11danman11 (OP)
Member
Offline
Activity: 80
Merit: 10
Cryptocurrency, best creation ever!
|
|
December 09, 2013, 09:25:42 AM |
|
Today I found out that my Cryptsy, BTC-E and Hotmail account have been hacked. I first tried logging into my Cryptsy account to find that my password had been changed, so I tried logging into my email account to see if maybe I had made a mistake. To my surprise, my Hotmail password had also been changed, but I was able to change it because it is linked to my mobile number. So I sent a password recovery to Cryptsy and was able to login. All my coins had been sold off and withdrawn to this bitcoin address: 1CYehmoJN3sxgW3U8JvQrPTWMBy7yNv42V I was freaking out so then I went to my BTC-E account to find that the hacker had sold off my Litecoins for Euros, and I don't know why he sold them for Euros when he simply could have sold them for Bitcoin and done the same thing as my Cryptsy account. I loss in total about 6.75 BTC, I am greatly saddened, although it is not much of a loss to me due to that all these coins were bought a while ago for a small amount of money. I have no idea how the hacker gained access to my information, I had run a virus scan only yesterday, and I have not entered my information on any strange websites. My BTC-E and Cryptsy password are the same, but my email password is slightly different to it. If anyone has any information on what I can do (I doubt anything can be done lol) please post here, or if you have a similar story. Thanks for reading,
|
|
|
|
bitpop
Legendary
Offline
Activity: 2912
Merit: 1060
|
|
December 09, 2013, 09:36:42 AM |
|
Learn a lesson, use 2fa and different passwords. Go relax it could have been more. Also it's probably the person closest to you if not a hacker.
|
|
|
|
11danman11 (OP)
Member
Offline
Activity: 80
Merit: 10
Cryptocurrency, best creation ever!
|
|
December 09, 2013, 09:40:54 AM |
|
Learn a lesson, use 2fa and different passwords. Go relax it could have been more. Also it's probably the person closest to you if not a hacker.
Yeah I had 2fa for Cryptsy. Just had another thought, Bitcointalk got hacked recently and passwords were stolen... I had same/similar passwords it is possible they could have performed an alphabet brute force? Oh well no point worrying about it, you're right I could have loss waaay more. Read a post here were a guy lost 25,000 BTC 2 years ago...
|
|
|
|
ajax3592
Full Member
Offline
Activity: 210
Merit: 100
Crypto News & Tutorials - Coinramble.com
|
|
December 09, 2013, 09:57:42 AM |
|
Learn a lesson, use 2fa and different passwords. Go relax it could have been more. Also it's probably the person closest to you if not a hacker.
Yeah I had 2fa for Cryptsy. Just had another thought, Bitcointalk got hacked recently and passwords were stolen... I had same/similar passwords it is possible they could have performed an alphabet brute force? Oh well no point worrying about it, you're right I could have loss waaay more. Read a post here were a guy lost 25,000 BTC 2 years ago... That could exactly be the case if you used the same password here on any of your mail or on Cryptsy!
|
|
|
|
davedx
|
|
December 09, 2013, 10:17:03 AM |
|
I think the biggest lesson is don't store coins or fiat in exchanges. Use them to exchange then withdraw back to your wallet straightaway. The only reason you shouldn't do this is if you want to day trade or do inter-exchange arbitrage.
Also, of course, encrypt your local wallet with a very strong password.
|
|
|
|
kik1977
|
|
December 09, 2013, 10:33:56 AM |
|
Learn a lesson, use 2fa and different passwords. Go relax it could have been more. Also it's probably the person closest to you if not a hacker.
Yeah I had 2fa for Cryptsy. Just had another thought, Bitcointalk got hacked recently and passwords were stolen... I had same/similar passwords it is possible they could have performed an alphabet brute force? Oh well no point worrying about it, you're right I could have loss waaay more. Read a post here were a guy lost 25,000 BTC 2 years ago... What kind of 2FA do they implement?
|
We are like butterflies who flutter for a day and think it is forever
|
|
|
|
11danman11 (OP)
Member
Offline
Activity: 80
Merit: 10
Cryptocurrency, best creation ever!
|
|
December 09, 2013, 10:54:48 AM |
|
Learn a lesson, use 2fa and different passwords. Go relax it could have been more. Also it's probably the person closest to you if not a hacker.
Yeah I had 2fa for Cryptsy. Just had another thought, Bitcointalk got hacked recently and passwords were stolen... I had same/similar passwords it is possible they could have performed an alphabet brute force? Oh well no point worrying about it, you're right I could have loss waaay more. Read a post here were a guy lost 25,000 BTC 2 years ago... What kind of 2FA do they implement? They send a unique code to your email address.
|
|
|
|
yenom
|
|
December 09, 2013, 10:57:17 AM |
|
Use Lastpass to generate a 30 char password for every website you have. I don't know any of my passwords because all my usernames and all my passwords are different on every site I have registered on.
|
|
|
|
raskolnikovx
|
|
December 09, 2013, 11:01:30 AM |
|
Use Lastpass to generate a 30 char password for every website you have. I don't know any of my passwords because all my usernames and all my passwords are different on every site I have registered on.
And where do you store your passwords?
|
|
|
|
bryant.coleman
Legendary
Offline
Activity: 3794
Merit: 1219
|
|
December 09, 2013, 11:25:01 AM |
|
Use Lastpass to generate a 30 char password for every website you have. I don't know any of my passwords because all my usernames and all my passwords are different on every site I have registered on.
But then how will you store your passwords? Storing them by writing down in paper is not safe.
|
|
|
|
raskolnikovx
|
|
December 09, 2013, 11:30:19 AM |
|
Use Lastpass to generate a 30 char password for every website you have. I don't know any of my passwords because all my usernames and all my passwords are different on every site I have registered on.
But then how will you store your passwords? Storing them by writing down in paper is not safe. Exactly ... http://en.wikipedia.org/wiki/Single_point_of_failure
|
|
|
|
unfly
Newbie
Offline
Activity: 3
Merit: 0
|
|
December 09, 2013, 11:55:19 AM |
|
Yeah...upon reading this I've changed my Cryptsy password and added 2fa with my phone number. Sorry to hear that happened to you OP.
|
|
|
|
yenom
|
|
December 09, 2013, 11:57:48 AM |
|
Go and research Lastpass. It is TNO (Trust No-One) and PIE (Pre-Internet Encryption). The encrypted password vault is replicated to all the browsers you have it installed in, and the Lastpass servers. They cannot decrypt it. There is an iPhone App too. It's really an amazing product if you can be bothered to look.
|
|
|
|
whiskers75
|
|
December 09, 2013, 12:04:46 PM |
|
Go and research Lastpass. It is TNO (Trust No-One) and PIE (Pre-Internet Encryption). The encrypted password vault is replicated to all the browsers you have it installed in, and the Lastpass servers. They cannot decrypt it. There is an iPhone App too. It's really an amazing product if you can be bothered to look.
No, but they could add custom JS, being non-open source. Use KeePass.
|
|
|
|
raskolnikovx
|
|
December 09, 2013, 12:34:22 PM |
|
Go and research Lastpass. It is TNO (Trust No-One) and PIE (Pre-Internet Encryption). The encrypted password vault is replicated to all the browsers you have it installed in, and the Lastpass servers. They cannot decrypt it. There is an iPhone App too. It's really an amazing product if you can be bothered to look.
So you say that you trust this Lastpass service with all of your passwords. Ok. I just cannot do that. I handle passwords to access Wallets, Email, Dedicated Servers, Shared servers, Homebanking, etc, etc. No, I cannot afford to trust nobody but me. I use a set of different passwords for my stuff. They are all well formed and will never be part of any dictionary. And I can remember my passwords because I must do so. People rembered complete books for years.
|
|
|
|
yenom
|
|
December 09, 2013, 12:59:15 PM |
|
Go and research Lastpass. It is TNO (Trust No-One) and PIE (Pre-Internet Encryption). The encrypted password vault is replicated to all the browsers you have it installed in, and the Lastpass servers. They cannot decrypt it. There is an iPhone App too. It's really an amazing product if you can be bothered to look.
So you say that you trust this Lastpass service with all of your passwords. Ok. I just cannot do that. I handle passwords to access Wallets, Email, Dedicated Servers, Shared servers, Homebanking, etc, etc. No, I cannot afford to trust nobody but me. I use a set of different passwords for my stuff. They are all well formed and will never be part of any dictionary. And I can remember my passwords because I must do so. People rembered complete books for years. If you cannot be bothered to look at it then fine. If you did you would realize all your concerns are addressed. Anyway it seems I'm wasting my time, a bit like trying to explain bitcoin to Peter Schiff..
|
|
|
|
thecoinjournal
|
|
December 09, 2013, 01:20:14 PM |
|
Learn a lesson, use 2fa and different passwords. Go relax it could have been more. Also it's probably the person closest to you if not a hacker.
Yeah I had 2fa for Cryptsy. Just had another thought, Bitcointalk got hacked recently and passwords were stolen... I had same/similar passwords it is possible they could have performed an alphabet brute force? Oh well no point worrying about it, you're right I could have loss waaay more. Read a post here were a guy lost 25,000 BTC 2 years ago... Always use different username/password combinations on different sites. For me, I use 10minutemail in most cases, even the account got compromised it won't be associated with my other accounts.
|
|
|
|
raskolnikovx
|
|
December 09, 2013, 01:26:36 PM |
|
Go and research Lastpass. It is TNO (Trust No-One) and PIE (Pre-Internet Encryption). The encrypted password vault is replicated to all the browsers you have it installed in, and the Lastpass servers. They cannot decrypt it. There is an iPhone App too. It's really an amazing product if you can be bothered to look.
So you say that you trust this Lastpass service with all of your passwords. Ok. I just cannot do that. I handle passwords to access Wallets, Email, Dedicated Servers, Shared servers, Homebanking, etc, etc. No, I cannot afford to trust nobody but me. I use a set of different passwords for my stuff. They are all well formed and will never be part of any dictionary. And I can remember my passwords because I must do so. People rembered complete books for years. If you cannot be bothered to look at it then fine. If you did you would realize all your concerns are addressed. Anyway it seems I'm wasting my time, a bit like trying to explain bitcoin to Peter Schiff.. Dude, relax! I did check the website and know the service and others like this one. I just cannot trust nobody with this kind of data. Thats all.
|
|
|
|
yenom
|
|
December 09, 2013, 02:49:58 PM |
|
Dude, relax! I did check the website and know the service and others like this one. I just cannot trust nobody with this kind of data. Thats all.
Hehe, it's fine. I just get annoyed that people leap to conclusions without first seeking to understand, something common to the bitcoin space. As I mentioned the Lastpass system addresses precisely that point - TNO. Trust No-One. You are sensible to consider that, and if open source only fits your criteria then great.
|
|
|
|
|