Meuh6879-1 (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
October 15, 2017, 10:51:32 AM Last edit: October 15, 2017, 02:25:00 PM by Meuh6879-1 |
|
Hello, I have lost the access to my account : Meuh6879 at ~9h00 GMT Password has been changed without my agreement : https://bitcointalk.org/seclog.phpI have send a PM to theymos with a couple of private informations to recover this account (i use a temporary username & temporary email in this thread). Strangely, i don't receive the email with a password reset link. If you can't recover the Meuh6879 from the PM privates informations (perhaps, it's not enough or too long), i want that you delete the Meuh6879 account instead.
|
|
|
|
KWH
Legendary
Offline
Activity: 1904
Merit: 1045
In Collateral I Trust.
|
|
October 15, 2017, 10:55:43 AM |
|
Hello, I have lost the access to my account : Meuh6879 at ~9h00 GMT Password has been changed without my agreement : https://bitcointalk.org/seclog.phpI have send a PM to theymos with a couple of private informations to recover this account (i use a temporary username & temporary email in this thread). Strangely, i don't receive the email with a password reset link. If you can't recover the Meuh6879 from the PM privates informations (perhaps, it's not enough or too long), i want that you delete the Meuh6879 account instead. Read the sticky in Meta.
|
When the subject of buying BTC with Paypal comes up, I often remember this:
Insanity: doing the same thing over and over again and expecting different results.
Albert Einstein
|
|
|
Meuh6879-1 (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
October 15, 2017, 11:33:08 AM |
|
The problem is that i never :
- write a bitcoin address on the forum - write a magic word to retrieve the account - change the password or ask for this - change the email
Must i re-write an other PM to cyrus with the privates informations like the PM to theymos ?
|
|
|
|
YuginKadoya
Legendary
Offline
Activity: 3038
Merit: 1169
|
|
October 15, 2017, 11:50:05 AM |
|
The problem is that i never :
- write a bitcoin address on the forum - write a magic word to retrieve the account - change the password or ask for this - change the email
Must i re-write an other PM to cyrus with the privates informations like the PM to theymos ?
Wow! a legendary account that is so sad to know that a legendary account would be hack in the forum, I really feel you man but I think you need to PM theymos the proper information that he needed to simply make a change password request, I think you should read this link https://bitcointalk.org/index.php?topic=990345.0 And simply read much information needed if possible I think this could really answer what you want to know.
|
|
|
|
EpicFail
Member
Offline
Activity: 94
Merit: 10
|
|
October 15, 2017, 12:03:57 PM |
|
The problem is that i never :
- write a bitcoin address on the forum
If the only way to reset a password through the admin is with a signed message then perhaps the forum should capture a read-only addresses when a user first signs up. This address can never be changed. Asking somebody produce a staked an address after they lost their account seems less than ideal.
|
|
|
|
Meuh6879-1 (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
October 15, 2017, 01:02:58 PM |
|
Oki.
|
|
|
|
|
LFC_Bitcoin
Legendary
Offline
Activity: 3612
Merit: 9996
#1 VIP Crypto Casino
|
|
October 15, 2017, 01:36:13 PM |
|
This sucks buddy, I’ve seen you post on the forum many times. I don’t think you’ll be able to get your account back unless you can sign a message from an address known to be yours. Have you ever participated in a signature campaign? Can you sign a message from an address you used to receive payment?
|
|
|
|
Meuh6879-1 (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
October 15, 2017, 01:44:16 PM |
|
Well, it's life. Not a big deal.
No, i never write an bitcoin address on the forum ... so, no signature campaign, too.
My concern is, actually, for the security of the forum in its enterity. If someone can change the password without an email confirmation ... it's not good (not lost password, change only !).
Perhaps, the auto-logoff with timer have been implemented for this ... problem ? I use the setting "always connect" so the forum only ask the password 1 time every 1 month.
|
|
|
|
superresistant
Legendary
Offline
Activity: 2142
Merit: 1130
|
|
October 15, 2017, 01:56:45 PM |
|
WTF is going on ? Is this a massive hack ? https://bitcointalk.org/seclog.phpWhile I'm here -----BEGIN BITCOIN SIGNED MESSAGE----- This is superresistant from bitcointalk.org and today is 15/10/17 or as some of you might write it 2017.10.15 -----BEGIN SIGNATURE----- 1super42STHYmJbkRDUqR6oAr7hzJyN2i G/78poq2G+AmiOVw6l6mWwiXn1xH0M520zAeuMY4vHjZCUGdiqwH8IOfijglwGvKgNYjhlUgSAp3O7pA1o8sRZc= -----END BITCOIN SIGNED MESSAGE-----
|
|
|
|
Karartma1
Legendary
Offline
Activity: 2310
Merit: 1422
|
|
October 15, 2017, 04:53:08 PM |
|
Well, it's life. Not a big deal.
No, i never write an bitcoin address on the forum ... so, no signature campaign, too.
My concern is, actually, for the security of the forum in its enterity. If someone can change the password without an email confirmation ... it's not good (not lost password, change only !).
Perhaps, the auto-logoff with timer have been implemented for this ... problem ? I use the setting "always connect" so the forum only ask the password 1 time every 1 month.
Sorry to say man but that's a really bad choice! I log for 60 minutes only and I start again if I need. I empty the cache and use the eraser every time I come here. I use VPN connection when connectin to Bitcointalk when I am abroad or away from home. I actually do not have a single password saved on my browsers and I do not use password managers. I'm a crazy old nut having to remember dozens of passwords.
|
|
|
|
yefi
Legendary
Offline
Activity: 2842
Merit: 1511
|
|
October 15, 2017, 05:03:43 PM |
|
Well, it's life. Not a big deal.
No, i never write an bitcoin address on the forum ... so, no signature campaign, too.
My concern is, actually, for the security of the forum in its enterity. If someone can change the password without an email confirmation ... it's not good (not lost password, change only !).
Perhaps, the auto-logoff with timer have been implemented for this ... problem ? I use the setting "always connect" so the forum only ask the password 1 time every 1 month.
That's exactly what happened to me. Auto-logged on for months, then I load a page one day and I'm logged out, and the password has been reset without email notification. The password I used should've been of sufficient complexity to prevent brute-force through the web interface as well.
|
|
|
|
coolcoinz
Legendary
Offline
Activity: 2702
Merit: 1152
|
|
October 15, 2017, 05:25:40 PM |
|
WTF is going on ? Is this a massive hack ? https://bitcointalk.org/seclog.phpWhile I'm here -----BEGIN BITCOIN SIGNED MESSAGE----- This is superresistant from bitcointalk.org and today is 15/10/17 or as some of you might write it 2017.10.15 -----BEGIN SIGNATURE----- 1super42STHYmJbkRDUqR6oAr7hzJyN2i G/78poq2G+AmiOVw6l6mWwiXn1xH0M520zAeuMY4vHjZCUGdiqwH8IOfijglwGvKgNYjhlUgSAp3O7pA1o8sRZc= -----END BITCOIN SIGNED MESSAGE----- Quoted for reference, although there's a thread for that. As for the massive hack I've seen a lot of password resets via email in a short period of time. You can find days in the seclog when there was nothing going on and then like 12 email resets in 30 min. I'm pretty sure most of them was a single hacker plowing through them. That's exactly what happened to me. Auto-logged on for months, then I load a page one day and I'm logged out, and the password has been reset without email notification.
The password I used should've been of sufficient complexity to prevent brute-force through the web interface as well.
Have you changed it after the leak? It might be a good idea to rotate passwords every 6 months in the current state of affairs
|
|
|
|
yefi
Legendary
Offline
Activity: 2842
Merit: 1511
|
|
October 15, 2017, 07:57:32 PM |
|
Have you changed it after the leak? It might be a good idea to rotate passwords every 6 months in the current state of affairs Yes, for sure. To crack this one they'll need a quantum computer.
|
|
|
|
Cyrus
Ninja
Administrator
Legendary
Online
Activity: 3850
Merit: 3071
|
|
October 16, 2017, 02:18:07 AM |
|
The account does look hacked. I have locked it for now.
|
|
|
|
Meuh6879
Legendary
Offline
Activity: 1512
Merit: 1012
|
|
October 16, 2017, 11:22:15 AM Last edit: October 16, 2017, 11:37:31 AM by Meuh6879 |
|
OK, successfully recovery. Thanks to the moderators team. Please, delete or lock the "Meuh6879-1" ... i will never use it.
|
|
|
|
|