Bitcoin Forum
November 15, 2024, 03:08:28 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Potential Gambling Site Leak  (Read 427 times)
dogedice.me (OP)
Hero Member
*****
Offline Offline

Activity: 776
Merit: 522



View Profile WWW
October 19, 2018, 05:24:28 PM
Merited by suchmoon (4), DarkStar_ (2), jossiel (1), stomachgrowls (1), actmyname (1), SyGambler (1), NLNico (1), Mirae (1)
 #1

BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful.

We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community.

As always, BitDice protects your account by verifying unknown logins to help secure your account.

.BitDice.               ▄▄███▄▄
           ▄▄██▀▀ ▄ ▀▀██▄▄
      ▄▄█ ▀▀  ▄▄█████▄▄  ▀▀ █▄▄
  ▄▄██▀▀     ▀▀ █████ ▀▀     ▀▀██▄▄
██▀▀ ▄▄██▀      ▀███▀      ▀██▄▄ ▀▀██
██  ████▄▄       ███       ▄▄████  ██
██  █▀▀████▄▄  ▄█████▄  ▄▄████▀▀█  ██
██  ▀     ▀▀▀███████████▀▀▀     ▀  ██
             ███████████
██  ▄     ▄▄▄███████████▄▄▄     ▄  ██
██  █▄▄████▀▀  ▀█████▀  ▀▀████▄▄█  ██
██  ████▀▀       ███       ▀▀████  ██
██▄▄ ▀▀██▄      ▄███▄      ▄██▀▀ ▄▄██
  ▀▀██▄▄     ▄▄ █████ ▄▄     ▄▄██▀▀
      ▀▀█ ▄▄  ▀▀█████▀▀  ▄▄ █▀▀
           ▀▀██▄▄ ▀ ▄▄██▀▀
               ▀▀███▀▀
        ▄▄███████▄▄
     ▄███████████████▄
    ████▀▀       ▀▀████
   ████▀           ▀████
   ████             ████
   ████ ▄▄▄▄▄▄▄▄▄▄▄ ████
▄█████████████████████████▄
██████████▀▀▀▀▀▀▀██████████
████                   ████
████                   ████
████                   ████
████                   ████
████                   ████
████▄                 ▄████
████████▄▄▄     ▄▄▄████████
  ▀▀▀█████████████████▀▀▀
        ▀▀▀█████▀▀▀
▄▄████████████████████████████████▄▄
██████████████████████████████████████
█████                            █████
█████                            █████
█████                            █████
█████                            █████
█████                     ▄▄▄▄▄▄▄▄▄▄
█████                   ▄█▀▀▀▀▀▀▀▀▀▀█▄
█████                   ██          ██
█████                   ██          ██
█████                   ██          ██
██████████████████▀▀███ ██          ██
 ████████████████▄  ▄██ ██          ██
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██          ██
             ██████████ ██          ██
           ▄███████████ ██████▀▀██████
          █████████████  ▀████▄▄████▀
[/]
Mirae
Member
**
Offline Offline

Activity: 416
Merit: 27


View Profile
October 19, 2018, 05:26:57 PM
 #2

thats bad to hear
maybe implement a 2fa system ?

SCAM ALERT: The Rock Trading Exchange (www.therocktrading.com): Deceives bitcoiners to create unverified accounts, blocks the withdrawals covertly in order to let the user keep depositing money and uses every pretext to keep it blocked "forever".
https://bitcointalk.org/index.php?topic=4975753.0
https://www.coinmedicate.com/the-rock-trading-selective-scam/
BoXXoB
Legendary
*
Offline Offline

Activity: 2018
Merit: 1108



View Profile
October 19, 2018, 05:28:11 PM
 #3

thats bad to hear
maybe implement a 2fa system ?

We have 2FA and email confirmation on login. Issue wasn't on our end.

.
████████████████████████████████████████████████████████
███████████████████████████████████████████████████████
████████████████████████████████████████████████████████
██████████████████████████████████████████████████████
██████████████████████████████████████████████████████
████████████████████████████████████████████████████████
████████████████████████████████████████████████████████
████████████████████████████████████████████████████████
.
⚫︎  ⚫︎  ⚫︎  ⚫︎  ⚫︎
⚫︎  ⚫︎  ⚫︎  ⚫︎  ⚫︎
⚫︎  ⚫︎  ⚫︎  ⚫︎  ⚫︎
.
.
████████████
████████████████████
████████████████████
██
██████████████████████
██
██████████████████████
██
██████████████████████
██
██████████████████████
████████████████████████
██
██████████████████████
██
██████████████████
████████████████████
████████████
|
 UNIQUE 
GAMES
|
 NO 
KYC
|
 WITHDRAW 
IN MINUTES
|
░█▀███████
█▀▀█░░░█████████▀▀█
██░█▄█████████
████████▀█▀█▀██
███████▀▀░▀██
▀▄█████▀█░█▀▄▀
████████
██████
████
████
████
▄▄████████▄▄
██████████████
actmyname
Copper Member
Legendary
*
Offline Offline

Activity: 2562
Merit: 2510


Spear the bees


View Profile WWW
October 19, 2018, 05:28:18 PM
 #4

thats bad to hear
maybe implement a 2fa system ?
Did you happen to read the post?

As always, BitDice protects your account by verifying unknown logins to help secure your account.

Mirae
Member
**
Offline Offline

Activity: 416
Merit: 27


View Profile
October 19, 2018, 05:35:57 PM
 #5

thats bad to hear
maybe implement a 2fa system ?
Did you happen to read the post?

As always, BitDice protects your account by verifying unknown logins to help secure your account.
i was talking in general (all gambling websites)

SCAM ALERT: The Rock Trading Exchange (www.therocktrading.com): Deceives bitcoiners to create unverified accounts, blocks the withdrawals covertly in order to let the user keep depositing money and uses every pretext to keep it blocked "forever".
https://bitcointalk.org/index.php?topic=4975753.0
https://www.coinmedicate.com/the-rock-trading-selective-scam/
annuts
Copper Member
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
October 19, 2018, 05:41:30 PM
 #6

They're probably using the various leaks publicly available.

Check to see if you're affected here:
https://haveibeenpwned.com/
dantee1
Member
**
Offline Offline

Activity: 182
Merit: 31


View Profile
October 20, 2018, 09:16:08 AM
 #7

This is scary. In this industry, some wicked operators are actively trying to undermine other operators business interests. That's not a healthy way to compete.

Spend that useful time to build your customer base, improve in your customer support, make your payouts more efficient, etc. Rather than focusing on undermining other people's business
s0lidus
Full Member
***
Offline Offline

Activity: 964
Merit: 121


CryptoGames: Revamped Games, Multiple Coins


View Profile WWW
October 20, 2018, 09:58:58 AM
 #8

~..snip..~

i was talking in general (all gambling websites)

All known gambling websites have 2FA option afaik, but A LOT of users are either lazy or simply too stupid to enable extra security on their accounts. And many of them use same passwords for all their online profiles.

ALWAYS enable 2FA on accounts where money is stored/involved.



@OP: Thanks for notifying the community.

BTCevo
Legendary
*
Offline Offline

Activity: 1834
Merit: 1008


View Profile
October 20, 2018, 12:23:04 PM
 #9

thats bad to hear
maybe implement a 2fa system ?
Did you happen to read the post?

As always, BitDice protects your account by verifying unknown logins to help secure your account.
i was talking in general (all gambling websites)

But most of the gambling site now are using 2FA, there is no any single site that do not have 2FA protection. If that site exist, I do not think anyone are bothering to play on their site,because 2FA is the best protection for the current time. If it happens your account get be hacked when you already put the 2FA then there must be something wrong with the account because I have this problem before and the result I got hacked some amount on that site
babo
Legendary
*
Offline Offline

Activity: 3794
Merit: 4589


The hacker spirit breaks any spell


View Profile WWW
October 20, 2018, 12:36:01 PM
 #10

thats bad to hear
maybe implement a 2fa system ?

2fa, for example fido network, is really easy to implement
Is ten rows of code

Or can implement another poor method, like time based confirmation

█████████████████████████
██
█████▀▀███████▀▀███████
█████▀░░▄███████▄░░▀█████
██▀░░██████▀░▀████░░▀██
██▀░░▀▀▀████████████░░▀██
██░░█▄████▀▀███▀█████░░██
██░░███▄▄███████▀▀███░░██
██░░█████████████████░░██
██▄░░████▄▄██████▄▄█░░▄██
██▄░░██████▄░░████░░▄██
█████▄░░▀███▌░░▐▀░░▄█████
███████▄▄███████▄▄███████
█████████████████████████
.
.ROOBET 2.0..██████.IIIIIFASTER & SLEEKER.██████.
|

█▄█
▀█▀
████▄▄██████▄▄████
█▄███▀█░░█████░░█▀███▄█
▀█▄▄░▐█████████▌▄▄█▀
██▄▄█████████▄▄████▌
██████▄▄████████
█▀▀████████████████
██████
█████████████
██
█▀▀██████████████
▀▀▀███████████▀▀▀▀
|.
    PLAY NOW    
Patatas
Legendary
*
Offline Offline

Activity: 1750
Merit: 1115

Providing AI/ChatGpt Services - PM!


View Profile
October 20, 2018, 12:41:44 PM
 #11

BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful.

We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community.

As always, BitDice protects your account by verifying unknown logins to help secure your account.
You might as well want to figure out where these email addresses are coming from and inform their respective website owners? Ofcourse it's hard to figure that out but putting it online maybe help service see if majority of them are used in their databases.

thats bad to hear
maybe implement a 2fa system ?
As usual, merit beggars being blind as fuck.

thats bad to hear
maybe implement a 2fa system ?
Did you happen to read the post?

As always, BitDice protects your account by verifying unknown logins to help secure your account.
He's merit begging, you might as well leave him a negative. Check his merit history.
carlfebz2
Hero Member
*****
Offline Offline

Activity: 3122
Merit: 739


DGbet.fun - Crypto Sportsbook


View Profile
October 20, 2018, 01:03:20 PM
 #12

thats bad to hear
maybe implement a 2fa system ?
Did you happen to read the post?

As always, BitDice protects your account by verifying unknown logins to help secure your account.
He's merit begging, you might as well leave him a negative. Check his merit history.
Still lucky that his still having no -VE yet its obvious on that merit abuse. Checking Dice-bet giving out merits?

Back into topic, this is why I don't really use up my main email when using up any websites neither gambling sites or other ones because leakage can happen and also
using up different and strong passwords is recommended.We wont able to find out on where those leaks came from.

veleten
Legendary
*
Offline Offline

Activity: 2016
Merit: 1107



View Profile
October 20, 2018, 02:20:33 PM
 #13

BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful.

We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community.

As always, BitDice protects your account by verifying unknown logins to help secure your account.

this has been happening for quite some time
my email that is used for registration at some secondary exchanges and casinos
has been receiving dozens of failed authorization attempts reports
seems like one of the sites has leaked its database or I managed to register at a semi-rogue exchange/casino
specifically designed to get cryptousers e-mails and then attempting to bruteforce accounts

          ▄▄████▄▄
      ▄▄███▀    ▀███▄▄
   ▄████████▄▄▄▄████████▄
  ▀██████████████████████▀
▐█▄▄ ▀▀████▀    ▀████▀▀ ▄▄██
▐█████▄▄ ▀██▄▄▄▄██▀ ▄▄██▀  █
▐██ ▀████▄▄ ▀██▀ ▄▄████  ▄██
▐██  ███████▄  ▄████████████
▐██  █▌▐█ ▀██  ██████▀  ████
▐██  █▌▐█  ██  █████  ▄█████
 ███▄ ▌▐█  ██  ████████████▀
  ▀▀████▄ ▄██  ██▀  ████▀▀
      ▀▀█████  █  ▄██▀▀
         ▀▀██  ██▀▀
.WINDICE.████
██
██
██
██
██
██
██
██
██
██
██
██
████
      ▄████████▀
     ▄████████
    ▄███████▀
   ▄███████▀
  ▄█████████████
 ▄████████████▀
▄███████████▀
     █████▀
    ████▀
   ████
  ███▀
 ██▀
█▀

██
██
██
██
██
██
██
██
██
██
██
██
     ▄▄█████▄   ▄▄▄▄
    ██████████▄███████▄
  ▄████████████████████▌
 ████████████████████████
▐████████████████████████▌
 ▀██████████████████████▀
     ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
     ▄█     ▄█     ▄█
   ▄██▌   ▄██▌   ▄██▌
   ▀▀▀    ▀▀▀    ▀▀▀
       ▄█     ▄█
     ▄██▌   ▄██▌
     ▀▀▀    ▀▀▀

██
██
██
██
██
██
██
██
██
██
██
██
                   ▄█▄
                 ▄█████▄
                █████████▄
       ▄       ██ ████████▌
     ▄███▄    ▐█▌▐█████████
   ▄███████▄   ██ ▀███████▀
 ▄███████████▄  ▀██▄▄████▀
▐█ ▄███████████    ▀▀▀▀
█ █████████████▌      ▄
█▄▀████████████▌    ▄███▄
▐█▄▀███████████    ▐█▐███▌
 ▀██▄▄▀▀█████▀      ▀█▄█▀
   ▀▀▀███▀▀▀
████
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
████


▄▄████████▄▄
▄████████████████▄
▄████████████████████▄
███████████████▀▀  █████
████████████▀▀      ██████
▐████████▀▀   ▄▄     ██████▌
▐████▀▀    ▄█▀▀     ███████▌
▐████████ █▀        ███████▌
████████ █ ▄███▄   ███████
████████████████▄▄██████
▀████████████████████▀
▀████████████████▀
▀▀████████▀▀
iePlay NoweiI
I
I
I
[/t
crairezx20
Legendary
*
Offline Offline

Activity: 1638
Merit: 1046



View Profile
October 20, 2018, 02:22:32 PM
 #14

It's a bad sign they must be aware of this leak.

He's merit begging, you might as well leave him a negative. Check his merit history.
Still lucky that his still having no -VE yet its obvious on that merit abuse. Checking Dice-bet giving out merits?

Back into topic, this is why I don't really use up my main email when using up any websites neither gambling sites or other ones because leakage can happen and also
using up different and strong passwords is recommended.We wont able to find out on where those leaks came from.
A strong password is not enough to protect the account I think 2fa and use a unique password for every gambling site is a good idea and Gmail should have an SMS authentication and a different password to protect their email from brute force.
carlfebz2
Hero Member
*****
Offline Offline

Activity: 3122
Merit: 739


DGbet.fun - Crypto Sportsbook


View Profile
October 20, 2018, 02:39:30 PM
 #15

It's a bad sign they must be aware of this leak.

He's merit begging, you might as well leave him a negative. Check his merit history.
Still lucky that his still having no -VE yet its obvious on that merit abuse. Checking Dice-bet giving out merits?

Back into topic, this is why I don't really use up my main email when using up any websites neither gambling sites or other ones because leakage can happen and also
using up different and strong passwords is recommended.We wont able to find out on where those leaks came from.
A strong password is not enough to protect the account I think 2fa and use a unique password for every gambling site is a good idea and Gmail should have an SMS authentication and a different password to protect their email from brute force.

Shouldnt we put that 2fa thing to be a standard security of our accounts? Its easy as 1,2,3 to set it up but people do still fail and they would only realize when its too late.

shield132
Hero Member
*****
Offline Offline

Activity: 2408
Merit: 925


Metawin.com - Truly the best casino ever


View Profile
October 21, 2018, 09:28:02 AM
 #16

BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful.

We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community.

As always, BitDice protects your account by verifying unknown logins to help secure your account.
Will publishing be a right idea? What about to warn users with leaked emails on your website? Because they may try to spam emails and you may know social engineering still works, especially in older people.
I think leak comes from famous bitcoin gambling websites, if you contact some of them and randomly send 10 email or even list, we may possibly know who has problems because not only your but other users will be in trouble too.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
beerlover
Legendary
*
Offline Offline

Activity: 3066
Merit: 1188



View Profile
October 22, 2018, 07:56:42 AM
 #17

Considering gambling casinos are also sort of work like wallets (people deposit their money there and sometimes they withdraw but there are times when a gambler just keeps his money in the casino instead of withdrawing all the time) this is actually worse than it looks like. Yeah, someone taking control of your casino account doesn't seem THAT bad when you consider whats the worst thing they can do deposit and gamble ?

But, don't forget they will have your wallet and if you have money in it than they can withdraw it plus they will have your email address and the password for that and if you have password same with any other place they could potentially try that email/password combo in any website, they could literally write a code that says try this email/password combo in all of these websites and let me know if any of them gets inside and it would take 10 seconds to check hundreds of websites.

It is really dangerous and has insane potentially horrible stories. Be really careful about this.

.
.DuelbitsSPORTS.
▄▄▄███████▄▄▄
▄▄█████████████████▄▄
▄██████████████████████▄
██████████████████████████
███████████████████████████
██████████████████████████████
██████████████████████████████
█████████████████████████████
███████████████████████████
█████████████████████████
▀████████████████████████
▀▀███████████████████
██████████████████████████████
██
██
██
██

██
██
██
██

██
██
██
████████▄▄▄▄██▄▄▄██
███▄█▀▄▄▀███▄█████
█████████████▀▀▀██
██▀ ▀██████████████████
███▄███████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
▀█████████████████████▀
▀▀███████████████▀▀
▀▀▀▀█▀▀▀▀
OFFICIAL EUROPEAN
BETTING PARTNER OF
ASTON VILLA FC
██
██
██
██

██
██
██
██

██
██
██
10%   CASHBACK   
          100%   MULTICHARGER   
Juggy777
Hero Member
*****
Offline Offline

Activity: 2646
Merit: 686


View Profile
October 22, 2018, 11:29:10 AM
 #18

BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful.

We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community.

As always, BitDice protects your account by verifying unknown logins to help secure your account.

This is sad news and what makes it worst the site has not come clean to it's users which puts their users to more risk. I'll agree with the advice one should use distinct passwords, as we have seen in the past they get one password and they can hurt you a lot financially. It's important to note sites using http or not using ssl is a must avoid these days, also using your password on a public or free wifi is a very bad idea.
eternalgloom
Legendary
*
Offline Offline

Activity: 1792
Merit: 1283



View Profile WWW
October 22, 2018, 11:47:33 AM
 #19

People should really be using a decent password manager that creates random strong passwords.
Different ones for every site you use. Also, don't just blindly trust 2FA, because there are definitely ways around that (depending on what kind of 2FA the website uses)

I can definitely recommend Keepass, which is an awesome open-source password manager.
https://keepass.info/

2FA with a mobile phone number is insecure and you don't know what they use your phone number for.
Just look at what Facebook did with phone numbers it collected for their 2FA, sold them to advertisers... (source)

This article is pretty interesting, it lists all the pros and cons of different 2FA methods:
https://www.makeuseof.com/tag/pros-cons-2fa-types-methods/

BTCevo
Legendary
*
Offline Offline

Activity: 1834
Merit: 1008


View Profile
October 23, 2018, 03:00:48 PM
 #20

People should really be using a decent password manager that creates random strong passwords.
Different ones for every site you use. Also, don't just blindly trust 2FA, because there are definitely ways around that (depending on what kind of 2FA the website uses)

I can definitely recommend Keepass, which is an awesome open-source password manager.
https://keepass.info/

2FA with a mobile phone number is insecure and you don't know what they use your phone number for.
Just look at what Facebook did with phone numbers it collected for their 2FA, sold them to advertisers... (source)

This article is pretty interesting, it lists all the pros and cons of different 2FA methods:
https://www.makeuseof.com/tag/pros-cons-2fa-types-methods/

Strong password and 2FA of course needed to make your account secure. But to think that by putting 2FA will make your account insecure, how this thing is possible? Many people already know 2FA and have beend used it for so long and it never has any issue with it and by using keepass it will only give us and extra security towards our account so it is depends on players as well whether they are going to use it or not since not everyone are familiar with coding thing
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!