Bitcoin Forum
December 08, 2016, 02:45:44 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Is this a security issue? Massive worker un & pw list found through google ...  (Read 3450 times)
strictlyfocused
Jr. Member
*
Offline Offline

Activity: 55


View Profile
September 22, 2011, 01:08:23 PM
 #21

@OP actually you're the dick for posting the link without any attempt to warn those affected.

Fuck you ... how is it my responsibility to do anything about it? What am I gonna do, email everyone on that list a sweet little message? Get real ... I could have just as well done something nefarious with it but I posted it here in hopes of getting it resolved.
1481208344
Hero Member
*
Offline Offline

Posts: 1481208344

View Profile Personal Message (Offline)

Ignore
1481208344
Reply with quote  #2

1481208344
Report to moderator
1481208344
Hero Member
*
Offline Offline

Posts: 1481208344

View Profile Personal Message (Offline)

Ignore
1481208344
Reply with quote  #2

1481208344
Report to moderator
"The nature of Bitcoin is such that once version 0.1 was released, the core design was set in stone for the rest of its lifetime." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481208344
Hero Member
*
Offline Offline

Posts: 1481208344

View Profile Personal Message (Offline)

Ignore
1481208344
Reply with quote  #2

1481208344
Report to moderator
1481208344
Hero Member
*
Offline Offline

Posts: 1481208344

View Profile Personal Message (Offline)

Ignore
1481208344
Reply with quote  #2

1481208344
Report to moderator
1481208344
Hero Member
*
Offline Offline

Posts: 1481208344

View Profile Personal Message (Offline)

Ignore
1481208344
Reply with quote  #2

1481208344
Report to moderator
stsbrad
Full Member
***
Offline Offline

Activity: 168

Brad Willman, SSCP, LTCP, MCTS,SCE,BCE


View Profile
September 22, 2011, 01:18:24 PM
 #22

http://50.19.139.134/test.php

I found it by simply doing a google search for my email address. I wonder how many people used a password on there that may be to an actual account somewhere else?


can you please let us know exactly what you google
searched? I'm finding this hard to believe
strictlyfocused
Jr. Member
*
Offline Offline

Activity: 55


View Profile
September 22, 2011, 01:22:13 PM
 #23

http://50.19.139.134/test.php

I found it by simply doing a google search for my email address. I wonder how many people used a password on there that may be to an actual account somewhere else?


can you please let us know exactly what you google
searched? I'm finding this hard to believe

As I said in the first post if you had looked, I simply googled my email address ...
giszmo
Legendary
*
Offline Offline

Activity: 1568


¡ɥɔʇɐʍ ʇsnɾ &#7


View Profile WWW
September 22, 2011, 01:26:29 PM
 #24

https://encrypted.google.com/#q=redline888%40gmail.com first hit for example ...

stsbrad
Full Member
***
Offline Offline

Activity: 168

Brad Willman, SSCP, LTCP, MCTS,SCE,BCE


View Profile
September 22, 2011, 02:23:59 PM
 #25


Thank you. Sorry to OP for saying I find this hard to believe. I stand corrected.
Gerken
Member
**
Offline Offline

Activity: 112



View Profile
September 22, 2011, 02:26:35 PM
 #26

Just in time, daddy needs a new pair of shoes. 

tonto
Hero Member
*****
Offline Offline

Activity: 677


BubblesBit.com


View Profile WWW
September 22, 2011, 03:41:38 PM
 #27

oh holy hell, I hope people didn't use these logins/passwords for their mtgox account.  I'm glad I'm not on the list Wink   But if I we're, the only thing I have on mtgox right now is .0034 btc

.
.......
.......
.......
.......
.......
.......
..........
.....
.....
.....
.....
.....
.
joeyjoe
Full Member
***
Offline Offline

Activity: 224


View Profile
September 22, 2011, 03:43:55 PM
 #28

lol! i thought that was my database!

Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
NoFeeMining
Jr. Member
*
Offline Offline

Activity: 54


View Profile
September 22, 2011, 07:08:10 PM
 #29

That was part of our old database.

I have no idea why that information was there and I plan on figuring out which idiot from my team did that.

I am in the process of emailing all the affected users to let them know.

We managed to minimize the damage on our end though only about 1 or 2 coins were lost.

Easy to use NO FEE mining pool
http://www.NoFeeMining.com/
joeyjoe
Full Member
***
Offline Offline

Activity: 224


View Profile
September 22, 2011, 07:09:29 PM
 #30

That was part of our old database.

I have no idea why that information was there and I plan on figuring out which idiot from my team did that.

I am in the process of emailing all the affected users to let them know.

Very bad security practice to leave the accounts passwords unencrypted, i hope your not the coder for that site!

Would advise all users to get their miners away from there ASAP

Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
strictlyfocused
Jr. Member
*
Offline Offline

Activity: 55


View Profile
September 22, 2011, 07:11:04 PM
 #31

That was part of our old database.

I have no idea why that information was there and I plan on figuring out which idiot from my team did that.

I am in the process of emailing all the affected users to let them know.

We managed to minimize the damage on our end though only about 1 or 2 coins were lost.

Glad to hear this will be corrected  Smiley
NoFeeMining
Jr. Member
*
Offline Offline

Activity: 54


View Profile
September 22, 2011, 07:13:33 PM
 #32

That was part of our old database.

I have no idea why that information was there and I plan on figuring out which idiot from my team did that.

I am in the process of emailing all the affected users to let them know.

Very bad security practice to leave the accounts passwords unencrypted, i hope your not the coder for that site!

Would advise all users to get their miners away from there ASAP

A. We had to keep the WORKER passwords unencrypted so that users could see them and edit them more easily.

B. This is our OLD database on the OLD site. We have since completely rewritten the site's code and it doesn't even use mysql anymore.

C. This happened because one of the guys on the team was doing some debugging and like an idiot did not secure his testing site.

Easy to use NO FEE mining pool
http://www.NoFeeMining.com/
joeyjoe
Full Member
***
Offline Offline

Activity: 224


View Profile
September 22, 2011, 07:19:25 PM
 #33

That was part of our old database.

I have no idea why that information was there and I plan on figuring out which idiot from my team did that.

I am in the process of emailing all the affected users to let them know.

Very bad security practice to leave the accounts passwords unencrypted, i hope your not the coder for that site!

Would advise all users to get their miners away from there ASAP

A. We had to keep the WORKER passwords unencrypted so that users could see them and edit them more easily.

B. This is our OLD database on the OLD site. We have since completely rewritten the site's code and it doesn't even use mysql anymore.

C. This happened because one of the guys on the team was doing some debugging and like an idiot did not secure his testing site.

Even so, why have them saved as plain text at all? you can still encyrpt with base64 and a salt code that is kept hidden

Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
iamzill
Full Member
***
Offline Offline

Activity: 139


View Profile
September 23, 2011, 12:49:39 AM
 #34

That was part of our old database.

I have no idea why that information was there and I plan on figuring out which idiot from my team did that.

I am in the process of emailing all the affected users to let them know.

Very bad security practice to leave the accounts passwords unencrypted, i hope your not the coder for that site!

Would advise all users to get their miners away from there ASAP

A. We had to keep the WORKER passwords unencrypted so that users could see them and edit them more easily.

B. This is our OLD database on the OLD site. We have since completely rewritten the site's code and it doesn't even use mysql anymore.

C. This happened because one of the guys on the team was doing some debugging and like an idiot did not secure his testing site.

Even so, why have them saved as plain text at all? you can still encyrpt with base64 and a salt code that is kept hidden
They probably thought worker passwords wasn't "important" enough.
RandyFolds
Sr. Member
****
Offline Offline

Activity: 434



View Profile
September 23, 2011, 12:57:37 AM
 #35

That was part of our old database.

I have no idea why that information was there and I plan on figuring out which idiot from my team did that.

I am in the process of emailing all the affected users to let them know.

Very bad security practice to leave the accounts passwords unencrypted, i hope your not the coder for that site!

Would advise all users to get their miners away from there ASAP

A. We had to keep the WORKER passwords unencrypted so that users could see them and edit them more easily.

B. This is our OLD database on the OLD site. We have since completely rewritten the site's code and it doesn't even use mysql anymore.

C. This happened because one of the guys on the team was doing some debugging and like an idiot did not secure his testing site.

Even so, why have them saved as plain text at all? you can still encyrpt with base64 and a salt code that is kept hidden
They probably thought worker passwords wasn't "important" enough.


They aren't "important", they are a mere formality.

▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
▓▓ ONEDICE.ME ▓▓▓▓▓ BEST DICE EXPERIENCE ▓▓▓▓ PLAY OR INVEST ▓▓▓▓▓▓
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
phantomcircuit
Sr. Member
****
Offline Offline

Activity: 463


View Profile
September 23, 2011, 01:04:02 AM
 #36

These are passwords from bitcoinpool.com
RandyFolds
Sr. Member
****
Offline Offline

Activity: 434



View Profile
September 23, 2011, 01:10:21 AM
 #37

These are passwords from bitcoinpool.com

nofeemining, brother. read the thread.

▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
▓▓ ONEDICE.ME ▓▓▓▓▓ BEST DICE EXPERIENCE ▓▓▓▓ PLAY OR INVEST ▓▓▓▓▓▓
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
phantomcircuit
Sr. Member
****
Offline Offline

Activity: 463


View Profile
September 23, 2011, 01:12:33 AM
 #38

These are passwords from bitcoinpool.com

nofeemining, brother. read the thread.

I stand corrected, i noticed a lot of usernames that match bitcoinpool users.
RandyFolds
Sr. Member
****
Offline Offline

Activity: 434



View Profile
September 23, 2011, 01:14:01 AM
 #39

These are passwords from bitcoinpool.com

nofeemining, brother. read the thread.

I stand corrected, i noticed a lot of usernames that match bitcoinpool users.

I am sure there is plenty of overlap, particularly the hoppers.

I just don't get why anyone sets their miner names/passwords to anything but default...like I said, they are completely arbitrary.

▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
▓▓ ONEDICE.ME ▓▓▓▓▓ BEST DICE EXPERIENCE ▓▓▓▓ PLAY OR INVEST ▓▓▓▓▓▓
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
September 23, 2011, 01:18:27 AM
 #40

They aren't "important", they are a mere formality.

problem is, careless people re-use passwords elsewhere like on their email accounts.
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!