Email security notifications

[theymos]

I added email notifications for some security events:

Whenever your password is changed (except by an administrator), you will get an email about it.

Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account. The link is valid for 14 days.

Let me know if you find any bugs.

[1714959229]

1714959229

[1714959229]

1714959229

[1714959229]

1714959229

[Dorkie]

You should have implemented this long ago.

Too bad for me, you implement this only after my account got hacked.
My hacked Dorky account underwent both password and email change less than 14 days ago.
And the last time I check my old email inbox, I don't see any notification there.
I suppose it is now 100% gone.

Update:
So I received notification to this "Dorkie"
But I received no notification to "Dorky" when I try to recover password for this username.
The old email address used by "Dorky" is the same as I used it with this account.

Update #2:
Pissed that my Dorky account lost to this.
Nevertheless let's hope this added security notification will help to significantly reduce (if not totally eliminate) all account hacking.
It may not be able to save my "Dorky", but at least it may save many other accounts from now onward.

[Meuh6879]

Whenever your password is changed (except by an administrator), you will get an email about it.

Verified , no problem, email received if password is changed.

+logout
+login to test changed password
= no problem.

+forgot password link
+email received to reset password
+change password
= no problem.

[Meuh6879]

Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account.
The link is valid for 14 days.

Verified, no problem.

email with LOCK command work great for my temporary account already banned after the successful recovery.

[Globb0]

Thanks Theymos this great news since we seem to be under attack a lot.

[kakawin]

Great thing to improve security! I hope there won't be so much hacks now. Thanks for your work!

P.S.
I've just tried it. No bugs have been spotted.

[_javier_]

i wish this was applied some days ago.. my hero account was stolen, it was "_javi_"

i pm´ed theymos but no response yet.
I cant sign a msg cause i didnt have a linked btc address. But i have a huge list of emails for the PM i got since 2014.. doesnt it prove ownership??

 if you look at _javi_ latest post, its SO obvious that it was stolen.. or i learned to write in a weird language i cant even recognize.. changed my email.. and changed avatar for "eidoo whatsoever" (get ready for the scam)
https://bitcointalk.org/index.php?action=profile;u=144120;sa=showPosts
(my last post was October 13, 2017, 04:52:58 PM)

theymos, Cyrus.. if you still read this thread.. plz take a look at my case.

[AmXProX]

This is a great addition to the security features of our accounts.

It will also prevent or at least lessen the number of members selling their bitcointalk account.

[maeusi]

Many thanks, theymos, for this new security feature. It is also good, that for changing email address no confirmation but locking link will be sent, because for some reasons it could be, that email is lost or a change for other reasons necessary.

[jojo69]

thanks theymos

[chencho777]

I added email notifications for some security events:

Whenever your password is changed (except by an administrator), you will get an email about it.

Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account. The link is valid for 14 days.

Let me know if you find any bugs.

Hooray! This was a MUCH needed feature. Hope I can recover my hacked account in the coming days...

PS Would it be possible to send this notification to accounts which changed password in the last, say 14 days or so? So we can recover them by ourselves?

Thanks again!

[maeusi]

I added email notifications for some security events:

Whenever your password is changed (except by an administrator), you will get an email about it.

Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account. The link is valid for 14 days.

Let me know if you find any bugs.

Hooray! This was a MUCH needed feature. Hope I can recover my hacked account in the coming days...

PS Would it be possible to send this notification to accounts which changed password in the last, say 14 days or so? So we can recover them by ourselves?

Thanks again!

That brings me a question in mind and I don't want to try out:
What will happen, if I locked my account? Can I then reset the password via email or must admin unlock?

[Meuh6879]

admin must unlock.
and hacker can not use the account (with the new email).

Ban and Lock is not the same feature.
Ban invalidate the email, you can not use this email.

So, it's good ... Ip & email can be blacklist after.

[maeusi]

admin must unlock.
and hacker can not use the account (with the new email).

Ban and Lock is not the same feature.
Ban invalidate the email, you can not use this email.

So, it's good ... Ip & email can be blacklist after.

So its still the same procedure (signed message) to get the account back (unlocked) with old email address?

[Dorkie]

Would it be possible to send this notification to accounts which changed password in the last, say 14 days or so? So we can recover them by ourselves?

I tried that on my hacked account. No.

[Quickseller]

your old email will get an email about it with a link to lock your account.

What is the procedure to get your account unlocked? What amount of resources will be put into unlocking accounts?

[theymos]

What is the procedure to get your account unlocked? What amount of resources will be put into unlocking accounts?

It's on the same level as other recovery requests. So don't do it lightly. But it's better than actually allowing your account to be/remain compromised.

When you click an account-lock link, there's a paragraph explaining this.

[recovercryptotech]

What is the procedure to get your account unlocked? What amount of resources will be put into unlocking accounts?

It's on the same level as other recovery requests. So don't do it lightly. But it's better than actually allowing your account to be/remain compromised.

When you click an account-lock link, there's a paragraph explaining this.

Hello theymos,

I emailed you two days regarding my account being hacked. https://bitcointalk.org/index.php?action=profile;u=397698
It looks that it was hacked on October 15th.  You can see all the activity thats taken place since its been hacked. Random post on ICO threads, airdrops, speaking in Russian, etc.  Also looks as if he has went and deleted alot of my post.  You can see my main thread for TheCryptoChat here https://bitcointalk.org/index.php?topic=1574268.0

You added this feature for the email today but can you make that work for an account that was just compromised a 3 days ago?  I would really like to get my account back if at all possible as its been my account since 2014 and most know me by my username.  If you check your email you should see an email from me on Oct. 16th the day I noticed my account was hacked.

Hope to hear from you soon. Thanks.

[TTITA]

Thank theymos,

is this email security features can request new password if we forgot it?

[BCTBF]

Great work, I hope this feature will continue to exist to prevent and anticipate hacked accounts.
Thanks theymos.