How did you lost your bitcointalk account?

[TheBeardedBaby]

Every day I see many people complaining how they lost their accounts and want to recover them.
How the hell did you get your account lost/hacked?

We need a guide how to prevent this from happening if there isn't already one/few I'm not aware of.

I know some of the reasons I'm gonna list here:

• First and main reason is the account selling. You buy account from a scammer, he gets the money, you get control over the account and soon he comes here, claiming that his account was hacked and trying to get it back by providing signed proof.
• 2015 hack. About the recent server compromise
• The Secret Question option - if you try to recover you password using the secret question option, your account will be locked for revision from the admins. Thanks to Joel_Jantsen for the input
• Third-party affected software/sites,wallets, fake mobile apps, compromised computers,trojan horses,keyloggers etc.
• Phishing links, like bitcointalk.[to] bitcointallk.[org], or just clicking random faucet links...
• Using weak or the same password on different sites or just email password without additional projection, Thanks to LTU_btc for the input
• Using your account as collateral
• Using Public Wifi Networks/Connections*, thanks to SFR10
• Pure stupidity, like your wife (no offense) has access to the account and to all of your bitcoins....

*Does not affect so much the security as nowadays most of the sites /as bitcointalk/ use HTTPS request and they are encrypted so sniffing them is no use.

Am I missing something here??

Tell me your story.

[Cosette]

How about spyware like keylogger or something like everything that you write, will send to hacker?

But, looks like phishing site is the most common case.

[khufuking]

I always wanted to ask this question but I never did, I know most of ways why people lose there ETH address and exchanges accounts to and I know Bitcointalk accounts will be common with them in phishing sites but there might more ways, any new information will be posted here might be the reason for someone to not lose his account  .

[Joel_Jantsen]

You forgot to mention the most important and the quickest way of losing your account : - * Secret Question. It's common to forget passwords if you're an internet junkie and we often use email as the standard way of resetting them. However, if someone tries to set their passwords through forum's secret question feature, they're locked out of their accounts. Not sure if already done but theymos should really  disable that broken functionality.

[LTU_btc]

I've lost this my account but Cyrus restored it. I would say it was my fault. I used good password, didn't visited phishing websites, but problem was on another place. I used weak password and no 2FA on my email. I've used that email and password to login to various shitty and unclear websites, probably one of these websites just sold their user login database. My email was hacked, then hacker changed my Bitcointalk account password and email. I've noticed it only after few minutes and I locked my account imnediately. Hacker wasn't able to make damage to my account. He also tried to hack my accounts on few exchanges, luckily he wasn't able to do that.

[SFR10]

- 2015 hack. I'll add link later

About the recent server compromise

Am I missing something here??

Apart from your list and what other users posted, there's also "Public Wifi Networks/Connections".
- Here's a useful link: 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity

[TheBeardedBaby]

Updated,
Thank you guys. It's good to learn from each other's mistakes .

[LoyceV]

Apart from your list and what other users posted, there's also "Public Wifi Networks/Connections".
- Here's a useful link: 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity

How can they sniff your packets if the site uses an encrypted connection? Even with a fake DNS, you should at least get a warning from your browser.

[mdayonliner]

How about spyware like keylogger...

@iasenko: I wonder how you did you miss this even after the mention? It's a valid reason.  

===> Keylogger (Keystroke logging) can be an easy way for the hackers to take away your credentials from your device. Always use antivirus if you are not tech savvy.

===> Having easy recognizable password like 12345678 or 123abc etc. A strong password should contain: capital letters, small letters, digits and special symbols like #'"! etc.
i.e: @*b3HLwCA'@pzQPp

PS: I never lost my BitcoinTalk account yet. Above are from experience only.

[TheBeardedBaby]

How about spyware like keylogger...

@iasenko: I wonder how you did you miss this even after the mention? It's a valid reason.  

All those like Trojan horse, keyloggers, etc, go to the 3rd party affected software... updated.

My initial intention was not to make a guide or list here. I just wonder how, all those people here complaining and waiting for account recovery, lost their accounts.
If you keep your security at dissent level and use the "Free Common Sense Internet Security 2018" it should be good enough.

[hugeblack]

I do not know if there is a direct link, but I think that the Bounties (Altcoins) campaigns are one of the reasons for hacking accounts.
A while ago, one of the managers of those campaigns asked me to design a signature and send it to him via e-mail. Now I receive more than ten messages of spam every day.
These campaigns require setting up accounts "creat account which may be near/same to your email/password info," adding your email and other information that will benefit in guessing your password.

[mdayonliner]

~

As clear as crystal 

~

That's why you do not want to use same password in everywhere.

[DdmrDdmr]

I figure that most people won’t know the direct cause for the hacking that took place on their account. They can try nevertheless to second-guess the reason by reviewing their habits. Since recovering a hacked account seems to be such a lengthy process (time wise), it does seem a good idea to try to extract common factors and list them in order to try to mitigate this from happening.

The recovery process does seems way too slow. We know it is not a forum priority to speed up the recovery process at this time, and one should take time to assess his security standards in general, but people do trip, and it would be good to aid them soonish even if they tripped due to their own clumsiness.

[MagicSmoker]

I'm curious as to how so many people lost access to their account as well. This forum is unlike most others (really all others I've ever used) in that there is the potential for earning money simply by posting here, and the amount of money you can earn goes up with your seniority/rank. Hence there are powerful incentives to hack higher ranked accounts, and so one should treat this forum like an online bank or crypto exchange w/r/t passwords and security in general.

I imagine the most likely culprit are those shady mirror (phishing?) sites like bitcointalk . to and bitcointallk . org (modified so as to not trigger the phishing detector). I've clicked on links to both sites while searching for plagiarism and though I didn't go so far as to actually log in, I can easily imagine someone doing just that.

EDIT - fixed names of phishing sites; obviously, don't go to them and for the love of dog don't log in, either!

[DdmrDdmr]

Thanks Sir it vary Informative

Cockamamie (ridiculous or nonsensical)...

[viverra2]

my weird story:
https://bitcointalk.org/index.php?topic=4571407.0

[MagicSmoker]

my weird story:
https://bitcointalk.org/index.php?topic=4571407.0

if by, "weird," you really mean, "totally inapplicable," then sure... Your originally account appears to have been temp-banned after being inactive for 1 year, and back when you were active you were a shitposter by all accounts, so, not really seeing the relevance to the current discussion.

[viverra2]

my weird story:
https://bitcointalk.org/index.php?topic=4571407.0

if by, "weird," you really mean, "totally inapplicable," then sure... Your originally account appears to have been temp-banned after being inactive for 1 year, and back when you were active you were a shitposter by all accounts, so, not really seeing the relevance to the current discussion.

Judging by your posts on the last 3 pages, you are the same "shitposter" as me, about the same level, I'm serious - without sarcasm.
In addition, my question is quite simple, is my account in permaban or not?

[Joel_Jantsen]

Apart from your list and what other users posted, there's also "Public Wifi Networks/Connections".
- Here's a useful link: 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity

How can they sniff your packets if the site uses an encrypted connection?

There are highly advanced packet sniffers which sit on the remote servers and are capable of doing so without logging the traffic. Anyway, packet sniffing wouldn't work here as the only sensitive data involving accounts is the password which is encrypted and stored in the database as a hash. Such data even if accessed by the packet sniffers won't  be in human readable format.

[TheBeardedBaby]

Apart from your list and what other users posted, there's also "Public Wifi Networks/Connections".
- Here's a useful link: 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity

How can they sniff your packets if the site uses an encrypted connection?

There are highly advanced packet sniffers which sit on the remote servers and are capable of doing so without logging the traffic. Anyway, packet sniffing wouldn't work here as the only sensitive data involving accounts is the password which is encrypted and stored in the database as a hash. Such data even if accessed by the packet sniffers won't  be in human readable format.

OK, updated accordingly

edited:

OK, updated accordingly

I'm not a coder or a back-end type of guy but the link that I provided, has other things apart from "Packet Sniffing" and I believe those still apply.

Agree with that, now it should be fine.