MtGox attack from Poland: accounts compromised

[indiekiduk]

I was a victim of this same attack today. I woke up to read a password reset email that I didn't request. I can't log in and the password reset link didn't work either. Although it did say in the reset email that Gox's main support days are Monday to Friday I replied to the reset email saying I didn't request it. And they got back to me in about an hour and said: "We apologize for the inconvenience caused. We have disabled the withdrawals on the account and we are investigating further on this. We will keep you updated."

I've seen 2 other forum users that got the same attack here:
https://bitcointalk.org/index.php?topic=178336.msg2721093#msg2721093
And another on reddit.
http://www.reddit.com/r/Bitcoin/comments/1i7ydk/psa_reminder_do_not_store_anything_of_value_at_a/

I think the OP's theory that someone can access Gox's password reset mails has some merit.

My reset was done from Belgium not Poland though:

request was made from:
> IP: 81.246.181.166
> Browser: Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.15

[1715219455]

1715219455

[1715219455]

1715219455

[1715219455]

1715219455

[1715219455]

1715219455

[1715219455]

1715219455

[shitaifan2013]

there is a german user claiming the same kind of attack:

https://bitcointalk.org/index.php?topic=255532.0

[CurbsideProphet]

Jump on irc, #mtgox, and see if you can get in touch with them that way. 

[wareen]

I was a victim of this same attack today. I woke up to read a password reset email that I didn't request. I can't log in and the password reset link didn't work either. Although it did say in the reset email that Gox's main support days are Monday to Friday I replied to the reset email saying I didn't request it. And they got back to me in about an hour and said: "We apologize for the inconvenience caused. We have disabled the withdrawals on the account and we are investigating further on this. We will keep you updated."

Exact same story here. My account should be safe though thanks to Yubikey. I'm pretty confident that neither my mail server nor my client machine was compromised but of course there's no way to be 100% sure.

I think the OP's theory that someone can access Gox's password reset mails has some merit.

+1

Here the details from my case:

Time: Sat 13 Jul 2013 07:08:17 AM GMT
IP: 173.160.58.186
Browser: Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.15

[bitcoinplaza]

I was a victim of this same attack today. I woke up to read a password reset email that I didn't request. I can't log in and the password reset link didn't work either. Although it did say in the reset email that Gox's main support days are Monday to Friday I replied to the reset email saying I didn't request it. And they got back to me in about an hour and said: "We apologize for the inconvenience caused. We have disabled the withdrawals on the account and we are investigating further on this. We will keep you updated."

Exact same story here. My account should be safe though thanks to Yubikey. I'm pretty confident that neither my mail server nor my client machine was compromised but of course there's no way to be 100% sure.

I think the OP's theory that someone can access Gox's password reset mails has some merit.

+1

Here the details from my case:

Time: Sat 13 Jul 2013 07:08:17 AM GMT
IP: 173.160.58.186
Browser: Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.15

+1
Time: Sat 13 Jul 2013 11:24:38 AM GMT
IP: 95.102.170.242
Browser: Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.15

[mjosephs]

OP is paranoid fuckball.

[indiekiduk]

Just to follow up, after waiting 24 hours after the original password reset was requested, I did a password reset myself and the email came instantly to my own email and was able to get back in and my balance was still there. So I'm assuming (along with another reddit user) they didn't manage to get into the accounts at all, just for some reason Gox deleted the original password of the accounts that got the bulk reset attempt, preventing us from logging in.

If I was as paranoid as the OP I would thing that it could have been part of some price manipulation strategy, since many users were unable to trade for 24 hours, but I guess that's a bit far fetched.

[hdcafe]

FYI,  a chinese user reported a similar issue

https://bitcointalk.org/index.php?topic=255897.0

[bitbully]

My friend had exact same thing happen to him 2 days ago. Reset email arrived and he got locked out of account. Same opera browser idenitifier. He's still waiting to get access back and check his balance.

[Kouye]

No one is losing money, stop spreading FUD

Spreading FUD you are.

Unless you post some form of proof, it's FUD.
~BCX~

Or not ?

[peetah]

I can vouch that this is happening as well.

Exactly as the OP says, except more feedback from the support staff in that they are looking into it, the funds are safe, and they acknowledge that this has affected a number of accounts.