Bitcoin Forum
March 29, 2024, 06:55:20 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Is this a security issue? Massive worker un & pw list found through google ...  (Read 3997 times)
strictlyfocused (OP)
Newbie
*
Offline Offline

Activity: 55
Merit: 0


View Profile
September 22, 2011, 02:57:13 AM
 #1

http://50.19.139.134/test.php

I found it by simply doing a google search for my email address. I wonder how many people used a password on there that may be to an actual account somewhere else?
1711695320
Hero Member
*
Offline Offline

Posts: 1711695320

View Profile Personal Message (Offline)

Ignore
1711695320
Reply with quote  #2

1711695320
Report to moderator
1711695320
Hero Member
*
Offline Offline

Posts: 1711695320

View Profile Personal Message (Offline)

Ignore
1711695320
Reply with quote  #2

1711695320
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711695320
Hero Member
*
Offline Offline

Posts: 1711695320

View Profile Personal Message (Offline)

Ignore
1711695320
Reply with quote  #2

1711695320
Report to moderator
ineededausername
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


bitcoin hundred-aire


View Profile
September 22, 2011, 02:59:49 AM
 #2

O.o
phew, I'm not on that list.
ok... what the hell!?
Why is somebody storing passwords in plaintext!?

(BFL)^2 < 0
simonk83
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
September 22, 2011, 03:27:01 AM
 #3

Oh dear.   A lot of the guys on that list might want to change their passwords... quicksmart.
Keninishna
Hero Member
*****
Offline Offline

Activity: 556
Merit: 500



View Profile
September 22, 2011, 03:29:12 AM
 #4

looks like the nofeemining pool worker passwords.
paraipan
In memoriam
Legendary
*
Offline Offline

Activity: 924
Merit: 1004


Firstbits: 1pirata


View Profile WWW
September 22, 2011, 03:38:58 AM
 #5

looks like the nofeemining pool worker passwords.

... or some real ones if you ask me

BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1918
Merit: 1570


Bitcoin: An Idea Worth Spending


View Profile WWW
September 22, 2011, 03:41:44 AM
 #6

Looks like there's a lot of SA members there. But no one here would dare to...Surely not...No Way!

Remember: Play nice!
Isepick
Full Member
***
Offline Offline

Activity: 180
Merit: 100


View Profile
September 22, 2011, 03:43:46 AM
 #7

Those look like workers...foolish is someone who uses the same password for their workers as their actual login. Good way to get your account emptied.
lightbox
Full Member
***
Offline Offline

Activity: 212
Merit: 100


View Profile WWW
September 22, 2011, 03:47:29 AM
 #8

http://50.19.139.134/  directory index is on too theres a few other files there,,,, none output anything else bad tho

https://www.canadianbitcoins.com for quick & easy buy/sell with $CAD
Canada's Oldest Bitcoin Brokerage.  Serving Canadian Bitcoiners since 2011!
RandyFolds
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250



View Profile
September 22, 2011, 03:57:56 AM
 #9

worker passwords are totally pointless. mine are all default. you guys wanna mine for me? feel free.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1918
Merit: 1570


Bitcoin: An Idea Worth Spending


View Profile WWW
September 22, 2011, 04:09:30 AM
 #10

Looks like there's a lot of SA members there. But no one here would dare to...Surely not...No Way!

Remember: Play nice!

And don't even think about sending Cosby Coins to any of the SA members on the list.
mb300sd
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000

Drunk Posts


View Profile WWW
September 22, 2011, 04:15:00 AM
 #11

Whats the point of having passwords for workers? I'd be glad if someone mined on my account Cheesy

My password for all workers on every pool is bitcoin123 feel free to use it.

1D7FJWRzeKa4SLmTznd3JpeNU13L1ErEco
simonk83
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
September 22, 2011, 04:18:52 AM
 #12

Yes, well, we're the smart ones apparently.  Not everyone is.   You have a nice list now of email addresses and potential passwords.  You do the maths.
RandyFolds
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250



View Profile
September 22, 2011, 04:21:41 AM
 #13

Yes, well, we're the smart ones apparently.  Not everyone is.   You have a nice list now of email addresses and potential passwords.  You do the maths.

It is kind of terrible...taking a closer look, a LOT of people have complex passwords set for their workers. It makes me want to start trying them on facebook, but I am not enough of a dick.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
September 22, 2011, 04:32:07 AM
 #14

... but I am not enough of a dick.

Got me fooled!
Isepick
Full Member
***
Offline Offline

Activity: 180
Merit: 100


View Profile
September 22, 2011, 04:37:30 AM
 #15

I bet a few of those passwords work on those emails...and that a few more work on their Gox accounts as well...
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1105


WalletScrutiny.com


View Profile WWW
September 22, 2011, 11:04:03 AM
 #16

Ok, I'm a dick. 3rd try of a gmail account worked. I'll try to inform gmail to lock them all but ... hmm ... how to reach all mail hosters?

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1105


WalletScrutiny.com


View Profile WWW
September 22, 2011, 11:04:49 AM
 #17

@OP actually you're the dick for posting the link without any attempt to warn those affected.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1105


WalletScrutiny.com


View Profile WWW
September 22, 2011, 11:19:12 AM
 #18

Ok, the one gmail account I tried out and worked got this message a minute ago:
Your request (#....) has been received, and will be reviewed by our support staff.

Our help desk is experiencing unusually high traffic currently. We regret to inform you that you will experience some delays (currently 48-72 hrs) in us getting back to you.

We sincerely apologize for the inconvenience and are working on all fronts to improve our response times.

To review the status of the request and add additional comments, follow the link below:
http://support.mtgox.com/tickets/....


This means somebody even more evil than the OP and me is already at it. I could have logged into Gox but didn't as from having his main mail account I know the rest is trivial.


HOW TO RING THE BELLS?Huh?

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
deslok
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250


It's all about the game, and how you play it


View Profile
September 22, 2011, 11:25:34 AM
 #19

Write a script to just pull the email addresses from the list end send an email to all of them.

"If we don't hang together, by Heavens we shall hang separately." - Benjamin Franklin

If you found that funny or something i said useful i always appreciate spare change
1PczDQHfEj3dJgp6wN3CXPft1bGB23TzTM
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1105


WalletScrutiny.com


View Profile WWW
September 22, 2011, 11:35:57 AM
 #20

Write a script to just pull the email addresses from the list end send an email to all of them.

Write a script to change all their passwords faster than somebody does what you suggested ...

No, this should go to the email provider's attention don't you think so?

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!