Is this a security issue? Massive worker un & pw list found through google ...

[strictlyfocused]

@OP actually you're the dick for posting the link without any attempt to warn those affected.

Fuck you ... how is it my responsibility to do anything about it? What am I gonna do, email everyone on that list a sweet little message? Get real ... I could have just as well done something nefarious with it but I posted it here in hopes of getting it resolved.

[1713592688]

1713592688

[1713592688]

1713592688

[1713592688]

1713592688

[stsbrad]

http://50.19.139.134/test.php

I found it by simply doing a google search for my email address. I wonder how many people used a password on there that may be to an actual account somewhere else?

can you please let us know exactly what you google
searched? I'm finding this hard to believe

[strictlyfocused]

http://50.19.139.134/test.php

I found it by simply doing a google search for my email address. I wonder how many people used a password on there that may be to an actual account somewhere else?

can you please let us know exactly what you google
searched? I'm finding this hard to believe

As I said in the first post if you had looked, I simply googled my email address ...

[giszmo]

https://encrypted.google.com/#q=redline888%40gmail.com first hit for example ...

[stsbrad]

https://encrypted.google.com/#q=redline888%40gmail.com first hit for example ...

Thank you. Sorry to OP for saying I find this hard to believe. I stand corrected.

[Gerken]

Just in time, daddy needs a new pair of shoes. 

[tonto]

oh holy hell, I hope people didn't use these logins/passwords for their mtgox account.  I'm glad I'm not on the list    But if I we're, the only thing I have on mtgox right now is .0034 btc

[joeyjoe]

lol! i thought that was my database!

[NoFeeMining]

That was part of our old database.

I have no idea why that information was there and I plan on figuring out which idiot from my team did that.

I am in the process of emailing all the affected users to let them know.

We managed to minimize the damage on our end though only about 1 or 2 coins were lost.

[joeyjoe]

That was part of our old database.

I have no idea why that information was there and I plan on figuring out which idiot from my team did that.

I am in the process of emailing all the affected users to let them know.

Very bad security practice to leave the accounts passwords unencrypted, i hope your not the coder for that site!

Would advise all users to get their miners away from there ASAP

[strictlyfocused]

That was part of our old database.

I have no idea why that information was there and I plan on figuring out which idiot from my team did that.

I am in the process of emailing all the affected users to let them know.

We managed to minimize the damage on our end though only about 1 or 2 coins were lost.

Glad to hear this will be corrected 

[NoFeeMining]

That was part of our old database.

I have no idea why that information was there and I plan on figuring out which idiot from my team did that.

I am in the process of emailing all the affected users to let them know.

Very bad security practice to leave the accounts passwords unencrypted, i hope your not the coder for that site!

Would advise all users to get their miners away from there ASAP

A. We had to keep the WORKER passwords unencrypted so that users could see them and edit them more easily.

B. This is our OLD database on the OLD site. We have since completely rewritten the site's code and it doesn't even use mysql anymore.

C. This happened because one of the guys on the team was doing some debugging and like an idiot did not secure his testing site.

[joeyjoe]

That was part of our old database.

I have no idea why that information was there and I plan on figuring out which idiot from my team did that.

I am in the process of emailing all the affected users to let them know.

Very bad security practice to leave the accounts passwords unencrypted, i hope your not the coder for that site!

Would advise all users to get their miners away from there ASAP

A. We had to keep the WORKER passwords unencrypted so that users could see them and edit them more easily.

B. This is our OLD database on the OLD site. We have since completely rewritten the site's code and it doesn't even use mysql anymore.

C. This happened because one of the guys on the team was doing some debugging and like an idiot did not secure his testing site.

Even so, why have them saved as plain text at all? you can still encyrpt with base64 and a salt code that is kept hidden

[iamzill]

That was part of our old database.

I have no idea why that information was there and I plan on figuring out which idiot from my team did that.

I am in the process of emailing all the affected users to let them know.

Very bad security practice to leave the accounts passwords unencrypted, i hope your not the coder for that site!

Would advise all users to get their miners away from there ASAP

A. We had to keep the WORKER passwords unencrypted so that users could see them and edit them more easily.

B. This is our OLD database on the OLD site. We have since completely rewritten the site's code and it doesn't even use mysql anymore.

C. This happened because one of the guys on the team was doing some debugging and like an idiot did not secure his testing site.

Even so, why have them saved as plain text at all? you can still encyrpt with base64 and a salt code that is kept hidden

They probably thought worker passwords wasn't "important" enough.

[RandyFolds]

That was part of our old database.

I have no idea why that information was there and I plan on figuring out which idiot from my team did that.

I am in the process of emailing all the affected users to let them know.

Very bad security practice to leave the accounts passwords unencrypted, i hope your not the coder for that site!

Would advise all users to get their miners away from there ASAP

A. We had to keep the WORKER passwords unencrypted so that users could see them and edit them more easily.

B. This is our OLD database on the OLD site. We have since completely rewritten the site's code and it doesn't even use mysql anymore.

C. This happened because one of the guys on the team was doing some debugging and like an idiot did not secure his testing site.

Even so, why have them saved as plain text at all? you can still encyrpt with base64 and a salt code that is kept hidden

They probably thought worker passwords wasn't "important" enough.

They aren't "important", they are a mere formality.

[phantomcircuit]

These are passwords from bitcoinpool.com

[RandyFolds]

These are passwords from bitcoinpool.com

nofeemining, brother. read the thread.

[phantomcircuit]

These are passwords from bitcoinpool.com

nofeemining, brother. read the thread.

I stand corrected, i noticed a lot of usernames that match bitcoinpool users.

[RandyFolds]

These are passwords from bitcoinpool.com

nofeemining, brother. read the thread.

I stand corrected, i noticed a lot of usernames that match bitcoinpool users.

I am sure there is plenty of overlap, particularly the hoppers.

I just don't get why anyone sets their miner names/passwords to anything but default...like I said, they are completely arbitrary.

[payb.tc]

They aren't "important", they are a mere formality.

problem is, careless people re-use passwords elsewhere like on their email accounts.