Bitcoin Forum
November 08, 2024, 06:03:32 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 [29] 30 31 32 33 34 »
  Print  
Author Topic: [ANN] CoinByCall.com - Get paid in BTC for listening radio over the phone  (Read 65502 times)
btcmin3r
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
May 01, 2015, 05:28:17 AM
 #561

is it just me or are the latest calls (for 2 days) not listed?
CoinByCall (OP)
Sr. Member
****
Offline Offline

Activity: 457
Merit: 250


View Profile WWW
May 02, 2015, 04:36:12 AM
 #562

CoinByCall was compromised on 29/Apr/2015. The attacker managed to steal all Bitcoins from our wallet by transferring them to his own.

He got access to the user database and changed the BTC addresses of about 110 accounts (out of 5200) to his own BTC address. He lowered the payout threshold of these accounts and after the payout mechanism got triggered, the system sent the BTC balance of about 50 user accounts to the attacker.

The system then stopped to create more transactions because the wallet didn't have any coins left.

Those ~50 users lost their Bitcoin balance. In total about 1.2 BTC were stolen.

We've restored the user database with the original users' BTC addresses and changed all passwords of all user accounts. Please perform the following steps to receive your new password via E-Mail:

1. Go to http://coinbycall.com/login
2. Enter your username at "login"
3. Enter at least 6 digits (can be anything) at "password"
4. Click on "Forgot Password?"

Your new password will then get E-mailed to you. If the E-Mail address you registered with is fake you are out of luck and your account is non-recoverable. In this case you may create a new account.

Calls were not lost.

It may take until Monday before payouts are resumed.

Although the attacker tried to hide his identity by using proxies, he made several mistakes. Therefore we were able to track the attacker down to an individual living in New England in the US. He's using Comcast to access the internet and we got several IP addresses with timestamps, for example IPv4 50.163.62.xxx on 29/Apr/2015:16:57:09 GMT+0200. His IPv6 is 2601:6:3d00:a60:f8e0:ccca:xxxx. He's got a Nexus 5 phone.

Some words to the attacker: Although the stolen amount is low, we *will* involve law enforcement and pass all documentation to them if the stolen funds are not transferred back to 1DNxMwkUt8wWoM4wfKbgySzVFsExhfWSYD by 04/May/2015. Is 1.2 BTC really worth it? Think twice about it.

We apologize for the inconvenience.
TCM
Sr. Member
****
Offline Offline

Activity: 251
Merit: 250


View Profile
May 02, 2015, 04:40:53 AM
 #563

cool story
CoinByCall (OP)
Sr. Member
****
Offline Offline

Activity: 457
Merit: 250


View Profile WWW
May 02, 2015, 04:50:23 AM
 #564

cool story

How?
INeedCoins
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
May 02, 2015, 10:54:40 AM
 #565

omg noob attacker  Undecided
pedrog
Legendary
*
Offline Offline

Activity: 2786
Merit: 1031



View Profile
May 02, 2015, 01:55:37 PM
 #566

Something is broken:

Quote
Internal Server Error

Failed to authenticate on SMTP server with username "coinbycall.donotreply@gmail.com" using 2 possible authenticators

Jay_Pal
Legendary
*
Offline Offline

Activity: 1493
Merit: 1003



View Profile
May 02, 2015, 04:35:20 PM
 #567

Something is broken:

Quote
Internal Server Error

Failed to authenticate on SMTP server with username "coinbycall.donotreply@gmail.com" using 2 possible authenticators
Same here.
Anyway, I hope you can repair the system and get the stolen btc back (preferably without using the last resort but if you need, I have my sledgehammer right here by my side. I just need a plane ticket both for me and my sledgehammer and a rental car Cheesy ).
Thank you for the update!

Best faucet EVER! - Freebitco.in
Don't Panic... - 1G8zjUzeZBfJpeCbz1MLTc6zQHbLm78vKc
Why not mine from the browser?
CoinByCall (OP)
Sr. Member
****
Offline Offline

Activity: 457
Merit: 250


View Profile WWW
May 02, 2015, 08:01:30 PM
 #568

Anyway, I hope you can repair the system and get the stolen btc back (preferably without using the last resort but if you need, I have my sledgehammer right here by my side. I just need a plane ticket both for me and my sledgehammer and a rental car Cheesy ).

Once I got his exact address I'll come back to your offer Smiley
CoinByCall (OP)
Sr. Member
****
Offline Offline

Activity: 457
Merit: 250


View Profile WWW
May 02, 2015, 08:02:15 PM
 #569

UPDATE 02/May/2015: Sorry guys, made a mistake and the "hacker" still had access to some passwords. Therefore the passwords have been changed again, please recover them once more. Sorry!

In the meantime, that guy - who calls himself Kevin Mitnick (LOL!) - tried to blackmail CBC. See http://abload.de/img/moron1sua9.png

In any case, if you are using your CBC password someplace else, indeed you should change it now.
matt4054
Legendary
*
Offline Offline

Activity: 1946
Merit: 1035



View Profile
May 03, 2015, 04:59:53 PM
 #570

Sorry about your attack, you seem to be dealing with it good.

In any case, if you are using your CBC password someplace else, indeed you should change it now.

How were the passwords hashed? This will allow us to make a self-assessment of the risks, thanks.
TCM
Sr. Member
****
Offline Offline

Activity: 251
Merit: 250


View Profile
May 03, 2015, 05:01:55 PM
 #571

What risk do you need to assess? Consider the password compromised and act appropriately.

Pro tip: If you reuse passwords at multiple sites you were doing it wrong in the first place.
Leseratte10
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile
May 03, 2015, 07:16:32 PM
 #572

The passwords were not hashed but stored in plain text (or crypted reversibely).

if you do use that password somewhere else, you should change it asap.

EDIT: And they are still being saved in plain text ...

I already posted that like two months ago: Storing plain passwords is BAD.
And now, after such a hacker attack, you really should delete all the passwords from the server and implement a secure hashing algorithm for the passwords!!
btcmin3r
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
May 05, 2015, 09:10:00 AM
 #573

Is it possible to get some new numbers?

All german and finnish numbers are blacklisted as far as I can see.  Undecided
Numbers of Poland and Netherlands are also blacklisted - at least for me.
btcmin3r
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
May 21, 2015, 05:47:34 AM
 #574

Is this project still "active"? No reply since 5th may?
btcmin3r
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
May 27, 2015, 08:18:11 AM
 #575

also the page is down... what is going on there?
CoinByCall (OP)
Sr. Member
****
Offline Offline

Activity: 457
Merit: 250


View Profile WWW
May 27, 2015, 11:27:07 AM
 #576

CBC got hacked again. Passwords were reset. Please recover your PW and verify that your BTC or LTC payout address is actually yours.
btcmin3r
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
May 28, 2015, 12:48:58 PM
 #577

Hacked again? Maybe you should invest some effort into better security?
How about new finnish numbers? They are blacklisted by the most providers...
coinpr0n
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1000



View Profile
May 28, 2015, 12:57:03 PM
 #578

Any site can get hacked, but some sites become targets and it seems yours is one since this is not the first time something like this happens. I suggest truly resolving the issue or it will just creep back in a month or two.

CoinByCall (OP)
Sr. Member
****
Offline Offline

Activity: 457
Merit: 250


View Profile WWW
May 28, 2015, 02:02:06 PM
 #579

Any site can get hacked, but some sites become targets and it seems yours is one since this is not the first time something like this happens. I suggest truly resolving the issue or it will just creep back in a month or two.

Yes, the security hole was closed.
btcmin3r
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
May 29, 2015, 10:29:43 AM
 #580

Great. Hope this is will prevent further successful attacks.

What about the payout for german numbers? Why is it that low?
All other numbers are blacklisted by my provider.
It would be great if you could change numbers for netherlands, finland and so on or raise the payout for calling to germany a bit.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 [29] 30 31 32 33 34 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!