|
dogedice.me (OP)
|
 |
October 19, 2018, 05:24:28 PM |
|
BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful.
We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community.
As always, BitDice protects your account by verifying unknown logins to help secure your account.
|
|
|
|
Mirae
Member
 Offline
Activity: 416
Merit: 27
|
|
October 19, 2018, 05:26:57 PM |
|
thats bad to hear
maybe implement a 2fa system ?
|
|
|
|
BoXXoB
Legendary
Offline
Activity: 2018
Merit: 1108
|
|
October 19, 2018, 05:28:11 PM |
|
thats bad to hear
maybe implement a 2fa system ?
We have 2FA and email confirmation on login. Issue wasn't on our end. |
|
|
|
actmyname
Copper Member
Legendary
Offline
Activity: 2562
Merit: 2510
Spear the bees
|
|
October 19, 2018, 05:28:18 PM |
|
thats bad to hear
maybe implement a 2fa system ? Did you happen to read the post? As always, BitDice protects your account by verifying unknown logins to help secure your account. |
|
|
|
Mirae
Member
Offline
Activity: 416
Merit: 27
|
|
October 19, 2018, 05:35:57 PM |
|
thats bad to hear
maybe implement a 2fa system ? Did you happen to read the post? As always, BitDice protects your account by verifying unknown logins to help secure your account. i was talking in general (all gambling websites) |
|
|
|
annuts
Copper Member
Newbie
Offline
Activity: 14
Merit: 0
|
|
October 19, 2018, 05:41:30 PM |
|
They're probably using the various leaks publicly available. Check to see if you're affected here: https://haveibeenpwned.com/ |
|
|
|
|
dantee1
Member
Offline
Activity: 182
Merit: 31
|
|
October 20, 2018, 09:16:08 AM |
|
This is scary. In this industry, some wicked operators are actively trying to undermine other operators business interests. That's not a healthy way to compete.
Spend that useful time to build your customer base, improve in your customer support, make your payouts more efficient, etc. Rather than focusing on undermining other people's business
|
|
|
|
|
s0lidus
Full Member
Offline
Activity: 964
Merit: 121
CryptoGames: Revamped Games, Multiple Coins
|
|
October 20, 2018, 09:58:58 AM |
|
~..snip..~
i was talking in general (all gambling websites)
All known gambling websites have 2FA option afaik, but A LOT of users are either lazy or simply too stupid to enable extra security on their accounts. And many of them use same passwords for all their online profiles. ALWAYS enable 2FA on accounts where money is stored/involved.@OP: Thanks for notifying the community. |
|
|
|
BTCevo
Legendary
Offline
Activity: 1834
Merit: 1008
|
|
October 20, 2018, 12:23:04 PM |
|
thats bad to hear
maybe implement a 2fa system ? Did you happen to read the post? As always, BitDice protects your account by verifying unknown logins to help secure your account. i was talking in general (all gambling websites) But most of the gambling site now are using 2FA, there is no any single site that do not have 2FA protection. If that site exist, I do not think anyone are bothering to play on their site,because 2FA is the best protection for the current time. If it happens your account get be hacked when you already put the 2FA then there must be something wrong with the account because I have this problem before and the result I got hacked some amount on that site |
|
|
|
|
babo
Legendary
Offline
Activity: 3794
Merit: 4589
The hacker spirit breaks any spell
|
|
October 20, 2018, 12:36:01 PM |
|
thats bad to hear
maybe implement a 2fa system ?
2fa, for example fido network, is really easy to implement Is ten rows of code Or can implement another poor method, like time based confirmation |
|
|
|
Patatas
Legendary
Offline
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!
|
|
October 20, 2018, 12:41:44 PM |
|
BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful.
We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community.
As always, BitDice protects your account by verifying unknown logins to help secure your account.
You might as well want to figure out where these email addresses are coming from and inform their respective website owners? Ofcourse it's hard to figure that out but putting it online maybe help service see if majority of them are used in their databases. thats bad to hear
maybe implement a 2fa system ?
As usual, merit beggars being blind as fuck. thats bad to hear
maybe implement a 2fa system ? Did you happen to read the post? As always, BitDice protects your account by verifying unknown logins to help secure your account. He's merit begging, you might as well leave him a negative. Check his merit history. |
|
|
|
|
|
carlfebz2
|
|
October 20, 2018, 01:03:20 PM |
|
thats bad to hear
maybe implement a 2fa system ? Did you happen to read the post? As always, BitDice protects your account by verifying unknown logins to help secure your account. He's merit begging, you might as well leave him a negative. Check his merit history. Still lucky that his still having no -VE yet its obvious on that merit abuse. Checking Dice-bet giving out merits? Back into topic, this is why I don't really use up my main email when using up any websites neither gambling sites or other ones because leakage can happen and also using up different and strong passwords is recommended.We wont able to find out on where those leaks came from. |
|
|
|
veleten
Legendary
Offline
Activity: 2016
Merit: 1107
|
|
October 20, 2018, 02:20:33 PM |
|
BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful.
We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community.
As always, BitDice protects your account by verifying unknown logins to help secure your account.
this has been happening for quite some time my email that is used for registration at some secondary exchanges and casinos has been receiving dozens of failed authorization attempts reports seems like one of the sites has leaked its database or I managed to register at a semi-rogue exchange/casino specifically designed to get cryptousers e-mails and then attempting to bruteforce accounts |
|
|
|
crairezx20
Legendary
Offline
Activity: 1638
Merit: 1046
|
|
October 20, 2018, 02:22:32 PM |
|
It's a bad sign they must be aware of this leak. He's merit begging, you might as well leave him a negative. Check his merit history.
Still lucky that his still having no -VE yet its obvious on that merit abuse. Checking Dice-bet giving out merits? Back into topic, this is why I don't really use up my main email when using up any websites neither gambling sites or other ones because leakage can happen and also using up different and strong passwords is recommended.We wont able to find out on where those leaks came from. A strong password is not enough to protect the account I think 2fa and use a unique password for every gambling site is a good idea and Gmail should have an SMS authentication and a different password to protect their email from brute force. |
|
|
|
|
|
carlfebz2
|
|
October 20, 2018, 02:39:30 PM |
|
It's a bad sign they must be aware of this leak. He's merit begging, you might as well leave him a negative. Check his merit history.
Still lucky that his still having no -VE yet its obvious on that merit abuse. Checking Dice-bet giving out merits? Back into topic, this is why I don't really use up my main email when using up any websites neither gambling sites or other ones because leakage can happen and also using up different and strong passwords is recommended.We wont able to find out on where those leaks came from. A strong password is not enough to protect the account I think 2fa and use a unique password for every gambling site is a good idea and Gmail should have an SMS authentication and a different password to protect their email from brute force. Shouldnt we put that 2fa thing to be a standard security of our accounts? Its easy as 1,2,3 to set it up but people do still fail and they would only realize when its too late. |
|
|
|
|
shield132
|
|
October 21, 2018, 09:28:02 AM |
|
BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful.
We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community.
As always, BitDice protects your account by verifying unknown logins to help secure your account.
Will publishing be a right idea? What about to warn users with leaked emails on your website? Because they may try to spam emails and you may know social engineering still works, especially in older people. I think leak comes from famous bitcoin gambling websites, if you contact some of them and randomly send 10 email or even list, we may possibly know who has problems because not only your but other users will be in trouble too. |
|
|
|
beerlover
Legendary
Offline
Activity: 3066
Merit: 1188
|
|
October 22, 2018, 07:56:42 AM |
|
Considering gambling casinos are also sort of work like wallets (people deposit their money there and sometimes they withdraw but there are times when a gambler just keeps his money in the casino instead of withdrawing all the time) this is actually worse than it looks like. Yeah, someone taking control of your casino account doesn't seem THAT bad when you consider whats the worst thing they can do deposit and gamble ?
But, don't forget they will have your wallet and if you have money in it than they can withdraw it plus they will have your email address and the password for that and if you have password same with any other place they could potentially try that email/password combo in any website, they could literally write a code that says try this email/password combo in all of these websites and let me know if any of them gets inside and it would take 10 seconds to check hundreds of websites.
It is really dangerous and has insane potentially horrible stories. Be really careful about this.
|
| | .
.Duelbits│SPORTS. | | | ▄▄▄███████▄▄▄
▄▄█████████████████▄▄
▄███████████████████████▄
███████████████████████████
█████████████████████████████
███████████████████████████████
███████████████████████████████
███████████████████████████████
█████████████████████████████
███████████████████████████
▀████████████████████████
▀▀███████████████████
██████████████████████████████ | | | | ██
██
██
██
██
██
██
██
██
██
██ | | | | ███▄██▄███▄█▄▄▄▄██▄▄▄██
███▄██▀▄█▄▀███▄██████▄█
█▀███▀██▀████▀████▀▀▀██
██▀ ▀██████████████████
███▄███████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
▀█████████████████████▀
▀▀███████████████▀▀
▀▀▀▀█▀▀▀▀ | | OFFICIAL EUROPEAN
BETTING PARTNER OF
ASTON VILLA FC | | | | ██
██
██
██
██
██
██
██
██
██
██ | | | | 10% CASHBACK
100% MULTICHARGER | │ | | │ |
|
|
|
|
Juggy777
|
|
October 22, 2018, 11:29:10 AM |
|
BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful.
We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community.
As always, BitDice protects your account by verifying unknown logins to help secure your account.
This is sad news and what makes it worst the site has not come clean to it's users which puts their users to more risk. I'll agree with the advice one should use distinct passwords, as we have seen in the past they get one password and they can hurt you a lot financially. It's important to note sites using http or not using ssl is a must avoid these days, also using your password on a public or free wifi is a very bad idea. |
|
|
|
|
eternalgloom
Legendary
Offline
Activity: 1792
Merit: 1283
|
|
October 22, 2018, 11:47:33 AM |
|
People should really be using a decent password manager that creates random strong passwords. Different ones for every site you use. Also, don't just blindly trust 2FA, because there are definitely ways around that (depending on what kind of 2FA the website uses) I can definitely recommend Keepass, which is an awesome open-source password manager. https://keepass.info/2FA with a mobile phone number is insecure and you don't know what they use your phone number for. Just look at what Facebook did with phone numbers it collected for their 2FA, sold them to advertisers... ( source) This article is pretty interesting, it lists all the pros and cons of different 2FA methods: https://www.makeuseof.com/tag/pros-cons-2fa-types-methods/ |
|
|
|
BTCevo
Legendary
Offline
Activity: 1834
Merit: 1008
|
|
October 23, 2018, 03:00:48 PM |
|
People should really be using a decent password manager that creates random strong passwords. Different ones for every site you use. Also, don't just blindly trust 2FA, because there are definitely ways around that (depending on what kind of 2FA the website uses) I can definitely recommend Keepass, which is an awesome open-source password manager. https://keepass.info/2FA with a mobile phone number is insecure and you don't know what they use your phone number for. Just look at what Facebook did with phone numbers it collected for their 2FA, sold them to advertisers... ( source) This article is pretty interesting, it lists all the pros and cons of different 2FA methods: https://www.makeuseof.com/tag/pros-cons-2fa-types-methods/Strong password and 2FA of course needed to make your account secure. But to think that by putting 2FA will make your account insecure, how this thing is possible? Many people already know 2FA and have beend used it for so long and it never has any issue with it and by using keepass it will only give us and extra security towards our account so it is depends on players as well whether they are going to use it or not since not everyone are familiar with coding thing |
|
|
|
|
|
