Bitcoin Forum
October 18, 2019, 10:19:05 AM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: 1 2 [All]
  Print  
Author Topic: Why is it so easy to hack BitcoinTalk accounts??  (Read 416 times)
The_Tribesman
Jr. Member
*
Offline Offline

Activity: 120
Merit: 6


View Profile WWW
January 31, 2018, 02:22:57 AM
 #1

Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

My question: How come it seems so easy to hack BCT accounts?? What gives??

Kobocoin - Mobile Money for Africa
1571393945
Hero Member
*
Offline Offline

Posts: 1571393945

View Profile Personal Message (Offline)

Ignore
1571393945
Reply with quote  #2

1571393945
Report to moderator
1571393945
Hero Member
*
Offline Offline

Posts: 1571393945

View Profile Personal Message (Offline)

Ignore
1571393945
Reply with quote  #2

1571393945
Report to moderator
1571393945
Hero Member
*
Offline Offline

Posts: 1571393945

View Profile Personal Message (Offline)

Ignore
1571393945
Reply with quote  #2

1571393945
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1571393945
Hero Member
*
Offline Offline

Posts: 1571393945

View Profile Personal Message (Offline)

Ignore
1571393945
Reply with quote  #2

1571393945
Report to moderator
1571393945
Hero Member
*
Offline Offline

Posts: 1571393945

View Profile Personal Message (Offline)

Ignore
1571393945
Reply with quote  #2

1571393945
Report to moderator
EcuaMobi
Legendary
*
Offline Offline

Activity: 1820
Merit: 1427


https://Ecua.Mobi


View Profile WWW
January 31, 2018, 02:57:31 AM
Merited by xxxgoodgirls (3), mprep (1)
 #2

Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

My question: How come it seems so easy to hack BCT accounts?? What gives??
I think the reasons are:
  • The breach you mention, combined with users not changing their password after that happened
  • Very poor passwords. Most of the times it's the users' fault. A strong password (32+ chars, easily achieved with password managers) changed once in a while should make very secure accounts
  • Lack of 2FA. I hope it gets implemented soon. It's not difficult at all

Thirio
Member
**
Offline Offline

Activity: 308
Merit: 45


View Profile
January 31, 2018, 03:53:19 AM
Merited by mprep (1)
 #3

    Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

    My question: How come it seems so easy to hack BCT accounts?? What gives??
    I got the same question since everyone's posting about their account was allegedly hacked. But most probably(just my opinion) those accounts were:

    1.
    The breach you mention, combined with users not changing their password after that happened

    2. Victims of phishing links (e.g. https://bitcointalk.org/index.php?topic=2846517.0)
    3. Victims of phishing sites (e.g. sites that are identical to the forum https://bitcointalk.org/index.php?topic=2841740.0)
    4. Their negligence, giving their pw to their accounts or maybe even a hint to it. Although this may seem dumb, but it's the realiylty.[/list]

    ★★★ BitCloak Bitcoin Mixer |BTC & BCH| FAST MIX | API | PGP PROOF | ESCROW ★★★
    ★ Tor and Clearnet mirrors | Payouts Every 60 seconds | Cheap 2% Service Fee | The Most Advanced Mixer | Discuss More
    The Pharmacist
    Legendary
    *
    Offline Offline

    Activity: 1666
    Merit: 3124



    View Profile
    January 31, 2018, 04:11:12 AM
     #4

    I agree with what EcuaMobi put forth there, and I've always considered that people here are greedy enough--and plain stupid enough--to fall for phishing links and malicious downloads.  We've all seen people figuratively killing each other for a task that pays 5000 satoshis or something ridiculous.  Idiots are willing to do just about anything for bitcoin, so it doesn't surprise me in the least that a lot of people are getting their password pockets picked.  

    But yeah, lately it's been crazy in meta with all the threads about getting hacked.  You'd think people would learn, but no.

    desklamp
    Newbie
    *
    Offline Offline

    Activity: 51
    Merit: 0


    View Profile
    January 31, 2018, 04:32:29 AM
     #5

    The price of a single bitcoin surged to more than $17,000 in early December, and (for now) it is still going up. But cryptocurrency isn't quite like other assets, and Bitcoin and other cryptocurrencies are surprisingly easy to steal. They're also not always easy to protect.
    You forgot to include the source of your out-dated copy/paste:
    https://www.tomsguide.com/us/how-to-protect-bitcoins,news-26260.html
    Oh no! oops sorry i forgot to add https://www.tomsguide.com/us/how-to-protect-bitcoins,news-26260.html this reference link that i got. thank you for reminding me or pointing that out.
    AfterTheFork
    Jr. Member
    *
    Offline Offline

    Activity: 203
    Merit: 3


    View Profile
    January 31, 2018, 04:34:07 AM
     #6

    Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

    My question: How come it seems so easy to hack BCT accounts?? What gives??

    The breach is all  the  problem, add to it phising links sent by newbie accounts to old members, accounts hashes can still be purchased on the dark web, based on what I've find on google.

    ripaex (https://ripaex.io/)
    Marketplace
    TryNinja
    Legendary
    *
    Offline Offline

    Activity: 1162
    Merit: 1563



    View Profile
    January 31, 2018, 05:13:53 AM
     #7

    The price of a single bitcoin surged to more than $17,000 in early December, and (for now) it is still going up. But cryptocurrency isn't quite like other assets, and Bitcoin and other cryptocurrencies are surprisingly easy to steal. They're also not always easy to protect.
    You forgot to include the source of your out-dated copy/paste:
    https://www.tomsguide.com/us/how-to-protect-bitcoins,news-26260.html
    Oh no! oops sorry i forgot to add https://www.tomsguide.com/us/how-to-protect-bitcoins,news-26260.html this reference link that i got. thank you for reminding me or pointing that out.
    Did you forget to include the source for those aswell? Roll Eyes

    A “wallet” is basically the Bitcoin equivalent of a bank account. It allows you to receive bitcoins, store them, and then send them to others. There are two main types of wallets. A hot wallet is one that you install on your own computer or mobile device. You are in complete control over the security of your coins, but since they are on a device that is connected to the internet they are less secure. The second type of wallet is a hardware wallet. They maintain high levels of security to protect your coins by storing your coins offline. Offline storage keeps your coins and ata out of reach from hackers.
    Original: https://www.buybitcoinworldwide.com/wallets/set-up/

    It seems that nearly every day there’s another report of a major hacking. And as the number of hacks increase, consumer desires for security increase as well. Blockchain is the model of internet security, that doesn’t produce a fully secure system for users. There are a number of important safety and security practices that can help to protect your private keys and therefore protect your funds.
    first it is wise to find a wallet with security measures beyond the normal wallet providers. Some wallets are now using encryption to protect the private keys. Users should always have at least two digital wallets. One wallet should be used for trading and transactional purposes, and the other wallet should be used to store savings and be kept in a secure location. This type of wallet must be a cold storage wallet. In anyway, a backup of the private keys have to be stored safely offline. This two safety tips can help you to avoid hacking your wallet.
    Original: https://cryptopotato.com/9-must-tips-securing-crypto-wallet/

    Some people don`t have enough knowledge when talking about bitcoin, they see bitcoin as an online game because they know that the value of bitcoin may goes down or goes up.Those sudden ups and downs would be bad news for them. Although bitcoin had a more than 100% return on investment in 2016, it’s also five times more volatile than the S&P 500, So for them bitcoin is an “an extremely risky investment.” they are fear that they cant get a big payday that they were hoping for.
    Original: http://time.com/money/4623650/bitcoin-invest/

    I believe there is even more examples. But I'm too lazy to look for them and those "few" examples should be enough, right?

    @OP: I know that I'm a little off topic but I didn't want to create a new thread just for this. Sorry Tongue. Btw, can anymore tell me where should I post cases like this one? Should I just create a new thread in the Meta/Reputation board or there is any "copy/pasting users" mega thread like there is for the "known alts"?

    The_Tribesman
    Jr. Member
    *
    Offline Offline

    Activity: 120
    Merit: 6


    View Profile WWW
    January 31, 2018, 08:57:42 AM
     #8

    Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

    My question: How come it seems so easy to hack BCT accounts?? What gives??
    I think the reasons are:
    • The breach you mention, combined with users not changing their password after that happened
    • Very poor passwords. Most of the times it's the users' fault. A strong password (32+ chars, easily achieved with password managers) changed once in a while should make very secure accounts
    • Lack of 2FA. I hope it gets implemented soon. It's not difficult at all
    Interesting. I changed my password to what I thought was a strong password generated using https://passwordsgenerator.net/ which 'should' be good enough.

    I guess I should have changed it more often, but has there been another breach that we don't know of, OR could it be that the site is constantly being breached so no account is really safe?

    Roll on 2FA!

    Kobocoin - Mobile Money for Africa
    xxxgoodgirls
    Legendary
    *
    Offline Offline

    Activity: 1092
    Merit: 1001


    View Profile
    January 31, 2018, 11:24:52 AM
    Merited by mprep (1)
     #9

    Other suggestions that come into my mind:

    Install Noscript on your browser.
    Even better sandbox your browser while surfing on unknown sites https://www.sandboxie.com/
    Or even better consider to install a virtual machine to split your browsing activity into safe and unsafe (you surf to bitcointalk, bank accounts, exchanges, etc only on the safe side)
    Even better use https://www.qubes-os.org/ as OS.

    In summary, the Intel Management Engine and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely. Since recent versions of it can’t be removed, this means avoiding all recent generations of Intel hardware. details https://libreboot.org/faq.html#intelme --- https://tehnoetic.com/laptops --- https://store.vikings.net/x200-ryf-certfied
    pablito1989
    Member
    **
    Offline Offline

    Activity: 238
    Merit: 18


    View Profile
    January 31, 2018, 11:29:18 AM
     #10

    2FA it's really necessary nowadays... I hope they will implement it soon..
    The_Tribesman
    Jr. Member
    *
    Offline Offline

    Activity: 120
    Merit: 6


    View Profile WWW
    January 31, 2018, 12:38:09 PM
     #11

    Other suggestions that come into my mind:

    Install Noscript on your browser.
    Even better sandbox your browser while surfing on unknown sites https://www.sandboxie.com/
    Or even better consider to install a virtual machine to split your browsing activity into safe and unsafe (you surf to bitcointalk, bank accounts, exchanges, etc only on the safe side)
    Even better use https://www.qubes-os.org/ as OS.

    I'll check it out. Thanks for the advice

    Kobocoin - Mobile Money for Africa
    LTU_btc
    Hero Member
    *****
    Online Online

    Activity: 1386
    Merit: 743



    View Profile WWW
    January 31, 2018, 12:54:34 PM
     #12

    There are several main reasons why there are so many hacked accounts. First of all, many users are using same short, easy to remember passwords on every website. It's convenient to use, but such passwords are very weak. Passwords should be more complex. It has to be longer, with random numbers and special symbols like @,#,$,฿ and similar.
    People aren't careful. They clicking phishing links, downloading stuff from suspicious websites and they getting keylogger in this way.
    Offcourse, lack of 2FA doesn't helps to protect accounts. But as I read in past, it's very difficult to integrate Google 2FA to bitcointalk. But even if 2FA would be implemented, I'm sure that there still will be many people who will not use because they think "it won't happen to my, my password is strong enough.
    My account was also hacked in past, but luckily, admin restored it. I've used strong password on Bitcointalk but it didn't helped. The problem was that that hacker was able to login to my email account (I used really weak password and no 2FA). It was not problem on Bitcointalk side and I had to blame only myself that my account was hacked.




    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
     ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
                  ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
       ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
       ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
       ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
       ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

    #1 CRYPTO CASINO & SPORTSBOOK
     WELCOME
    BONUS
    .INSTANT & FAST.
    .TRANSACTION.....
    .PROVABLY FAIR.
    ......& SECURE......
    .24/7 CUSTOMER.
    ............SUPPORT.
    BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
    Silberman
    Hero Member
    *****
    Offline Offline

    Activity: 980
    Merit: 502

    CryptoTalk.Org - Get Paid for every Post!


    View Profile
    January 31, 2018, 06:13:56 PM
     #13


    I believe there is even more examples. But I'm too lazy to look for them and those "few" examples should be enough, right?

    @OP: I know that I'm a little off topic but I didn't want to create a new thread just for this. Sorry Tongue. Btw, can anymore tell me where should I post cases like this one? Should I just create a new thread in the Meta/Reputation board or there is any "copy/pasting users" mega thread like there is for the "known alts"?

    If you want to report this user maybe you could use the thread of LoyceV about users copy pasting, I have seen some other users making their reports there, but just in case ask LoyceV if it is OK to post your reports there. This is the link.

    https://bitcointalk.org/index.php?topic=1926895

     
                                    . ██████████.
                                  .████████████████.
                               .██████████████████████.
                            -█████████████████████████████
                         .██████████████████████████████████.
                      -█████████████████████████████████████████
                   -███████████████████████████████████████████████
               .-█████████████████████████████████████████████████████.
            .████████████████████████████████████████████████████████████
           .██████████████████████████████████████████████████████████████.
           .██████████████████████████████████████████████████████████████.
           ..████████████████████████████████████████████████████████████..
           .   .██████████████████████████████████████████████████████.
           .      .████████████████████████████████████████████████.

           .       .██████████████████████████████████████████████
           .    ██████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████████████.
            .███████████████████████████████████████████████████████████
               .█████████████████████████████████████████████████████
                  .████████████████████████████████████████████████
                       ████████████████████████████████████████
                          ██████████████████████████████████
                              ██████████████████████████
                                 ████████████████████
                                   ████████████████
                                       █████████
    .CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
    lukyanli
    Jr. Member
    *
    Offline Offline

    Activity: 40
    Merit: 3


    View Profile
    February 02, 2018, 09:53:06 AM
     #14

    Most of the people are lazy with passwords. Hackers simple bruteforce the usernames with com only used passwords.
    White-Grey-Black
    Newbie
    *
    Offline Offline

    Activity: 13
    Merit: 0


    View Profile
    February 03, 2018, 11:39:07 AM
    Last edit: February 05, 2018, 05:20:08 PM by White-Grey-Black
     #15

     Here in forums, the usernames are open to the public, so it will be very easy for attackers to hack someone else account easily unless users keep a unique password for every account ( some users keep same passwords for every site). if people use the same password for every site registrations then it would be easy for attackers.

    and it would be a good idea if bitcointalk forums provide a nickname option ( so that the username won't be public and it would be difficult for intruders to do any bruteforce or other social engineering techniques).

    Thanks
    smilyfaith
    Jr. Member
    *
    Offline Offline

    Activity: 61
    Merit: 2


    View Profile
    February 03, 2018, 01:35:00 PM
     #16

    I use base keyword and combination of numbers and special characters.
    So, password is different for each sites but also easy to remember.

    I am uncomfortable with most autogenerated passwords as they are too complicated
    and can't remember when logging in from different device. It's a headache. So, I only use
    them for sites that I rarely need to login like cpanel and others.

    In the end you have to use autofill option in your browser for it.

    Also these days when creating registering most sites will not accept passwords unless they are very strong
    combination of special characters, numbers and mix of capitalization.

    Not a web developer but I think it's easy to implement the same password system
    on this forum.

     
    AmazingDynamo
    Full Member
    ***
    Offline Offline

    Activity: 245
    Merit: 100


    Revolutionizing Crypto Payment Solutions


    View Profile
    February 03, 2018, 02:23:42 PM
     #17

    Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

    My question: How come it seems so easy to hack BCT accounts?? What gives??

    it is not easy , maybe it is the negligence of the owner that is why his or her account will hack , maybe also he is transacting people giving his own acct , the bottomline for me is the negligence .

    The other reason that i see is that the weakness of the password that the owner used .

    ▀█████▄▀████▄▀███▄▀██▄▀█▄▀▄        NUPay        ▄▀▄█▀▄██▀▄███▀▄████▀▄█████▀
    ▬▬▬▬▬▬▬ ●   A New Crypto-Payment Platform   ● ▬▬▬▬▬▬▬
    █      Telegram  ]      [   Medium   ]      [   ICO Page   ]      [  Facebook  ]      [ Instagram ]      █
    mrscourge
    Newbie
    *
    Offline Offline

    Activity: 24
    Merit: 0


    View Profile
    February 03, 2018, 06:16:57 PM
     #18

    Most of the people are lazy with passwords. Hackers simple bruteforce the usernames with com only used passwords.
    I have realy many accounts which using simple password with 1 word, it's about 200+ and no one of them never have been hacked
    lucky7GamingWannaRecover
    Newbie
    *
    Offline Offline

    Activity: 3
    Merit: 0


    View Profile
    February 03, 2018, 07:57:41 PM
     #19

    i had an account for years with a super long password with symbols and everything and it still got hacked.....not much I could do but lock it RIP.
    jtipt
    Hero Member
    *****
    Offline Offline

    Activity: 924
    Merit: 526



    View Profile
    February 04, 2018, 03:08:54 AM
     #20

    Most of the people are lazy with passwords. Hackers simple bruteforce the usernames with com only used passwords.
    I have realy many accounts which using simple password with 1 word, it's about 200+ and no one of them never have been hacked
    You have been just lucky so far. Using 1 password for multiple websites is the worst thing. If one sites database gets leaked your password to multiple websites will be leaked and you will be prone to hacks.
    I would suggest rather use some password Manger like lastpass and use unique passwords for each website.
    sxafir
    Hero Member
    *****
    Offline Offline

    Activity: 1022
    Merit: 500


    View Profile
    February 04, 2018, 07:13:28 AM
     #21

    Other suggestions that come into my mind:

    Install Noscript on your browser.
    Even better sandbox your browser while surfing on unknown sites https://www.sandboxie.com/
    Or even better consider to install a virtual machine to split your browsing activity into safe and unsafe (you surf to bitcointalk, bank accounts, exchanges, etc only on the safe side)
    Even better use https://www.qubes-os.org/ as OS.

    Nothing is protect meldtown and spectre attack,even virtual machine.
    xxxgoodgirls
    Legendary
    *
    Offline Offline

    Activity: 1092
    Merit: 1001


    View Profile
    February 05, 2018, 04:11:18 PM
     #22

    Other suggestions that come into my mind:

    Install Noscript on your browser.
    Even better sandbox your browser while surfing on unknown sites https://www.sandboxie.com/
    Or even better consider to install a virtual machine to split your browsing activity into safe and unsafe (you surf to bitcointalk, bank accounts, exchanges, etc only on the safe side)
    Even better use https://www.qubes-os.org/ as OS.

    Nothing is protect meldtown and spectre attack,even virtual machine.

    What about libreboot laptops certified by the Free Software Foundation?
    https://tehnoetic.com/
    https://store.vikings.net/x200-ryf-certfied

    edit It is still unclear if they are affected or not.

    In summary, the Intel Management Engine and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely. Since recent versions of it can’t be removed, this means avoiding all recent generations of Intel hardware. details https://libreboot.org/faq.html#intelme --- https://tehnoetic.com/laptops --- https://store.vikings.net/x200-ryf-certfied
    Pages: 1 2 [All]
      Print  
     
    Jump to:  

    Sponsored by , a Bitcoin-accepting VPN.
    Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!