Why is it so easy to hack BitcoinTalk accounts??

[The_Tribesman]

Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

My question: How come it seems so easy to hack BCT accounts?? What gives??

[1713585176]

1713585176

[1713585176]

1713585176

[EcuaMobi]

Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

My question: How come it seems so easy to hack BCT accounts?? What gives??

I think the reasons are:

• The breach you mention, combined with users not changing their password after that happened
• Very poor passwords. Most of the times it's the users' fault. A strong password (32+ chars, easily achieved with password managers) changed once in a while should make very secure accounts
• Lack of 2FA. I hope it gets implemented soon. It's not difficult at all

[Thirio]

Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

My question: How come it seems so easy to hack BCT accounts?? What gives??

I got the same question since everyone's posting about their account was allegedly hacked. But most probably(just my opinion) those accounts were:

1.

The breach you mention, combined with users not changing their password after that happened

2. Victims of phishing links (e.g. https://bitcointalk.org/index.php?topic=2846517.0)
3. Victims of phishing sites (e.g. sites that are identical to the forum https://bitcointalk.org/index.php?topic=2841740.0)
4. Their negligence, giving their pw to their accounts or maybe even a hint to it. Although this may seem dumb, but it's the realiylty.[/list]

[The Sceptical Chymist]

I agree with what EcuaMobi put forth there, and I've always considered that people here are greedy enough--and plain stupid enough--to fall for phishing links and malicious downloads.  We've all seen people figuratively killing each other for a task that pays 5000 satoshis or something ridiculous.  Idiots are willing to do just about anything for bitcoin, so it doesn't surprise me in the least that a lot of people are getting their password pockets picked.  

But yeah, lately it's been crazy in meta with all the threads about getting hacked.  You'd think people would learn, but no.

[desklamp]

The price of a single bitcoin surged to more than $17,000 in early December, and (for now) it is still going up. But cryptocurrency isn't quite like other assets, and Bitcoin and other cryptocurrencies are surprisingly easy to steal. They're also not always easy to protect.

You forgot to include the source of your out-dated copy/paste:
https://www.tomsguide.com/us/how-to-protect-bitcoins,news-26260.html

Oh no! oops sorry i forgot to add https://www.tomsguide.com/us/how-to-protect-bitcoins,news-26260.html this reference link that i got. thank you for reminding me or pointing that out.

[AfterTheFork]

Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

My question: How come it seems so easy to hack BCT accounts?? What gives??

The breach is all  the  problem, add to it phising links sent by newbie accounts to old members, accounts hashes can still be purchased on the dark web, based on what I've find on google.

[TryNinja]

The price of a single bitcoin surged to more than $17,000 in early December, and (for now) it is still going up. But cryptocurrency isn't quite like other assets, and Bitcoin and other cryptocurrencies are surprisingly easy to steal. They're also not always easy to protect.

You forgot to include the source of your out-dated copy/paste:
https://www.tomsguide.com/us/how-to-protect-bitcoins,news-26260.html

Oh no! oops sorry i forgot to add https://www.tomsguide.com/us/how-to-protect-bitcoins,news-26260.html this reference link that i got. thank you for reminding me or pointing that out.

Did you forget to include the source for those aswell?

A “wallet” is basically the Bitcoin equivalent of a bank account. It allows you to receive bitcoins, store them, and then send them to others. There are two main types of wallets. A hot wallet is one that you install on your own computer or mobile device. You are in complete control over the security of your coins, but since they are on a device that is connected to the internet they are less secure. The second type of wallet is a hardware wallet. They maintain high levels of security to protect your coins by storing your coins offline. Offline storage keeps your coins and ata out of reach from hackers.

Original: https://www.buybitcoinworldwide.com/wallets/set-up/

It seems that nearly every day there’s another report of a major hacking. And as the number of hacks increase, consumer desires for security increase as well. Blockchain is the model of internet security, that doesn’t produce a fully secure system for users. There are a number of important safety and security practices that can help to protect your private keys and therefore protect your funds.
first it is wise to find a wallet with security measures beyond the normal wallet providers. Some wallets are now using encryption to protect the private keys. Users should always have at least two digital wallets. One wallet should be used for trading and transactional purposes, and the other wallet should be used to store savings and be kept in a secure location. This type of wallet must be a cold storage wallet. In anyway, a backup of the private keys have to be stored safely offline. This two safety tips can help you to avoid hacking your wallet.

Original: https://cryptopotato.com/9-must-tips-securing-crypto-wallet/

Some people don`t have enough knowledge when talking about bitcoin, they see bitcoin as an online game because they know that the value of bitcoin may goes down or goes up.Those sudden ups and downs would be bad news for them. Although bitcoin had a more than 100% return on investment in 2016, it’s also five times more volatile than the S&P 500, So for them bitcoin is an “an extremely risky investment.” they are fear that they cant get a big payday that they were hoping for.

Original: http://time.com/money/4623650/bitcoin-invest/

I believe there is even more examples. But I'm too lazy to look for them and those "few" examples should be enough, right?

@OP: I know that I'm a little off topic but I didn't want to create a new thread just for this. Sorry . Btw, can anymore tell me where should I post cases like this one? Should I just create a new thread in the Meta/Reputation board or there is any "copy/pasting users" mega thread like there is for the "known alts"?

[The_Tribesman]

Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

My question: How come it seems so easy to hack BCT accounts?? What gives??

I think the reasons are:

• The breach you mention, combined with users not changing their password after that happened
• Very poor passwords. Most of the times it's the users' fault. A strong password (32+ chars, easily achieved with password managers) changed once in a while should make very secure accounts
• Lack of 2FA. I hope it gets implemented soon. It's not difficult at all

Interesting. I changed my password to what I thought was a strong password generated using https://passwordsgenerator.net/ which 'should' be good enough.

I guess I should have changed it more often, but has there been another breach that we don't know of, OR could it be that the site is constantly being breached so no account is really safe?

Roll on 2FA!

[xxxgoodgirls]

Other suggestions that come into my mind:

Install Noscript on your browser.
Even better sandbox your browser while surfing on unknown sites https://www.sandboxie.com/
Or even better consider to install a virtual machine to split your browsing activity into safe and unsafe (you surf to bitcointalk, bank accounts, exchanges, etc only on the safe side)
Even better use https://www.qubes-os.org/ as OS.

[pablito1989]

2FA it's really necessary nowadays... I hope they will implement it soon..

[The_Tribesman]

Other suggestions that come into my mind:

Install Noscript on your browser.
Even better sandbox your browser while surfing on unknown sites https://www.sandboxie.com/
Or even better consider to install a virtual machine to split your browsing activity into safe and unsafe (you surf to bitcointalk, bank accounts, exchanges, etc only on the safe side)
Even better use https://www.qubes-os.org/ as OS.

I'll check it out. Thanks for the advice

[LTU_btc]

There are several main reasons why there are so many hacked accounts. First of all, many users are using same short, easy to remember passwords on every website. It's convenient to use, but such passwords are very weak. Passwords should be more complex. It has to be longer, with random numbers and special symbols like @,#,$,฿ and similar.
People aren't careful. They clicking phishing links, downloading stuff from suspicious websites and they getting keylogger in this way.
Offcourse, lack of 2FA doesn't helps to protect accounts. But as I read in past, it's very difficult to integrate Google 2FA to bitcointalk. But even if 2FA would be implemented, I'm sure that there still will be many people who will not use because they think "it won't happen to my, my password is strong enough.
My account was also hacked in past, but luckily, admin restored it. I've used strong password on Bitcointalk but it didn't helped. The problem was that that hacker was able to login to my email account (I used really weak password and no 2FA). It was not problem on Bitcointalk side and I had to blame only myself that my account was hacked.

[Silberman]

I believe there is even more examples. But I'm too lazy to look for them and those "few" examples should be enough, right?

@OP: I know that I'm a little off topic but I didn't want to create a new thread just for this. Sorry . Btw, can anymore tell me where should I post cases like this one? Should I just create a new thread in the Meta/Reputation board or there is any "copy/pasting users" mega thread like there is for the "known alts"?

If you want to report this user maybe you could use the thread of LoyceV about users copy pasting, I have seen some other users making their reports there, but just in case ask LoyceV if it is OK to post your reports there. This is the link.

https://bitcointalk.org/index.php?topic=1926895

[lukyanli]

Most of the people are lazy with passwords. Hackers simple bruteforce the usernames with com only used passwords.

[White-Grey-Black]

 Here in forums, the usernames are open to the public, so it will be very easy for attackers to hack someone else account easily unless users keep a unique password for every account ( some users keep same passwords for every site). if people use the same password for every site registrations then it would be easy for attackers.

and it would be a good idea if bitcointalk forums provide a nickname option ( so that the username won't be public and it would be difficult for intruders to do any bruteforce or other social engineering techniques).

Thanks

[smilyfaith]

I use base keyword and combination of numbers and special characters.
So, password is different for each sites but also easy to remember.

I am uncomfortable with most autogenerated passwords as they are too complicated
and can't remember when logging in from different device. It's a headache. So, I only use
them for sites that I rarely need to login like cpanel and others.

In the end you have to use autofill option in your browser for it.

Also these days when creating registering most sites will not accept passwords unless they are very strong
combination of special characters, numbers and mix of capitalization.

Not a web developer but I think it's easy to implement the same password system
on this forum.

 

[AmazingDynamo]

Some of you may have seen my sorry thread about my hacked account. Since writing it, I've seen so many threads with hacked account owners begging for help just like me. Even one thread where an account has been hacked more than once. I know there was a breach a few years ago but there seems to be a recent surge.

My question: How come it seems so easy to hack BCT accounts?? What gives??

it is not easy , maybe it is the negligence of the owner that is why his or her account will hack , maybe also he is transacting people giving his own acct , the bottomline for me is the negligence .

The other reason that i see is that the weakness of the password that the owner used .

[mrscourge]

Most of the people are lazy with passwords. Hackers simple bruteforce the usernames with com only used passwords.

I have realy many accounts which using simple password with 1 word, it's about 200+ and no one of them never have been hacked

[lucky7GamingWannaRecover]

i had an account for years with a super long password with symbols and everything and it still got hacked.....not much I could do but lock it RIP.

[jtipt]

Most of the people are lazy with passwords. Hackers simple bruteforce the usernames with com only used passwords.

I have realy many accounts which using simple password with 1 word, it's about 200+ and no one of them never have been hacked

You have been just lucky so far. Using 1 password for multiple websites is the worst thing. If one sites database gets leaked your password to multiple websites will be leaked and you will be prone to hacks.
I would suggest rather use some password Manger like lastpass and use unique passwords for each website.