Bitcoin Forum
December 11, 2017, 11:51:59 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: 1 2 [All]
  Print  
Author Topic: WARNING - MTGOX HACKING CONTINUES READ INSIDE NOW  (Read 5957 times)
Justsomeforumuser
Member
**
Offline Offline

Activity: 84


View Profile
June 28, 2011, 11:39:05 PM
 #1

Hi,

I just had notification that someone on

80.237.226.75
aka
tor5.anonymizer.ccc.de  (a TOR node, aka anonymous making onion routing network)

tried to reset my MtGox password via email.

THIS IS LIKELY HAPPENING EN MASSE TO ALL MTGOX USERS!

Please be aware that your MtGox account is _STILL_ at risk and that although it is not MtGox's fault, you should ASAP change all of your email addresses and passwords to new, non-guessable entries so that your MtGox account won't be hacked/stolen.



Edit:
This email with 100% certainty arrived at the NEW email address I entered on the claims page.
So if this is NOT a valid MtGox E-Mail to warn me of a malicious password recovery attempt by a third party(option A), but someone else's mail(option B), then the NEW email / email database must have gotten out somehow, which in turn would have other implications.

The mail I supplied is solely in use for MtGox.



End of PSA.

Ho-Hum.
1513036319
Hero Member
*
Offline Offline

Posts: 1513036319

View Profile Personal Message (Offline)

Ignore
1513036319
Reply with quote  #2

1513036319
Report to moderator
1513036319
Hero Member
*
Offline Offline

Posts: 1513036319

View Profile Personal Message (Offline)

Ignore
1513036319
Reply with quote  #2

1513036319
Report to moderator
1513036319
Hero Member
*
Offline Offline

Posts: 1513036319

View Profile Personal Message (Offline)

Ignore
1513036319
Reply with quote  #2

1513036319
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513036319
Hero Member
*
Offline Offline

Posts: 1513036319

View Profile Personal Message (Offline)

Ignore
1513036319
Reply with quote  #2

1513036319
Report to moderator
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 28, 2011, 11:40:28 PM
 #2

This is merely a phishing email. NO DOT RESPOND TO IT. Your email address was leaked earlier, people are playing with you.

DO NOT FOLLOW ANY DIRECTIONS IN THE EMAIL.

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
Chick
Member
**
Offline Offline

Activity: 70


View Profile
June 28, 2011, 11:46:52 PM
 #3

Hi,

I just had notification that someone on

80.237.226.75
aka
tor5.anonymizer.ccc.de  (a TOR node, aka anonymous making onion routing network)

tried to reset my MtGox password via email.

THIS IS LIKELY HAPPENING EN MASSE TO ALL MTGOX USERS!

Please be aware that your MtGox account is _STILL_ at risk and that although it is not MtGox's fault, you should ASAP change all of your email addresses and passwords to new, non-guessable entries so that your MtGox account won't be hacked/stolen.


End of PSA.


I think that was me ^_^.

loljk

Justsomeforumuser
Member
**
Offline Offline

Activity: 84


View Profile
June 28, 2011, 11:50:57 PM
 #4

This is merely a phishing email. NO DOT RESPOND TO IT. Your email address was leaked earlier, people are playing with you.

DO NOT FOLLOW ANY DIRECTIONS IN THE EMAIL.

You had me going for a second there..but no, this email arrived to the NEW address that I added AFTER the claim/reset page.

So either that got leaked, or it was indeed a password reset attempt.

Ho-Hum.
proudhon
Legendary
*
Offline Offline

Activity: 1260



View Profile
June 28, 2011, 11:53:25 PM
 #5

This is merely a phishing email. NO DOT RESPOND TO IT. Your email address was leaked earlier, people are playing with you.

DO NOT FOLLOW ANY DIRECTIONS IN THE EMAIL.

You had me going for a second there..but no, this email arrived to the NEW address that I added AFTER the claim/reset page.

So either that got leaked, or it was indeed a password reset attempt.

It'd be nice if they'd put announcements on MtGox notifying users of this sort of thing.
godofal
Full Member
***
Offline Offline

Activity: 160


TACNAYN - destroyer of worlds


View Profile
June 28, 2011, 11:56:53 PM
 #6



I think that was me ^_^.

loljk

lol'd

AtlasONo
Hero Member
*****
Offline Offline

Activity: 551



View Profile
June 29, 2011, 12:00:13 AM
 #7

Even if it were real it dosen't count as hacking...  and I can't see you being at much risk considering all you need is a user name or e-mail to initiate a password recovery.  Roll Eyes
Justsomeforumuser
Member
**
Offline Offline

Activity: 84


View Profile
June 29, 2011, 12:03:20 AM
 #8

Even if it were real it dosen't count as hacking...  and I can't see you being at much risk considering all you need is a user name or e-mail to initiate a password recovery.  Roll Eyes

My point was to warn people to change the password to their email accounts if they haven't done so already.
I'm aware that anyone who had one of the leaked lists could just mass-request password recovery via either username or email account; that's kind of what I am saying in the first place.


--
I like the part where the community's first reaction to someone trying to spare some people a loss of their account is "LULZ"  and "BLahrblerpyeawhatever".

And I thought I was a troll to the BTC userbase.

Ho-Hum.
AtlasONo
Hero Member
*****
Offline Offline

Activity: 551



View Profile
June 29, 2011, 12:04:31 AM
 #9

This is merely a phishing email. NO DOT RESPOND TO IT. Your email address was leaked earlier, people are playing with you.

DO NOT FOLLOW ANY DIRECTIONS IN THE EMAIL.

You had me going for a second there..but no, this email arrived to the NEW address that I added AFTER the claim/reset page.

So either that got leaked, or it was indeed a password reset attempt.

It'd be nice if they'd put announcements on MtGox notifying users of this sort of thing.

They did say this more than a week ago "DO NOT DOWNLOAD ANYTHING

If you receive ANY email which seems coming from Mt.Gox asking you to download something (certificate, generating program, etc), DO NOT DOWNLOAD. Do not either input your password on any site which is not MTGOX.COM."
Justsomeforumuser
Member
**
Offline Offline

Activity: 84


View Profile
June 29, 2011, 12:05:45 AM
 #10

Quote
They did say this more than a week ago "DO NOT DOWNLOAD ANYTHING

If you receive ANY email which seems coming from Mt.Gox asking you to download something (certificate, generating program, etc), DO NOT DOWNLOAD. Do not either input your password on any site which is not MTGOX.COM."

The mail simply said to report back to them if this request was made fraudulently and listed the IP address of the guy who tried it => the one I posted in the OP.


Maybe someone could get an official comment and see whether Mt.Gox@w001.mo.us.xta.net is a "proper" MtGox email address / domain or fake, too.

Ho-Hum.
Adam
Full Member
***
Offline Offline

Activity: 238


View Profile
June 29, 2011, 12:06:19 AM
 #11

Who cares if people can do mass recovery though, since they can't access your e-mail it doesn't do anything?  That's why all those e-mails just say if you didn't request to reset your password just delete the e-mail.  Not exactly a big security flaw.

BattleTitans.io  ▼  Mobile PvP Arena of the Future  ▼  BattleTitans.io
The Most Promising ICO in October    [Join Now!]

▼  [FB]  ▬  [TW]  ▬  [TG]  ▬▬▬  [YU]  ▼
EricJ2190
Full Member
***
Offline Offline

Activity: 134


View Profile
June 29, 2011, 12:07:53 AM
 #12

This is merely a phishing email. NO DOT RESPOND TO IT. Your email address was leaked earlier, people are playing with you.

DO NOT FOLLOW ANY DIRECTIONS IN THE EMAIL.

It might not be a phishing email. Somebody has been requesting password resets on a number of Mt. Gox users, myself included. But either way, you should probably just ignore it.
AtlasONo
Hero Member
*****
Offline Offline

Activity: 551



View Profile
June 29, 2011, 12:08:41 AM
 #13

Even if it were real it dosen't count as hacking...  and I can't see you being at much risk considering all you need is a user name or e-mail to initiate a password recovery.  Roll Eyes


I like the part where the community's first reaction to someone trying to spare some people a loss of their account is "LULZ"  and "BLahrblerpyeawhatever".

And I thought I was a troll to the BTC userbase.

I like the part where you make unsubstantiated fear mongering claims in the topic title in all caps then reiterate something everyone on here already knows and has read 100's of times this past week "change your password".

Just sayin.
Justsomeforumuser
Member
**
Offline Offline

Activity: 84


View Profile
June 29, 2011, 12:08:48 AM
 #14

Who cares if people can do mass recovery though, since they can't access your e-mail it doesn't do anything?  That's why all those e-mails just say if you didn't request to reset your password just delete the e-mail.  Not exactly a big security flaw.

Okay, I admit, I put this OP and thread in simple and broad enough terms.

What I was saying was: If your old email password is still the same as it was before reclaiming your account, change it.

If you did not, you are still at risk of whoever may have gotten into your MtGox possibly also having your email password(if, for example, you used the same one for MtGox or it got bruteforced/guessed then already).

Again, I love how the common reaction is "Fuck you for trying to prevent theft and warning people".

Ho-Hum.
Justsomeforumuser
Member
**
Offline Offline

Activity: 84


View Profile
June 29, 2011, 12:10:55 AM
 #15

Quote
I like the part where you make unsubstantiated fear mongering claims

Either a) some is blindly trying to recover account passwords via reset attempts or b) someone is mass-mailing people.

How is either of those things if it is actually real and happening "unsubstantiated"?
It's one of the two. I got the mail.

Something is happening by people who are not well-willed towards normal users, I posted about it.

You on the other hand are just being a dick about trying to tell people to be vigilant/safe.



Ho-Hum.
finack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 29, 2011, 12:11:54 AM
 #16

Again, I love how the common reaction is "Fuck you for trying to prevent theft and warning people".

The problem is it's kind of like yelling "FIRE! FIRE... If I put my hand in my pocket and pull out my lighter I can make FIRE"
einsteinx2
Newbie
*
Offline Offline

Activity: 27


View Profile
June 29, 2011, 12:13:53 AM
 #17

Again, I love how the common reaction is "Fuck you for trying to prevent theft and warning people".

No the common reaction is "Fuck you for fearmongering". Obviously everyone should be using a new password. Mt. Gox themselves made that pretty clear on top of it being common sense. But "WARNING - MTGOX HACKING CONTINUES READ INSIDE NOW" is a fearmongering title, plain and simple. That's why people reacted the way they did.
Justsomeforumuser
Member
**
Offline Offline

Activity: 84


View Profile
June 29, 2011, 12:15:57 AM
 #18

One other thing:

This email with 100% certainty arrived at the NEW email address I entered on the claims page.
So if this is NOT a valid MtGox E-Mail to warn me of a malicious password recovery attempt by a third party, but someone else's mail, then the NEW email / email database must have gotten out somehow, which in turn would have other implications.

The mail I supplied is solely in use for MtGox.

--------


As for fearmongering: I still have my MtGox account, I still have my BTC in there and I still have my money in there.

I don't see why I would be or should be fearmongering, let alone what good it would be to me, personally. So WTF people.

It's a warning. It says warning. That's what it is supposed to be. If warning someone causes fear instead of awareness then that's up to the person receiving the warning.

I tried to lay out what's happening. I made a suggestion for safety.
I did not suggest panicking, selling all BTC and closing the account.

See the difference?

Ho-Hum.
AtlasONo
Hero Member
*****
Offline Offline

Activity: 551



View Profile
June 29, 2011, 12:19:51 AM
 #19

One other thing:

This email with 100% certainty arrived at the NEW email address I entered on the claims page.
So if this is NOT a valid MtGox E-Mail to warn me of a malicious password recovery attempt by a third party, but someone else's mail, then the NEW email / email database must have gotten out somehow, which in turn would have other implications.

The mail I supplied is solely in use for MtGox.

--------


See now that's highly important information that should have been included in the original post.
Justsomeforumuser
Member
**
Offline Offline

Activity: 84


View Profile
June 29, 2011, 12:23:45 AM
 #20

Quote
See now that's highly important information that should have been included in the original post.

No I think our time would be much better spent with every single contribution other than mine basically trying to negatively sanction any attempts at rooting out risks towards real money, BTC and accounts while I get my mind boggled by that some more.

Ho-Hum.
Serge
Legendary
*
Offline Offline

Activity: 1050


View Profile
June 29, 2011, 12:31:02 AM
 #21

One other thing:

This email with 100% certainty arrived at the NEW email address I entered on the claims page.
So if this is NOT a valid MtGox E-Mail to warn me of a malicious password recovery attempt by a third party, but someone else's mail, then the NEW email / email database must have gotten out somehow, which in turn would have other implications.

The mail I supplied is solely in use for MtGox.

--------

I've registered at MtGox after they restored their service. Have not got any emails or phishing attempts
Justsomeforumuser
Member
**
Offline Offline

Activity: 84


View Profile
June 29, 2011, 12:35:51 AM
 #22

I suspect the people targeted(if it was more than just me, who knows how much or little they tried) are those that were part of the leaked DBs and lists.

If you're a "newly joined", you should not be in those.

Would love to hear some official word on this, even if - hopefully - this is all just a "storm in a waterglass" as opposed to anything really/truly dangerous.

I mostly want to know my (new) data isn't compromised and that this was indeed their official notification email.

Ho-Hum.
Serge
Legendary
*
Offline Offline

Activity: 1050


View Profile
June 29, 2011, 12:50:19 AM
 #23

Then it doesn't make sense to me. you said you provided mtgox with the new email after claims site was open to reset password and that you got this email to your newly provided email addie. if that true how newly created accounts defer from your account with newly provided email?  if db was hacked and there are phishing attempts then I'm sure my email would be target as well.   if the email is indeed from mtgox, then someone is targeting your account specifically, i'm not sure if they used your old email address to try to reset the password and mtgox's system somehow associated it with your newly provided email and sent it there.  


please post complete email including headers, you can xxxx your email addie in it
sebdude420
Sr. Member
****
Offline Offline

Activity: 364

Bitcoin Hero


View Profile WWW
June 29, 2011, 01:20:26 AM
 #24

if i was you i would change your MT.Gox account Completely.

New email associated with it, new name, and send/receive adressing.

i would not trust using my old accounts. im in the process of remaking all my accounts that were associated with that mtgox hack incident.


NO_SLAVE
Jr. Member
*
Offline Offline

Activity: 56


DEBT IS SLAVERY


View Profile
June 29, 2011, 01:26:23 AM
 #25


Again, I love how the common reaction is "Fuck you for trying to prevent theft and warning people".

yeh, no good deed goes unpunished, especially with heathens.
Klestin
Hero Member
*****
Offline Offline

Activity: 494


View Profile
June 29, 2011, 01:39:31 AM
 #26

Someone visited the "Forgot Password" page (https://mtgox.com/users/forgot) at Mt.Gox and entered your email or username?

So?   Huh
jgraham
Full Member
***
Offline Offline

Activity: 140


<Pretentious and poorly thought out latin phrase>


View Profile
June 29, 2011, 01:49:24 AM
 #27

Even if it were real it dosen't count as hacking...  and I can't see you being at much risk considering all you need is a user name or e-mail to initiate a password recovery.  Roll Eyes

My point was to warn people to change the password to their email accounts if they haven't done so already.
I'm aware that anyone who had one of the leaked lists could just mass-request password recovery via either username or email account; that's kind of what I am saying in the first place.


--
I like the part where the community's first reaction to someone trying to spare some people a loss of their account is "LULZ"  and "BLahrblerpyeawhatever".

And I thought I was a troll to the BTC userbase.
Uh...step me through this one.   Ok someone knows your username (because it was in the DB that's sitting, among other places on my HD) and they go here: https://mtgox.com/users/forgot and type it in.   Then Mt. Gox sends an email with a confirmation # to your email address.

Now because of this you are saying we should change our passwords on our email accounts?

Why exactly?  If they're using the "forgot" page they don't even know your email address and unless your email address had the same password as your old Mt. Gox account they have little chance of guessing it.

I'm rather good with Linux.  If you're having problems with your mining rig I'll help you out remotely for 0.05.  You can also propose a flat-rate for some particular task.  PM me for details.
Justsomeforumuser
Member
**
Offline Offline

Activity: 84


View Profile
June 29, 2011, 09:41:48 AM
 #28

Quote
Now because of this you are saying we should change our passwords on our email accounts?

Why exactly?  If they're using the "forgot" page they don't even know your email address and unless your email address had the same password as your old Mt. Gox account they have little chance of guessing it.

There was some vivid discussion over here http://forum.bitcoin.org/index.php?topic=23705.0 where the list of hacked passwords was published whether it was possible they could all have been brute forced.

Whether someone manages to get your email login via brute force, dictionary or social hacking/phishing, they could one way or another gain access to it(unless you are implying email accounts are the most unhackable thing in the world).

Having a strong and new email password is bad and a turrrrribull hassle(this is how it seems to be portrayed at the moment) how?


Anyway, I'm done with this thread.
In the future everyone can go suit themselves and I'll keep any heads-up about security issues to myself.

Ho-Hum.
jgraham
Full Member
***
Offline Offline

Activity: 140


<Pretentious and poorly thought out latin phrase>


View Profile
June 29, 2011, 11:55:06 AM
 #29

There was some vivid discussion over here http://forum.bitcoin.org/index.php?topic=23705.0 where the list of hacked passwords was published whether it was possible they could all have been brute forced.
Yes, I have the password file and I've run it through oclHashcat too.

Quote
Whether someone manages to get your email login via brute force, dictionary or social hacking/phishing,
No, I'm saying that "brute forcing" in the thread refers to recalculating the hashed passwords in the password file.  Unless your email password is the same as the one you used on Mt. Gox you are now talking about a completely different kind of attack.  For which the chances of success are equal to whatever measures are in place by your email provider, how easily you fall for a social engineering/phishing attack and the strength of your password.   Unless the password you have on your email right now is weak or the same as your Mt. Gox password.   There is absolutely no advantage in changing it.

Quote
Having a strong and new email password is bad and a turrrrribull hassle(this is how it seems to be portrayed at the moment) how?

No, it's just that the only useful advice one can extract from your statements are:

i) Change your password if it was the same as your old Mt. Gox password.  Advice that was given my Mt. Gox ages ago
ii) If your password for your email is weak.  Change it.  Advice that is probably older than you are


I'm rather good with Linux.  If you're having problems with your mining rig I'll help you out remotely for 0.05.  You can also propose a flat-rate for some particular task.  PM me for details.
Pages: 1 2 [All]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!