'm logged out, and the password has been reset without email notification.

The password I used should've been of sufficient complexity to prevent brute-force through the web interface as well.

Have you changed it after the leak? It might be a good idea to rotate passwords every 6 months in the current state of affairs  

[yefi]

Have you changed it after the leak? It might be a good idea to rotate passwords every 6 months in the current state of affairs  

Yes, for sure. To crack this one they'll need a quantum computer.

[Cyrus]

The account does look hacked. I have locked it for now.

[Meuh6879]

OK, successfully recovery.
Thanks to the moderators team.  

Please, delete or lock the "Meuh6879-1" ... i will never use it.