westkybitcoins
Legendary
Offline
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
|
|
January 27, 2014, 04:34:00 PM |
|
My opinion...
BTC-e is the key to all of this.
You seem convinced that they aren't an issue because you hadn't used the site in so long. I'm not sure why you feel this matters. If anything, were a malicious employee to access the emails and passwords of users of the site, the lack of activity might be the very reason they decided to target you, perhaps figuring that they'd be able to do their deeds and it would be weeks before you noticed.
1) BTC-e seems to be chronologically the first target.
2) Your email wasn't compromised, and your system wasn't compromised. This seems pretty clear.
3) The common link to these sites was the password.
4) I would think the most likely means of retrieving the password would be from the (unencrypted!) data in one of the site's databases.
5) The password reset business is irrelevant (although whether you're being lied to by btc-mining isn't.) Seems clear to me the hacker did it just to throw you off the trail, and likely to lock you out of the account too (if he's going to just sell your stuff and not profit, might as well add one final slap-to-the-face while he's at it.) He apparently did his business, requested a bunch of password resets from the same session (or not), then changed the password on you.
It all seems to boil down to your accounts being compromised by an inept, petty and vindictive thief who got your password and was expecting to hit gold. The only real question seems to be how he got the password. Presuming you don't have younger family members who dislike you poking through your stuff, my money is on BTC-e being the source of the password one way or another.
EDIT: You might consider asking each site if their user password data is encrypted in their database, and if so how (md5, etc.) Not that any one of them couldn't just lie to you, but three sites giving quick, solid responses and one ignoring the question for a week or two would be pretty suspect.
|