Bitcoin Forum
October 22, 2017, 07:26:00 PM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Someone tried to hack my mail account ?  (Read 925 times)
jambola2
Legendary
*
Offline Offline

Activity: 1078


Enjin Coin - Smart Cryptocurrency for Gaming.


View Profile
October 31, 2013, 05:38:48 AM
 #1

I had the same password for my mail as this forums.
I changed the forum password , but ignored changing my mail password , who would go there.
Apparently , my mail is visible on my profile.
Yesterday I got 3 suspicious , attempted logins to my account.
Google luckily blocked it. It was done from a VPN ( 3 logins from around the world in half an hour )
I changed my password , but just realised the seriousness.
It is not very likely that your forum password will matter on any other forums , but if you use it for your mail ID , you are going to have a bad time.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Vod
Legendary
*
Offline Offline

Activity: 2170


Licking my boob since 1970


View Profile WWW
October 31, 2013, 06:37:43 AM
 #2

Quote
News: Change your forum password

On the top of every page.   Wink

I'm into creating universes, smiting people, writing holy books and listening to prayers.
If you want your prayers answered, you must donate to 1CDyx8AUTiYXS1ThcBU3vy4SJWQq6pdFMH
BitcoinTalk Public Information Project
Dabs
Staff
Legendary
*
Offline Offline

Activity: 1834



View Profile
October 31, 2013, 06:41:02 AM
 #3

Keep all your accounts with different passwords on all websites (or services). Make sure all your passwords are long (16 characters or more, not a word, numbers, letters, symbols), and all the usual stuff.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
TheNewAnon135246
Legendary
*
Offline Offline

Activity: 1442



View Profile WWW
October 31, 2013, 08:07:46 AM
 #4

My forum account got hacked after thr attack, so I changed all my passwords just in case.

BitSend ◢◤Clients | Source
www.bitsend.info
█▄
█████▄
████████▄
███████████▄
██████████████
███████████▀
████████▀
█████▀
█▀












Segwit | Core 0.14 | Masternodes
XEVAN | DK3 | Electrum soon
Bitcore - BTX/BTC -Project












BSD -USDT | Bittrex | C.Gather | S.Exchange
Cryptopia | NovaExchange | Livecoin
Litebit.eu | Faucet | Bitsend Airdrop













████
 ████
  ████
   ████
    ████
     ████
      ████
       ████
        ████
       ████
      ████
     ████
    ████
   ████
  ████
 ████
████

████
 ████
  ████
   ████
    ████
     ████
      ████
       ████
        ████
       ████
      ████
     ████
    ████
   ████
  ████
 ████
████
Klubknuckle
Sr. Member
****
Offline Offline

Activity: 290


View Profile
October 31, 2013, 12:22:34 PM
 #5

I had the same password for my mail as this forums.
I changed the forum password , but ignored changing my mail password , who would go there.
Apparently , my mail is visible on my profile.
Yesterday I got 3 suspicious , attempted logins to my account.
Google luckily blocked it. It was done from a VPN ( 3 logins from around the world in half an hour )
I changed my password , but just realised the seriousness.
It is not very likely that your forum password will matter on any other forums , but if you use it for your mail ID , you are going to have a bad time.

Just make sure you don't have the same password as any other account you created then your safe Smiley

TheNewAnon135246
Legendary
*
Offline Offline

Activity: 1442



View Profile WWW
October 31, 2013, 12:27:05 PM
 #6

Exactly. I always have complicated passwords for wallets, email etc. and easier ones for simple accounts.

BitSend ◢◤Clients | Source
www.bitsend.info
█▄
█████▄
████████▄
███████████▄
██████████████
███████████▀
████████▀
█████▀
█▀












Segwit | Core 0.14 | Masternodes
XEVAN | DK3 | Electrum soon
Bitcore - BTX/BTC -Project












BSD -USDT | Bittrex | C.Gather | S.Exchange
Cryptopia | NovaExchange | Livecoin
Litebit.eu | Faucet | Bitsend Airdrop













████
 ████
  ████
   ████
    ████
     ████
      ████
       ████
        ████
       ████
      ████
     ████
    ████
   ████
  ████
 ████
████

████
 ████
  ████
   ████
    ████
     ████
      ████
       ████
        ████
       ████
      ████
     ████
    ████
   ████
  ████
 ████
████
deepceleron
Legendary
*
Offline Offline

Activity: 1512



View Profile WWW
October 31, 2013, 12:33:20 PM
 #7

The forum user accounts and passwords have not been widely reported to be compromised in a way consistent with employment of a forum data breach, I would look elsewhere for the source. Can you tell from logs if they actually had your password?

jambola2
Legendary
*
Offline Offline

Activity: 1078


Enjin Coin - Smart Cryptocurrency for Gaming.


View Profile
October 31, 2013, 12:45:36 PM
 #8

Yeah , they had my password , but google apparently blocks a log in if you are actively logged in already.
It was two attempts from China and one from USA ( obvious VPN )

jambola2
Legendary
*
Offline Offline

Activity: 1078


Enjin Coin - Smart Cryptocurrency for Gaming.


View Profile
October 31, 2013, 12:47:17 PM
 #9

Image of the attempts ?
http://prntscr.com/20ygu5

Ecurb123
Full Member
***
Offline Offline

Activity: 182


View Profile
November 01, 2013, 06:18:48 PM
 #10

I use and suggest a PW manager. Each account everywhere gets a new random PW of 16 charters.
Dabs
Staff
Legendary
*
Offline Offline

Activity: 1834



View Profile
November 04, 2013, 04:14:08 AM
 #11

Well, I can at least suspect that the attackers were able to read (unencrypted) private messages, since some coins moved from one address to another. The private key was probably extracted from the PMs.

Next time, must use encryption.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
jambola2
Legendary
*
Offline Offline

Activity: 1078


Enjin Coin - Smart Cryptocurrency for Gaming.


View Profile
November 04, 2013, 06:45:46 AM
 #12

My password is moderately long , 11 characters , has no words and has a near equal distribution of letters , numbers and capitals.
Does not seem like it would be easy to brute-force open.

TheNewAnon135246
Legendary
*
Offline Offline

Activity: 1442



View Profile WWW
November 04, 2013, 06:54:18 AM
 #13

My password is moderately long , 11 characters , has no words and has a near equal distribution of letters , numbers and capitals.
Does not seem like it would be easy to brute-force open.

Sounds secure enough :S

BitSend ◢◤Clients | Source
www.bitsend.info
█▄
█████▄
████████▄
███████████▄
██████████████
███████████▀
████████▀
█████▀
█▀












Segwit | Core 0.14 | Masternodes
XEVAN | DK3 | Electrum soon
Bitcore - BTX/BTC -Project












BSD -USDT | Bittrex | C.Gather | S.Exchange
Cryptopia | NovaExchange | Livecoin
Litebit.eu | Faucet | Bitsend Airdrop













████
 ████
  ████
   ████
    ████
     ████
      ████
       ████
        ████
       ████
      ████
     ████
    ████
   ████
  ████
 ████
████

████
 ████
  ████
   ████
    ████
     ████
      ████
       ████
        ████
       ████
      ████
     ████
    ████
   ████
  ████
 ████
████
b!z
Legendary
*
Offline Offline

Activity: 1568



View Profile
November 04, 2013, 11:39:49 AM
 #14

Well, I can at least suspect that the attackers were able to read (unencrypted) private messages, since some coins moved from one address to another. The private key was probably extracted from the PMs.

Next time, must use encryption.

You were sending / storing private keys in PM? That is not a good idea.
Dabs
Staff
Legendary
*
Offline Offline

Activity: 1834



View Profile
November 05, 2013, 11:33:17 AM
 #15

You were sending / storing private keys in PM? That is not a good idea.
Yeah, my mistake. I should have required them to use GPG. They were buying the key to sign messages on it, because I bought some chips using that particular key. The problem was some coins were then sent there. Then got spent away.

Fortunately, the amount was small enough.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
Kimowa
Sr. Member
****
Offline Offline

Activity: 448



View Profile
November 05, 2013, 01:35:13 PM
 #16

Thats why I never had same password for every account...

Nik1ab
Hero Member
*****
Offline Offline

Activity: 574


freedomainradio.com


View Profile
November 05, 2013, 01:50:29 PM
 #17

I had the same password for my mail as this forums.
I changed the forum password , but ignored changing my mail password , who would go there.
Apparently , my mail is visible on my profile.
Yesterday I got 3 suspicious , attempted logins to my account.
Google luckily blocked it. It was done from a VPN ( 3 logins from around the world in half an hour )
I changed my password , but just realised the seriousness.
It is not very likely that your forum password will matter on any other forums , but if you use it for your mail ID , you are going to have a bad time.
Why do you use SpyMail?  Huh

No signature ad here, because their conditions have become annoying.
jambola2
Legendary
*
Offline Offline

Activity: 1078


Enjin Coin - Smart Cryptocurrency for Gaming.


View Profile
November 05, 2013, 04:20:00 PM
 #18

I had the same password for my mail as this forums.
I changed the forum password , but ignored changing my mail password , who would go there.
Apparently , my mail is visible on my profile.
Yesterday I got 3 suspicious , attempted logins to my account.
Google luckily blocked it. It was done from a VPN ( 3 logins from around the world in half an hour )
I changed my password , but just realised the seriousness.
It is not very likely that your forum password will matter on any other forums , but if you use it for your mail ID , you are going to have a bad time.
Why do you use SpyMail?  Huh

I use gmail....

Nik1ab
Hero Member
*****
Offline Offline

Activity: 574


freedomainradio.com


View Profile
November 05, 2013, 04:23:14 PM
 #19

I had the same password for my mail as this forums.
I changed the forum password , but ignored changing my mail password , who would go there.
Apparently , my mail is visible on my profile.
Yesterday I got 3 suspicious , attempted logins to my account.
Google luckily blocked it. It was done from a VPN ( 3 logins from around the world in half an hour )
I changed my password , but just realised the seriousness.
It is not very likely that your forum password will matter on any other forums , but if you use it for your mail ID , you are going to have a bad time.
Why do you use SpyMail?  Huh

I use gmail....
Thats exactly the same thing...

No signature ad here, because their conditions have become annoying.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!