DeathAndTaxes (OP)
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
March 09, 2014, 04:52:47 PM Last edit: March 10, 2014, 04:04:23 AM by DeathAndTaxes |
|
http://www.reddit.com/r/Bitcoin/comments/1zz21j/mtgox_2014_hack_database_revealed_live_from_mark/(oh and the dump is hosted on Mark's blog). WARNING: I haven't verified or scanned the files. It is at least possible they contain malware including the bitcoin stealing kind. BE SMART and take precautions when downloading unknown files from self described hackers. On edit: the exe in the zip file a wallet stealer. Don't run unless you have too many bitcoins and then it will solve that problem for you.
|
|
|
|
Definit
|
|
March 09, 2014, 05:16:41 PM |
|
they just removed his post.
|
|
|
|
Beliathon
|
|
March 09, 2014, 05:24:01 PM |
|
they just removed his post. Well that was fast.
|
|
|
|
Moebius327
|
|
March 09, 2014, 05:25:39 PM Last edit: March 10, 2014, 10:53:36 AM by malevolent |
|
Mod note: be careful with the executable, run it only on an isolated virtual machineFiles are legit. I verified them myself with my account balance. Be careful with .exe and .pdf (didn't take a look at that) Edit: Here is the leak http://pastebin.com/f7DPskc7the hackers removed december, january and february, but the user endbalances are right.
|
|
|
|
dserrano5
Legendary
Offline
Activity: 1974
Merit: 1029
|
|
March 09, 2014, 05:27:43 PM Last edit: March 10, 2014, 10:52:13 AM by malevolent |
|
they just removed his post. Well that was fast. Mod note: be careful with the executable, run it only on an isolated virtual machineCopy: http://pastebin.com/f7DPskc7
|
|
|
|
bitjoint
Sr. Member
Offline
Activity: 333
Merit: 250
Commander of the Hodl Legions
|
|
March 09, 2014, 05:28:08 PM |
|
|
|
|
|
Moebius327
|
|
March 09, 2014, 05:30:33 PM |
|
It seems gox were 450 000 btc short, but still had around 501 000 btc in storage. So this is getting interesting.
|
|
|
|
|
encrypto
Newbie
Offline
Activity: 14
Merit: 0
|
|
March 09, 2014, 05:36:42 PM |
|
UPDATE: Guys on irc confirmed that the dump is legit!!!
*To check your balance, you need your Mtgox USER ID, from your first email of registration at MtGox.
|
|
|
|
broolstoryco
Member
Offline
Activity: 76
Merit: 10
Enemy of the State
|
|
March 09, 2014, 05:59:49 PM |
|
The posts keep disappearing off /r/bitcoin. this is some serious bullshit
|
|
|
|
BitCoinDream
Legendary
Offline
Activity: 2380
Merit: 1209
The revolution will be digital
|
|
March 09, 2014, 06:00:14 PM |
|
Insane !!! How they got access to even Mark's personal blog ?
|
|
|
|
leopard2
Legendary
Offline
Activity: 1372
Merit: 1014
|
|
March 09, 2014, 06:05:12 PM |
|
It seems gox were 450 000 btc short, but still had around 501 000 btc in storage. So this is getting interesting.
so hackers manage to do this piece of bookkeeping in their free time the guys who own Gox had 365 days a year to do it, and never noticed that coins were missing? absolutely fucking ridiculous and it stinks to the moon.
|
Truth is the new hatespeech.
|
|
|
stsbrad
Full Member
Offline
Activity: 168
Merit: 100
Brad Willman, SSCP, LTCP, MCTS,SCE,BCE
|
|
March 09, 2014, 06:08:47 PM |
|
So user data is in the zip? Ugh
|
|
|
|
Taras
Legendary
Offline
Activity: 1386
Merit: 1053
Please do not PM me loan requests!
|
|
March 09, 2014, 06:12:32 PM |
|
I'll proceed to make cool visualizations with this zip.
|
|
|
|
Remember remember the 5th of November
Legendary
Offline
Activity: 1862
Merit: 1011
Reverse engineer from time to time
|
|
March 09, 2014, 06:13:34 PM |
|
So user data is in the zip? Ugh
No sensitive user data, I believe.
|
BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
|
|
|
WindMaster
|
|
March 09, 2014, 06:14:24 PM Last edit: March 09, 2014, 06:41:14 PM by WindMaster |
|
*To check your balance, you need your Mtgox USER ID, from your first email of registration at MtGox.
For anyone curious, here's how to find your balance. For example, my original account creation Email from Gox looks about like this (with some numbers redacted): Welcome to Mt.Gox! Thank you for creating your account with us. Your login: ZZZZZZZ In order to enable your account, you need to enter your validation code on the Mt.Gox website. Your confirmation code: ZZZZZZZZZZZZZZZZ Alternatively you can click on or copy it into your browser via this url: https://mtgox.com/signup/validate?ID=00000000-0000-0000-0000-000000000000&Code=ZZZZZZZZZZZZZZZZ Best regards, The Mt.Gox Team info@mtgox.comhttps://mtgox.com/Note the bolded portion above. I've replaced mine with 0's in the above, but yours will have a UUID-looking string of hexadecimal groups of numbers separated by hyphens. Cross-reference this with the "mtgox_balances" file from the leak. Your user ID will match the "User__" column. I can confirm my BTC balance shown there matches what it was when Gox shut down, so this is recent data and appears to be a legit database dump.
|
|
|
|
WindMaster
|
|
March 09, 2014, 06:17:58 PM |
|
No sensitive user data, I believe.
While true, I'm sufficiently convinced (by checking my own account and BTC balance) that it's a legit database dump, so I'm also convinced Gox was pretty thoroughly owned and it is likely that all data Gox had was compromised. That means everyone's sensitive user data is probably out there *somewhere*, just not necessarily included in this particular set of leaked files.
|
|
|
|
crazynoggin
|
|
March 09, 2014, 06:25:29 PM |
|
While these guys who released the files likely are doing it for the good of the community, there is that possibility that sensitive files are out there and you might want to assume that is the case and do all you can to protect yourself.
|
|
|
|
leopard2
Legendary
Offline
Activity: 1372
Merit: 1014
|
|
March 09, 2014, 06:26:54 PM |
|
Yikes. Sure I would not want to be in M.K.'s shoes these days.
|
Truth is the new hatespeech.
|
|
|
DeathAndTaxes (OP)
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
March 09, 2014, 06:27:19 PM |
|
Since the data seems to have been stolen around the time MtGox shutdown or later the question would be ... why would you keep this information on a webserver if you aren't actively using it anymore?
|
|
|
|
|