Mtgox Account Hacked

[wonax]

My Mtgox account has been hacked .... it had $600+ .... someone with china ip address accessed the account ... move funds to BTC and withdraw it to bitcoin
      I am a developer and i m pretty sure that my system is secure with Kaspersky internet security ... and i dont get scammed with any type of phishing attack
     i don't know which type of security they had ... that anyone can access any other account....i didn't used any OTP/yubikey .... but cracking a website password indicates their bad security issues....as my system is secure, whom should i blame? me? add funds to mtgox or their website security
 

[1715386673]

1715386673

[1715386673]

1715386673

[marcovaldo]

Do you have any proof that mt.gox was compromised?
It would be much more probable that it was you.

Maybe you registered on an other website with the same password, and the website was a scam ...

[RaTTuS]

2FA
use lastpass
Kaspersky 
used the same login details elsewhere

[wonax]

i didnot made any transaction of withdrawl to bitcoin... actually i added bitcoin traded it for dollars, added a bank account ... and for waiting for bank addition verification i logged out of my account
     next day i logged into my email and get the mail of withdrawl information with ip information
Transaction reference: 530f092e-dda9-4404-86a2-5d3c8b8c44e7
Date: 2013-08-27 22:31:32 GMT
IP: 121.233.121.219

   i have the same password for bitmit.net and i think they are a trusted compay .....
My old password is working .... the person only withdrawn the fund to its btc

[marcovaldo]

keylogger, brute forced or whatever error you made.
If anyone could access mt.gox database they would NOT choose an account with only 600$ :/

Sorry for your loss though

[levino]

i didnot made any transaction of withdrawl to bitcoin... actually i added bitcoin traded it for dollars, added a bank account ... and for waiting for bank addition verification i logged out of my account
     next day i logged into my email and get the mail of withdrawl information with ip information
Transaction reference: 530f092e-dda9-4404-86a2-5d3c8b8c44e7
Date: 2013-08-27 22:31:32 GMT
IP: 121.233.121.219

   i have the same password for bitmit.net and i think they are a trusted compay .....
My old password is working .... the person only withdrawn the fund to its btc

What are you developing as "a developer"? Gameboy games? Stop whining. If you use credentials twice this has been the perfect lesson for you. Before you mess with bitcoins, do your homework. In your case probably get a BA in Computer Science. Before you know what you are doing, let the older kids play with the real money.

[wonax]

I think its brute forced .... bacause the password was dictionary based... but they can add brute force detection to their website ? or not?

[marcovaldo]

I think its brute forced .... bacause the password was dictionary based... but they can add brute force detection to their website ? or not?

You obviously chose an easy password, and the same for different website.
:/ It was a mistake.

[wonax]

yes i know ....i used the same password.... and levino i m currently MCS and doing MS(CS) ....some time develops some php websites ....And after the mistake of same pass i got my lesson from it...

[jantenner81]

i didnot made any transaction of withdrawl to bitcoin... actually i added bitcoin traded it for dollars, added a bank account ... and for waiting for bank addition verification i logged out of my account
     next day i logged into my email and get the mail of withdrawl information with ip information
Transaction reference: 530f092e-dda9-4404-86a2-5d3c8b8c44e7
Date: 2013-08-27 22:31:32 GMT
IP: 121.233.121.219

   i have the same password for bitmit.net and i think they are a trusted compay .....
My old password is working .... the person only withdrawn the fund to its btc

What are you developing as "a developer"? Gameboy games? Stop whining. If you use credentials twice this has been the perfect lesson for you. Before you mess with bitcoins, do your homework. In your case probably get a BA in Computer Science. Before you know what you are doing, let the older kids play with the real money.

+1 don't use any password twice ...

[b!z]

Scan your computer for malware. Kaspersky is not good enough.

[wonax]

If its malware then i have more bitcoins ....but they are intact

[vm1990]

Scan your computer for malware. Kaspersky is not good enough.

kaspersky is good enough but for added protection use malwarebytes now your covered all angles

if anything has to do with money use passwords with special keys like !@:. this makes it much harder for people to bruteforce a password
www.passwordmeter.com/  check out your passwords XD

[levino]

Scan your computer for malware. Kaspersky is not good enough.

kaspersky is good enough but for added protection use malwarebytes now your covered all angles

if anything has to do with money use passwords with special keys like !@:. this makes it much harder for people to bruteforce a password
www.passwordmeter.com/  check out your passwords XD

You are kidding me, right? Are all people here this badly educated about the very simple topic of internet security?

There is today only one way to do it right:

Get Lastpass and choose a really secure last password (Just read up about how to choose and remember it. 20 chars of random jibberish should be a good start. And YES everybody who has the right to vote should be able to remember such a password).
Get a Yubikey.
Get GoogleAuthenticator.
Use a unique password generated by Lastpass for every site (20 chars from all possible characters)
Use 2 Factor Auth on any service that offers it.
If Yubikey and GoogleAuth are offered, use Yubikey (Hardware before Software).

--> Sleep tight at night.

[coastermonger]

Did we confirm that OP was using 2-factor? Because that would save him the biggest headache there, even if his password was compromised it's another layer of security that can't easily be cracked

[RaTTuS]

OP said he wasn't
but the OP needs to clean his machine NOW
he has a keylogger [my guess]
also he should use lastpass after he has cleaned himself

[peonminer]

I think its brute forced .... bacause the password was dictionary based... but they can add brute force detection to their website ? or not?

A dictionary based password for your $$$? D=

[danympp81]

my account has been compromissed and after 12h nobody from mtgox got in contact with me, it seems that the address kept the BTC for a while so maybe there was something to do but they are to lazy and i am not that important.

i didn´t have the 2FA because i don´t have android mobile but that doesn´t mean that mtgox should clean their hand and do nothing. they should have some responsabilties. other exchanges request you to click a link on the email they send to confirm the transaction. if it was like that i wouldn´t been hack because my email hasn´t beeen compromissed.

i know one that will not use mtgox again and will try to do my best to expando my experience around the forums so people is aware about mtgox

[RaTTuS]

it's nothing to do with mtgox - if you use a comprised machine or share username / passwords  or use free wifi
there are many ways of 2FA
..
learn how to protect yourself online -