Bitcoin Forum
November 05, 2024, 08:13:13 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: How did you lost your bitcointalk account?  (Read 472 times)
TheBeardedBaby (OP)
Legendary
*
Offline Offline

Activity: 2240
Merit: 3150


₿uy / $ell ..oeleo ;(


View Profile
July 01, 2018, 10:35:11 PM
Last edit: July 03, 2018, 07:45:42 AM by iasenko
Merited by khufuking (1)
 #1

Every day I see many people complaining how they lost their accounts and want to recover them.
How the hell did you get your account lost/hacked?

We need a guide how to prevent this from happening if there isn't already one/few I'm not aware of.

I know some of the reasons I'm gonna list here:


  • First and main reason is the account selling. You buy account from a scammer, he gets the money, you get control over the account and soon he comes here, claiming that his account was hacked and trying to get it back by providing signed proof.
  • 2015 hack. About the recent server compromise
  • The Secret Question option - if you try to recover you password using the secret question option, your account will be locked for revision from the admins. Thanks to Joel_Jantsen for the input
  • Third-party affected software/sites,wallets, fake mobile apps, compromised computers,trojan horses,keyloggers etc.
  • Phishing links, like bitcointalk.[to] bitcointallk.[org], or just clicking random faucet links...
  • Using weak or the same password on different sites or just email password without additional projection, Thanks to LTU_btc for the input
  • Using your account as collateral
  • Using Public Wifi Networks/Connections*, thanks to SFR10
  • Pure stupidity, like your wife (no offense) has access to the account and to all of your bitcoins....

*Does not affect so much the security as nowadays most of the sites /as bitcointalk/ use HTTPS request and they are encrypted so sniffing them is no use.

Am I missing something here??

Tell me your story.

Cosette
Member
**
Offline Offline

Activity: 80
Merit: 10

DAMN SON!


View Profile
July 01, 2018, 10:42:10 PM
 #2

How about spyware like keylogger or something like everything that you write, will send to hacker?

But, looks like phishing site is the most common case.

-
khufuking
Sr. Member
****
Offline Offline

Activity: 840
Merit: 266


View Profile
July 01, 2018, 10:54:53 PM
 #3

I always wanted to ask this question but I never did, I know most of ways why people lose there ETH address and exchanges accounts to and I know Bitcointalk accounts will be common with them in phishing sites but there might more ways, any new information will be posted here might be the reason for someone to not lose his account  .
Joel_Jantsen
Legendary
*
Offline Offline

Activity: 2030
Merit: 1324

Get your game girl


View Profile
July 01, 2018, 11:09:39 PM
Merited by Steamtyme (1)
 #4

You forgot to mention the most important and the quickest way of losing your account : - * Secret Question. It's common to forget passwords if you're an internet junkie and we often use email as the standard way of resetting them. However, if someone tries to set their passwords through forum's secret question feature, they're locked out of their accounts. Not sure if already done but theymos should really  disable that broken functionality.
LTU_btc
Legendary
*
Offline Offline

Activity: 3234
Merit: 1375


Slava Ukraini!


View Profile WWW
July 01, 2018, 11:13:06 PM
Merited by Steamtyme (1)
 #5

I've lost this my account but Cyrus restored it. I would say it was my fault. I used good password, didn't visited phishing websites, but problem was on another place. I used weak password and no 2FA on my email. I've used that email and password to login to various shitty and unclear websites, probably one of these websites just sold their user login database. My email was hacked, then hacker changed my Bitcointalk account password and email. I've noticed it only after few minutes and I locked my account imnediately. Hacker wasn't able to make damage to my account. He also tried to hack my accounts on few exchanges, luckily he wasn't able to do that.

SFR10
Legendary
*
Offline Offline

Activity: 3178
Merit: 3528


Crypto Swap Exchange


View Profile WWW
July 02, 2018, 06:08:45 AM
Merited by The Sceptical Chymist (1)
 #6

- 2015 hack. I'll add link later
About the recent server compromise

Am I missing something here??
Apart from your list and what other users posted, there's also "Public Wifi Networks/Connections".
- Here's a useful link: 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
TheBeardedBaby (OP)
Legendary
*
Offline Offline

Activity: 2240
Merit: 3150


₿uy / $ell ..oeleo ;(


View Profile
July 02, 2018, 07:04:43 AM
 #7

Updated,
Thank you guys. It's good to learn from each other's mistakes .

LoyceV
Legendary
*
Offline Offline

Activity: 3486
Merit: 17633


Thick-Skinned Gang Leader and Golden Feather 2021


View Profile WWW
July 02, 2018, 08:03:54 AM
 #8

Apart from your list and what other users posted, there's also "Public Wifi Networks/Connections".
- Here's a useful link: 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity
How can they sniff your packets if the site uses an encrypted connection? Even with a fake DNS, you should at least get a warning from your browser.

▄▄███████████████████▄▄
▄█████████▀█████████████▄
███████████▄▐▀▄██████████
███████▀▀███████▀▀███████
██████▀███▄▄████████████
█████████▐█████████▐█████
█████████▐█████████▐█████
██████████▀███▀███▄██████
████████████████▄▄███████
███████████▄▄▄███████████
█████████████████████████
▀█████▄▄████████████████▀
▀▀███████████████████▀▀
Peach
BTC bitcoin
Buy and Sell
Bitcoin P2P
.
.
▄▄███████▄▄
▄████████
██████▄
▄██
█████████████████▄
▄███████
██████████████▄
███████████████████████
█████████████████████████
████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀

▀▀▀▀███▀▀▀▀
EUROPE | AFRICA
LATIN AMERICA
▄▀▀▀











▀▄▄▄


███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
████████████▀
▐███████████▌
▐███████████▌
████████████▄
██████████████
███▀███▀▀███▀
.
Download on the
App Store
▀▀▀▄











▄▄▄▀
▄▀▀▀











▀▄▄▄


▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀
.
GET IT ON
Google Play
▀▀▀▄











▄▄▄▀
mdayonliner
Copper Member
Sr. Member
****
Offline Offline

Activity: 630
Merit: 420


We are Bitcoin!


View Profile
July 02, 2018, 08:28:32 AM
 #9

How about spyware like keylogger...
@iasenko: I wonder how you did you miss this even after the mention? It's a valid reason.  Smiley

===> Keylogger (Keystroke logging) can be an easy way for the hackers to take away your credentials from your device. Always use antivirus if you are not tech savvy.

===> Having easy recognizable password like 12345678 or 123abc etc. A strong password should contain: capital letters, small letters, digits and special symbols like #'"! etc.
i.e: @*b3HLwCA'@pzQPp

PS: I never lost my BitcoinTalk account yet. Above are from experience only.

Be happy be at peace. Looking forward to BTC at $1M
TheBeardedBaby (OP)
Legendary
*
Offline Offline

Activity: 2240
Merit: 3150


₿uy / $ell ..oeleo ;(


View Profile
July 02, 2018, 09:19:14 AM
Last edit: July 02, 2018, 09:32:19 AM by iasenko
 #10

How about spyware like keylogger...
@iasenko: I wonder how you did you miss this even after the mention? It's a valid reason.  Smiley

All those like Trojan horse, keyloggers, etc, go to the 3rd party affected software... updated.

My initial intention was not to make a guide or list here. I just wonder how, all those people here complaining and waiting for account recovery, lost their accounts.
If you keep your security at dissent level and use the "Free Common Sense Internet Security 2018" it should be good enough.

hugeblack
Legendary
*
Offline Offline

Activity: 2688
Merit: 3960



View Profile WWW
July 02, 2018, 09:26:22 AM
 #11

I do not know if there is a direct link, but I think that the Bounties (Altcoins) campaigns are one of the reasons for hacking accounts.
A while ago, one of the managers of those campaigns asked me to design a signature and send it to him via e-mail. Now I receive more than ten messages of spam every day.
These campaigns require setting up accounts "creat account which may be near/same to your email/password info," adding your email and other information that will benefit in guessing your password.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
mdayonliner
Copper Member
Sr. Member
****
Offline Offline

Activity: 630
Merit: 420


We are Bitcoin!


View Profile
July 02, 2018, 09:52:53 AM
 #12

~
As clear as crystal  Cheesy

~
That's why you do not want to use same password in everywhere.

Be happy be at peace. Looking forward to BTC at $1M
DdmrDdmr
Legendary
*
Offline Offline

Activity: 2492
Merit: 11048


There are lies, damned lies and statistics. MTwain


View Profile WWW
July 02, 2018, 10:00:52 AM
 #13

I figure that most people won’t know the direct cause for the hacking that took place on their account. They can try nevertheless to second-guess the reason by reviewing their habits. Since recovering a hacked account seems to be such a lengthy process (time wise), it does seem a good idea to try to extract common factors and list them in order to try to mitigate this from happening.

The recovery process does seems way too slow. We know it is not a forum priority to speed up the recovery process at this time, and one should take time to assess his security standards in general, but people do trip, and it would be good to aid them soonish even if they tripped due to their own clumsiness.
MagicSmoker
Full Member
***
Offline Offline

Activity: 420
Merit: 184



View Profile
July 02, 2018, 10:56:06 AM
Last edit: July 02, 2018, 01:41:39 PM by MagicSmoker
 #14

I'm curious as to how so many people lost access to their account as well. This forum is unlike most others (really all others I've ever used) in that there is the potential for earning money simply by posting here, and the amount of money you can earn goes up with your seniority/rank. Hence there are powerful incentives to hack higher ranked accounts, and so one should treat this forum like an online bank or crypto exchange w/r/t passwords and security in general.

I imagine the most likely culprit are those shady mirror (phishing?) sites like bitcointalk . to and bitcointallk . org (modified so as to not trigger the phishing detector). I've clicked on links to both sites while searching for plagiarism and though I didn't go so far as to actually log in, I can easily imagine someone doing just that.

EDIT - fixed names of phishing sites; obviously, don't go to them and for the love of dog don't log in, either!

DdmrDdmr
Legendary
*
Offline Offline

Activity: 2492
Merit: 11048


There are lies, damned lies and statistics. MTwain


View Profile WWW
July 02, 2018, 01:14:00 PM
 #15

Thanks Sir it vary Informative
Cockamamie (ridiculous or nonsensical)...
viverra2
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
July 02, 2018, 01:22:33 PM
 #16

my weird story:
https://bitcointalk.org/index.php?topic=4571407.0
MagicSmoker
Full Member
***
Offline Offline

Activity: 420
Merit: 184



View Profile
July 02, 2018, 01:26:30 PM
 #17


if by, "weird," you really mean, "totally inapplicable," then sure... Your originally account appears to have been temp-banned after being inactive for 1 year, and back when you were active you were a shitposter by all accounts, so, not really seeing the relevance to the current discussion.

viverra2
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
July 02, 2018, 01:35:41 PM
 #18


if by, "weird," you really mean, "totally inapplicable," then sure... Your originally account appears to have been temp-banned after being inactive for 1 year, and back when you were active you were a shitposter by all accounts, so, not really seeing the relevance to the current discussion.


Judging by your posts on the last 3 pages, you are the same "shitposter" as me, about the same level, I'm serious - without sarcasm.
In addition, my question is quite simple, is my account in permaban or not?
Joel_Jantsen
Legendary
*
Offline Offline

Activity: 2030
Merit: 1324

Get your game girl


View Profile
July 02, 2018, 11:40:18 PM
 #19

Apart from your list and what other users posted, there's also "Public Wifi Networks/Connections".
- Here's a useful link: 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity
How can they sniff your packets if the site uses an encrypted connection?
There are highly advanced packet sniffers which sit on the remote servers and are capable of doing so without logging the traffic. Anyway, packet sniffing wouldn't work here as the only sensitive data involving accounts is the password which is encrypted and stored in the database as a hash. Such data even if accessed by the packet sniffers won't  be in human readable format.
TheBeardedBaby (OP)
Legendary
*
Offline Offline

Activity: 2240
Merit: 3150


₿uy / $ell ..oeleo ;(


View Profile
July 03, 2018, 07:17:07 AM
Last edit: July 03, 2018, 07:46:38 AM by iasenko
 #20

Apart from your list and what other users posted, there's also "Public Wifi Networks/Connections".
- Here's a useful link: 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity
How can they sniff your packets if the site uses an encrypted connection?
There are highly advanced packet sniffers which sit on the remote servers and are capable of doing so without logging the traffic. Anyway, packet sniffing wouldn't work here as the only sensitive data involving accounts is the password which is encrypted and stored in the database as a hash. Such data even if accessed by the packet sniffers won't  be in human readable format.

OK, updated accordingly Wink

edited:
OK, updated accordingly Wink
I'm not a coder or a back-end type of guy but the link that I provided, has other things apart from "Packet Sniffing" and I believe those still apply.
Agree with that, now it should be fine.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!