Bitcoin Forum
December 07, 2016, 10:13:29 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: I just got hacked!  (Read 2634 times)
Dansker
Hero Member
*****
Offline Offline

Activity: 740


Hello world!


View Profile
July 26, 2011, 02:46:12 PM
 #1

Hello fellow bitcoiners.

Learning the hard way last time MtGox was hacked, I made a seperate e-mail account for use on bitcoin related sites I don't really trust.

Now that e-mail has been hacked, and I have just recovered my access to it.

The hacker, according to gmail, was:

Browser  Lithuania (78.58.51.114)  Jul 25 (16 hours ago)

Only thing he could have compromised using this e-mail is my account with bitbetter, the other accounts I had made using this e-mail were worthless stuff.

Just though I would let you guys know that people are actively trying to access e-mail adresses used for bitcoin related stuff!

1481148809
Hero Member
*
Offline Offline

Posts: 1481148809

View Profile Personal Message (Offline)

Ignore
1481148809
Reply with quote  #2

1481148809
Report to moderator
1481148809
Hero Member
*
Offline Offline

Posts: 1481148809

View Profile Personal Message (Offline)

Ignore
1481148809
Reply with quote  #2

1481148809
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481148809
Hero Member
*
Offline Offline

Posts: 1481148809

View Profile Personal Message (Offline)

Ignore
1481148809
Reply with quote  #2

1481148809
Report to moderator
1481148809
Hero Member
*
Offline Offline

Posts: 1481148809

View Profile Personal Message (Offline)

Ignore
1481148809
Reply with quote  #2

1481148809
Report to moderator
1481148809
Hero Member
*
Offline Offline

Posts: 1481148809

View Profile Personal Message (Offline)

Ignore
1481148809
Reply with quote  #2

1481148809
Report to moderator
klaus
Legendary
*
Offline Offline

Activity: 1652



View Profile
July 26, 2011, 02:55:57 PM
 #2


since it is available a have a yubikey from mtgox. 4 days after free order i had it in my hands in germany. after the first login via yubikey i can not login without in my account. i feel very save now.

bitmessage:BM-2D9c1oAbkVo96zDhTZ2jV6RXzQ9VG3A6f1​
threema:HXUAMT96
BusmasterDMA
Member
**
Offline Offline

Activity: 118



View Profile
July 26, 2011, 03:46:06 PM
 #3

Now that e-mail has been hacked, and I have just recovered my access to it.

The hacker, according to gmail, was:

Browser  Lithuania (78.58.51.114)  Jul 25 (16 hours ago)

Just curious how would you guess they gained access to your gmail account?

Trojan keylogger on a system you've used?
Lucky guess of the password?
Knowing answers to account recovery questions?

Bears.  Beets.  Battlestar Galactica.  Bitcoin.
Mousepotato
Hero Member
*****
Offline Offline

Activity: 896


Seal Cub Clubbing Club


View Profile
July 26, 2011, 06:46:02 PM
 #4

Turn on 2-step verification.  So even if you have a keylogger on your system, it wouldn't matter.  But then again your Email account would probably be the last of your worries if you had a logger.

Mousepotato
jackjack
Hero Member
*****
Offline Offline

Activity: 882


May Bitcoin be touched by his Noodly Appendage


View Profile
July 26, 2011, 06:47:47 PM
 #5

Now that e-mail has been hacked, and I have just recovered my access to it.

The hacker, according to gmail, was:

Browser  Lithuania (78.58.51.114)  Jul 25 (16 hours ago)

Just curious how would you guess they gained access to your gmail account?

Trojan keylogger on a system you've used?
Lucky guess of the password?
Knowing answers to account recovery questions?
Bruteforce on the leaked Mtgox accounts file

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526


View Profile
July 26, 2011, 06:48:22 PM
 #6

This usually means a site you signed up with has been hacked and the password database dumped. A list of sites that you used it to register with would be helpful.
Mousepotato
Hero Member
*****
Offline Offline

Activity: 896


Seal Cub Clubbing Club


View Profile
July 26, 2011, 06:48:30 PM
 #7


since it is available a have a yubikey from mtgox. 4 days after free order i had it in my hands in germany. after the first login via yubikey i can not login without in my account. i feel very save now.

How'd you get your Yubikey for free?  They're asking $29.99 for them now Sad

Mousepotato
klaus
Legendary
*
Offline Offline

Activity: 1652



View Profile
July 26, 2011, 06:57:33 PM
 #8

since it is available a have a yubikey from mtgox. 4 days after free order i had it in my hands in germany. after the first login via yubikey i can not login without in my account. i feel very save now.
How'd you get your Yubikey for free?  They're asking $29.99 for them now Sad

I was one with rolling back trades after the flash-crash.

bitmessage:BM-2D9c1oAbkVo96zDhTZ2jV6RXzQ9VG3A6f1​
threema:HXUAMT96
Dansker
Hero Member
*****
Offline Offline

Activity: 740


Hello world!


View Profile
July 26, 2011, 09:28:21 PM
 #9

My guess is that a site I have signed up with has either been compromised (I used this email to sign up for loads of "free bitcoins"-offers) og was built with the intent of gather e-mails/passes.

I may even have re-used the pw, so it could be that these sites are set up to harvest email/pw of bitcoin users. It must either be that, or that my very simple pw was guessed somehow.

Just goes to show that you can never be too careful, and I sure am glad this was a gmail I made with the intent purpose of signing up for shit offers.

defxor
Hero Member
*****
Offline Offline

Activity: 530


View Profile
July 26, 2011, 09:37:37 PM
 #10

I may even have re-used the pw

Quote
or that my very simple pw was guessed somehow

http://lastpass.com

Seriously - once you start you'll never understand why it took you so long.

One new completely random password for each site. Always.

(And just to pre-empt some common responses from those who don't verify what the site is about - no - your passwords are never transmitted to nor stored with LastPass)
cepler
Jr. Member
*
Offline Offline

Activity: 47


View Profile
July 26, 2011, 09:38:21 PM
 #11

This is an example of a password I might use:

$=7rq2]6oLQa^K}3ni4U<4Ylpp8?0p|1@n7Nld[g

Randomize your passwords and make them long.  Use a password manager and keep the password database on a flash drive.  True, if they get the database or log your passwords you're screwed but you're pretty much screwed at that point anyhow and this will cover the most obvious attacks, bruteforcing the encrypted password database.

I cringe when I see some of the passwords people use and how often they use them on other sites!  BAD BAD BAD!  NEVER EVER EVER EVER >>EVER<< use a password on two sites, and your E-Mail password should be the ultimate utmost strong password and protected like a 500 lb block of platinum.  Think about it, when you forget a password what do most sites do?  E-Mail it back to you or send you a link to change it.  If someone gets that E-Mail password they can have a field day getting into your other accounts.
cepler
Jr. Member
*
Offline Offline

Activity: 47


View Profile
July 26, 2011, 09:41:54 PM
 #12

I may even have re-used the pw

Quote
or that my very simple pw was guessed somehow

http://lastpass.com

Seriously - once you start you'll never understand why it took you so long.

One new completely random password for each site. Always.

(And just to pre-empt some common responses from those who don't verify what the site is about - no - your passwords are never transmitted to nor stored with LastPass)


And if you don't trust the way that Lastpass works:

http://www.keepass.info/

and

http://agilebits.com/products/1Password

Are two of my favorite password database apps.  1Password is nice because it's very cross-platform between Mac, PC and iPhone etc...
Dansker
Hero Member
*****
Offline Offline

Activity: 740


Hello world!


View Profile
July 26, 2011, 09:50:11 PM
 #13

All good advice in this thread!

I have different e-mails with different passwords.

I deliberately didn't make a difficult pw for this account, and wasn't careful about where I used it, since I only intended to use it for sites sending me money, not me sending anything.

I must admit, I am surprised someone actually took the time to gain access to this e-mail address, and change my pw (I recovered it via alt. e-mail) - and that is the most important fact I would like to share with you: People out there are actively trying all they can to steal bitcoins, and you need to not trust any random bitcoin sites/people.

joulesbeef
Sr. Member
****
Offline Offline

Activity: 476


moOo


View Profile
July 26, 2011, 10:55:10 PM
 #14

I love lastpass for it;s ease of use.. it will come up with pseudo random passwords that are very strong, and then enter them for you when you need them, and you can long into lastpass from anywhere and get your passes...however... they once had an odd security issue and I dont think it actually ended up being anyones passes being stolen but they emailed everyone and asked them to change their masterpass and highlights the problem of leaving your pass in on a corp system you dont control, especially when it might be a big target of hacks for the trove of passes it contains. SO far they have been good though... i belive, I havent looked more into that incident but I didnt see a lot of noise about it either.

keypass is a solution around the idea of letting a company have control of your passwords like lastpass. With keypass you keep your encrypted password file. It lacks some ease of use of lastpass but if you use keypass and put it on a usbkey or better a dropbox, you can have similar functionality as lastpass in that you can access your passes from anywhere.

mooo for rent
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!